file icon

What do security, safety and liveness mean?

Security in information systems is often described as being composed of three things:

- Confidentiality - whether data is kept private to only those that are authorized to see it. 

- Integrity - whether data is complete, accurate, and valid.

- Availability - whether systems and data can be accessed or transacted with when needed.

In blockchain or DLT systems, confidentiality is generally not possible, given that these are often public ledgers. Confidentiality comes from pseudonymity, i.e., while the transactions are public, the holders of the accounts are not. 

This leaves us with integrity and availability. For blockchains and DLTs, these translate broadly to the concepts of “safety” and “liveness”, respectively, although this is a generalization.

Specifically, “safety” can be thought of as nothing incorrect ever happening; and “liveness” can be thought of as the correct thing always eventually happening.

For example:

- Suppose a consensus protocol is configured in such a way that nodes can get “stuck” in an infinite loop and are never able to recover from a disagreement. In that case. that protocol is not adequate in supporting the liveness of the network. As the network is stuck, something correct will never eventually happen. This network is therefore not secure, as it cannot recover from what’s called a “liveness break” - it is unavailable.

- Conversely, suppose a consensus protocol has a loophole that allows a node to convince a majority of other nodes’ vote weight to process an invalid transaction, such as a “double spend”. In that case, we have a safety issue, as a token could be spent twice, and the majority of the network agreed with it. Something incorrect therefore happened, and so again, this network is not secure - the integrity of its ledger was compromised.

It has actually been mathematically proven that, essentially, for any realistic network, it is impossible to perfectly guarantee safety and liveness at the same time under all conditions! However, a well-designed network limits these conditions to extremely unlikely, economically infeasible, or practically unachievable conditions – and itis able to detect, eliminate, and recover from any problems even in these edge cases. This includes many complex issues of consensus design, as well as providing strong Sybil attack resistance.

Further reading: