Driving adoption of permissionless money and tech

DPoAFS: A New Blockchain Governance Idea

DPoAFS: A New Blockchain Governance Idea

I’ve been thinking a lot on long flights about the optimal governance mechanism for blockchain networks.

The current mechanisms work decently well, but still have some vectors to be gamed, or may under-represent the most committed stakeholders in the ecosystem.

Here are some thoughts on how to potentially address or mitigate that.

Consensus/Governance Mechanism Criteria

First, let’s define what we’re even trying to do here.

We’re trying to get the best mechanism for deciding things in a decentralized, permissionless blockchain network. Technically we’re looking for a governance mechanism, but I think it’s useful to model it after a consensus mechanism.

After all, if you’re trusting certain actors to determine which transactions on the network are valid, it makes sense to build decisions on the direction of the network off of the same group of people.

Let’s define what a consensus mechanism is supposed to do:

1: Represent Network Stakeholders

Most importantly, a consensus mechanism should be based off of alignment with the network’s interests. It should accurately represent stakeholders.

Basically, the people using, building, and investing in the network should be trusted to secure it, and make governance decisions, rather than some outside group that doesn’t have anything to lose if they destroy it rather than steward it.

This seems very basic and logical, but you’d be surprised how few follow the logic when making these sorts of decisions on governance structures.

2: Anti-Sybil Protection

The second main element is to protect against Sybil attacks, meaning, if someone just fakes being a network participant in order to cheat the system.

Decentralized blockchains inherently can’t determine deterministically who is or isn’t a person without employing some kind of permissioned criteria, which would defeat the whole purpose. Without this, though, something like running a node can be faked by a single actor spinning up countless nodes to trick the system. These mechanisms prevent that.

Really, everything I’m describing here isn’t technically a consensus mechanism, but an anti-Sybil mechanism. However, these are so often lumped together today that I don’t feel it useful to make the distinction.

The Main Consensus Mechanisms

While there are countless consensus mechanism variations out there, they almost all end up being some kind of a variation, or combination, of the three big ones listed below.

1: Proof-of-Work

Proof-of-work (PoW) basically gives weight to whoever puts the most computing power behind the network, according to specific algorithms. Essentially, who can solve complex math puzzles the best.

PoW works well for early coin distribution, and is great in the early days at inviting in new participants. It also works great as an objective, difficult to game measure of participation: work. Miners objectively put work and resources into the network. At the very least it’s proof-of-electricity-spend, and potentially also proof-of-ASIC. In most cases a combination of both.

Particularly when ASICs are involved, it works well as an anti-Sybil mechanism. However, I would argue it doesn’t work very well with network alignment. In a system with ASICs there is a level of alignment because of the sunk costs of the machines themselves, but without ASICs there’s no reason to have any loyalty to the network: miners mine when profitable, and mine elsewhere when not.

2: Proof-of-Stake

Proof-of-stake (PoS) (and its variants) is fairly simple: validators need to own a certain number of coins in order to participate in consensus. They need to be financially invested in the network in order to run it and participate in governance decisions.

PoS works well as an anti-Sybil mechanism, because there are only so many coins on the network, and any additional coins must be bought from existing holders, making a successful attack cost-prohibitive. It’s also very aligned with the network’s interests: holders/stakers have a lot to gain from the network doing well, and a lot to lose from it doing poorly.

There are many variants of PoS, from delegated to open-representative voting (ORV) such as Nano uses, but the main concept is the same: ownership over the network’s coins equals consensus and governance rights.

3: Proof-of-Authority

Proof-of-authority (PoA) isn’t really a traditional mechanism, but it exists so often in so-called decentralized blockchains that we should mention it. Basically, it’s centralization: some fixed actor decides everything.

Overwhelmingly, any consensus mechanism that isn’t a variant on PoW or PoS is actually PoA. Arguably, PoA aligns very well in centralized systems, but as soon as you get a diversified investor and user base, it doesn’t. Its alignment, if it ever has any, is coincidental, not built-in.

Why PoW and PoA Don’t Fully Align

This may be a controversial statement, but of the above, PoS is the only truly aligned consensus or governance mechanism.

PoA can have absolutely no alignment if the network’s investors, users, etc. don’t have any network authority. The authority can easily make decisions that are detrimental to the entire network without direct personal consequence. And, of course, it’s not decentralized or permissionless, which in my opinion completely voids the point of using a blockchain system.

