The Stellar network is a decentralised peer-to-peer network of validator nodes. These nodes run the Stellar Core software that validates incoming transactions and applies them to the last ledger to form the next one. For reaching global consensus with other nodes Stellar Core runs the Stellar Consensus Protocol (SCP). In contrast to proof-of-work-based blockchains (e.g., Bitcoin), SCP does not consume enormous amounts of energy. Instead, each validator node explicitly defines sets of other nodes that it needs to agree with. These sets are called quorum slices and when you look at the quorum slices of all validator nodes they define a global network of trust relationships between these nodes. Every five seconds the validator nodes hold a vote in this global network about which transactions are applied to the current ledger. For avoiding ledger forks (safety) and for guaranteeing a functioning network (liveness) each validator node must choose its quorum slices carefully.The issue: centralised quorum slices
A couple of months ago, the Stellar network was very centralised. The three nodes of the Stellar Development Foundation (SDF) were the only nodes commonly contained in the quorum slices of almost all other nodes. For example, the quorum slices of the SatoshiPay DE node were defined as four out of the following nodes:
This means that an outage of all SDF nodes or a network disruption between SatoshiPay and SDF would have brought our nodes to a halt. Other nodes were configured similarly with a strong reliance on the SDF nodes — including the SDF nodes themselves. The situation was also described here recently.Joint community effort
If nodes come to a halt, then this is fine from a safety point of view because we don’t end up with ledger forks. However, a halted network is of use to nobody. The way to prevent this is clear and was the goal of the Stellar network right f...