(This post is part of the Understanding GHOSTDAG series)

1. Can you devise a BFT algorithm that is secure against one out of seven malicious actors but can be disrupted by two colluding malicious actors?

2. Why did I choose the number seven in the previous question?

3. Fill in the details in the proof of PSL's algorithm for the case n=4.

4. * Use the previous exercise as a base case to prove the correctness of the general algorithm by induction.

5. A Sybil resistance method is called linear if the amount of resources it requires is proportional to the number of votes obtained. For example, PoW has linear Sybil resistance, because the probability to choose the next block is proportional to the miner's fraction of the global hash rate. A method is better than linear if the price of each vote increases as you purchase more votes. For example, a voter registry is in many cases arguably better than linear because it is unfeasible for most people to obtain more than one, and for any person to obtain a large fraction of the votes. Can a permissionless Sybil resistance be better than linear?

6. * The SHA-256 is not really a random oracle, it can be distinguished from a random oracle because it is susceptible to "length extension attack". Read about this (for example, Boneh and Shoup’s open access Graduate Course in Applied Cryptography, section 8.7), understand the attack, and explain why is it not a concern when using SHA256 for Sybilnes.

7. What would be the consequences of trying to impose deterministic finality on a PoW blockchain by prohibiting reorgs of some shallow depth (say, an hour)?

8. Can you solve the rich-get-richer problem by using diminishing returns? That is, make the reward increase more slowly as the amount of money someone stakes increases (for example, let the vote be proportional to the square root of the amount of coins staked).