PoW in ASIC-resistant ecosystems has no direct alignment between miners and the network: miners mine when profitable, then mine elsewhere (or not at all) when not. If the network is destroyed, they don’t necessarily care. In ASIC ecosystems there is a certain alignment in that their machines can’t be used elsewhere, unless, of course, you have a multi-coin ecosystem on the same algorithm. Then, miners are loyal to one of the chains they can mine, but not one specific chain. Their alignment can be broken the second a new profitable chain appears.

Mining is also inefficient in that work produced is arbitrary, and serves no purpose for the network other than as an anti-Sybil mechanism. With PoS, stakers acquire part of the coin’s supply, which is itself an integral part of the network. The coins have use for the network’s main goal. Mining hashrate is arbitrary electrical spend that does not benefit or align with the network unless it explicitly is made to. You can use staked coins for many other purposes on the network, you can’t use hashrate for anything other than mining.

Mining is essentially a very expensive anti-Sybil mechanism with external value alignments. Every cent spent on mining infrastructure, and mining itself, can in theory not benefit the network at all, and miners can easily have zero concern for the health or benefit of the network, apart from their desire to make money in the present configuration… which could change at any time due to market conditions, a more profitable chain coming on the algorithm, etc.

Ironically, unprofitable mining is actually in network alignment. If you mine unprofitably, you’re spending money for the benefit of the network alone. We see this during hash wars such as the Bitcoin Cash vs. Bitcoin SV or the Qubic attack on Monero, where miners have come up to defend the network by mining at a loss. In a weird way, this is almost like PoS, but proof of a stake that they no longer have (since they spent it on electricity). This works nicely with the next section.

I also will do a separate article at some point on fixing mining alignment.

DPoAFS: Representing Spent Stake

Even though PoS comes closest in alignment, it can still be lacking in some areas. Whether an exchange or a new whale, a new entrant could still come in, swing a governance vote, then sell before the fallout causes them to lose too much money. Or, stakers can simply take governance actions that benefit themselves, but do not benefit the intended users of the network.

The issue is, with PoS, we only represent current users who have acquired stake in the network, but have not yet done anything active with it. Consider two users: both buy 1,000 units of the currency, but user A holds all of it, and user B spends 200 of it using the network. Both have contributed the same amount to the network, though B arguably has done more as they have actually powered the network and its sustainability instead of passively holding. Both have the same stake, but one “donated” it to the network, while the other has not. In my opinion, for governance votes, we should count both.

As such, I suggest exploring a delegated proof-of-aggregate-fee-spend (DPoAFS) mechanism.

Total fees spent by a wallet are counted daily or at regular intervals, and that total amount is then multiplied by the number of intervals (like a reverse-mean) in order to reach a score. The maximum score for the whole network at each interval is capped, so a massive fee spend on a particular day can only have so much influence. The wallet can then delegate this score to a staked validator, which amplifies that validator’s weight in governance votes.

Total fee spend for the whole network is tallied at each interval, and each wallet is assigned a score at each interval relative to their contribution to it, if any.

For example, user A transacts daily for a year, spending $1 total each day. They spend a total of $365. User B spends 1 cent each day, and on the final day spends $361.36 in a single transaction. User C splits their funds into 365 wallets and spends $1 from each all on one day, for a total spend of $365. They all then delegate to their favorite validator.

Even though they all ended up spending the same total, user A has the highest score, because they participated in the most days at a consistent level. User B comes in second because, although they spend the same total amount and on the same number of days, the amount a single day’s fee spend can count is capped. User C has the lowest score because, although they tried to fake being a bunch of different users (and thus clock the same number of $1 spends as user A), the single-day fee spend cap applies to the whole network, not a single wallet.

Why Delegated?

Counting fee expenditures is a great way to calculate how much someone has invested in the network in the past, but it may not apply to today. Someone could be a faithful user for many years, then become disillusioned and sell all their coins, but still have a significant past fee spend built up.

By delegating to current, present-day stakers, you balance the weight of past and current contributions, with an obvious bias towards the present (since a staker can vote without delegation, but a delegate can’t vote without stake).

Another Amplifier: “Real PoW” or Uptime

Finally, we can add another governance amplifier: uptime.

Nodes that have a long history of uptime can have their votes amplified over a validator that just came on the network, or which didn’t provide consistent or good service. In Dash there’s already a “proof-of-service (PoSe) score” based on this, with PoSe bans affecting nodes that don’t provide good enough uptime and specs.

