Dusk’s security model is built on a simple principle: network safety depends not just on cryptography, but on how stake is distributed and behaves over time. Unlike basic proof-of-stake systems that assume validators are either honest or malicious in the abstract, Dusk’s provisioner system explicitly considers different categories of stake to reason about consensus safety.
The protocol conceptually divides stake to understand network behavior under adversarial conditions. The total active stake represents all @Dusk currently eligible to participate in block production and validation. Within this active set, stake is modeled as either honest (provisioners following protocol rules) or Byzantine (provisioners who may act maliciously, collude, or disrupt consensus).
This distinction matters because security isn’t about eliminating malicious actors—it’s about ensuring they cannot gain enough influence to compromise safety or liveness. Dusk is designed so that as long as honest stake exceeds Byzantine stake by a defined threshold, correct block agreement and finality are guaranteed. The system does not need to identify individual actors; it only relies on the economic reality that controlling a majority of stake is prohibitively expensive.
Importantly, these categories exist only in the theoretical security model. On the live network, no provisioner is labeled honest or Byzantine. All provisioners are treated the same, and security is enforced via cryptographic proofs, randomized committee selection, and economic incentives. This separation between theory and implementation allows formal security reasoning without introducing trust or identity assumptions into the protocol.
Eligibility windows further reinforce security. Stake must be committed for fixed periods, after which it expires. This limits long-term attack strategies and prevents dormant stake from quietly accumulating influence. By enforcing clear entry and exit rules, Dusk ensures that security assumptions remain valid over time.
Committee-based participation adds another layer of protection. Even if an attacker controls a portion of stake, they must be selected into the right committee at the right time to cause damage. Committee selection is randomized and private, making attacks probabilistic rather than deterministic, which increases both cost and uncertainty for adversaries.
Overall, these assumptions allow Dusk to achieve fast, irreversible finality without exposing validators or relying on centralized oversight. The protocol doesn’t detect malicious intent directly; instead, it assumes rational economic behavior and structures incentives so honest participation is always more profitable than attacking the network.
Stake-based security in $DUSK is grounded not in trust, but in measurable economic limits and statistical guarantees. By modeling honest and Byzantine stake at the theoretical level while enforcing neutrality at the protocol level, #Dusk delivers a consensus system that is both robust against attacks and practical for real-world financial applications.
