How can we trust that an output is the result of a derivation despite build non-determinism?
a) a sealed cryptographic commitment scheme verified in parallel
build non-determinism prevents slashing for different results
since someone might have published their build result previously, the dominant strategy is to take that result and claim to have verified it without doing any work. this can be mitigated by proof-of-build, by making build logs available that are unlikely to be useful for anything but proving that the build was performed. this requires human intervention to review the build logs.
b) voting
deterministic builds only have one candidate.
vote results are going to be based on who proposed the result, not on what the result is. this results in a single point of failure, which we are trying to avoid
c) validators and challangers
validators stake a large sum
a build that is provably deterministic is submitted by a challanger to random validators
the proof-of-determinism can be used to claim the stake of a validator
this does not prevent validators from being selective about the binaries they build. The possibility exists of using side channels to infer that a derivation is not a challange as described in #2
How can we trust that an output is the result of a derivation despite build non-determinism?
a) a sealed cryptographic commitment scheme verified in parallel
b) voting
c) validators and challangers