This is “real PoW”: proof of valuable work contributed to the network over time. In contrast, traditional PoW is proof of work done that doesn’t directly contribute value to the network, but rather is arbitrarily prescribed value. By uniting stake, fee spend, and uptime, we can represent essentially all the objectively valuable contributions to a blockchain network, apart from development, which is already more than well-represented by creating the code that the network itself runs on.

A validator with a strong history of uptime and many long-time fee-spending users delegating to them would be able to have their voting power doubled, but no more.

How Can This Be Gamed?

Every decentralized system in the world can be gamed. This is due to the base reality that, without a centralized authority dictating outcomes, any actor playing by the rules of the system can be considered a “legitimate” actor.

A decentralized system is considered good if rule-following results in outcomes the designers of the system believe are good, while if they don’t, we can consider it a poorly-designed system. Essentially, if someone tries to game the system, they have to do what we’d want them to be doing anyway in order to do it.

The way to game DPoAFS is relatively straightforward: spend significant total transaction fees daily over a long period of time, buy stake enough to run validators, and run them with consistent uptime over a long period of time as well. And do this in a way (such as splitting spends among wallets and randomizing behavior) that doesn’t set off alarm bells that someone is gearing up to attack the network months or years down the line.

In other words, the way to game the system is simply to become an ideal network participant and spend considerable resources and time doing so. Or, they could convince as many users as possible to delegate their fee spend history to support them. At that point, an attacker essentially has to become the network and its users, and then embark on a suicide mission to destroy itself.

And yes, this system can favor incumbents. However, it isn’t an insurmountable obstacle. If there are 1,000 validators and new entrants have 600, the 400 under incumbent control would have the equivalent votes of 800 validators, therefore winning a contest. However, if new entrants have 700 and incumbents have 300, the incumbents would only have the equivalent vote of 600 and would therefore lose. Not to mention, if the interests of the incumbents are misaligned with those of users, those users can delegate their weight to new entrants instead.

Note on Privacy

In a fully-transparent system, the political game of who to bribe or which wallets to attempt to hack becomes much more apparent.

But in private systems (either encrypted or even to a certain extent UTXO systems with infrequent address reuse), it isn’t apparent from observing the blockchain who has spent what. Users can prove voting weight and delegate without revealing who they are or how much they have, which introduces significantly less complexity to the politics of the system.

No system is perfect, and no truly decentralized system can guarantee that bad actors can’t end up with control over said system. But by including the input from all actors with a significant stake and contribution to the network, I believe we can make sure the system produces the best, most-aligned outcomes.

DPoAFS may just get us closer to this goal.

Posted Using INLEO

About The Author

Joël Valenzuela is a veteran independent journalist and blockchain technology educator and consultant, living off cryptocurrency since 2015. He creates content for the Digital Cash Network and writes for Human Events, and previously worked for the Dash decentralized autonomous organization. He is a mover to New Hampshire for the Free State Project.

Contact

Leave a Reply

Your email address will not be published. Required fields are marked *


Fatal error: Uncaught Error: Cannot use object of type WP_Error as array in /home/u973344303/domains/descentr.net/public_html/wp-content/plugins/tailpress/src/CssCache.php:55 Stack trace: #0 /home/u973344303/domains/descentr.net/public_html/wp-content/plugins/tailpress/src/Cache.php(89): FreshBrewedWeb\Tailpress\CssCache->save() #1 /home/u973344303/domains/descentr.net/public_html/wp-content/plugins/tailpress/src/Plugin.php(55): FreshBrewedWeb\Tailpress\Cache->run() #2 [internal function]: FreshBrewedWeb\Tailpress\Plugin->FreshBrewedWeb\Tailpress\{closure}() #3 /home/u973344303/domains/descentr.net/public_html/wp-content/plugins/tailpress/src/Plugin.php(63): ob_end_flush() #4 /home/u973344303/domains/descentr.net/public_html/wp-includes/class-wp-hook.php(324): FreshBrewedWeb\Tailpress\Plugin->FreshBrewedWeb\Tailpress\{closure}() #5 /home/u973344303/domains/descentr.net/public_html/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters() #6 /home/u973344303/domains/descentr.net/public_html/wp-includes/plugin.php(517): WP_Hook->do_action() #7 /home/u973344303/domains/descentr.net/public_html/wp-includes/load.php(1270): do_action() #8 [internal function]: shutdown_action_hook() #9 {main} thrown in /home/u973344303/domains/descentr.net/public_html/wp-content/plugins/tailpress/src/CssCache.php on line 55