Building a distributed network consensus is hard
Decentralization and security of any network consensus are key requirements for building a cryptocurrency. Network consensus is a digital process with many participants. Participants live in the physical world and they can behave rationally or irrationally regarding the best interests of the protocol. A protocol can incentivize the rational behavior of participants but it cannot fully prevent irrational one. Participants are economically rewarded for rational behavior but the question is whether it is necessary to punish participants for irrational behavior.
Irrational behavior poses a potential threat to a protocol since it might face difficulties during making the network consensus. We can divide participants into rational and irrational ones (honest and dishonest ones). Participants need to have consensual power that is distributed unequally. In the PoS networks, participants need to buy tokens on the open market. The higher number of coins a given participant holds the higher consensual power she has for disposal.
The protocol will be in the hands of rational participants when they hold a higher stake. In this case, a high level of security is ensured. It can be said that rational and irrational participants fight for having a higher stake. Once a single irrational participant (or a group of them) holds a higher stake than all rational participants then she becomes a dictator with absolute power regarding the network consensus.
At the moment of writing, ~71% of ADA coins, that are in circulation, are used for staking. It is ~23,000,000,000 ADA coins. An irrational participant would need to hold more than 11,500,000,000 ADA coins to have dominance in the network consensus.
So far, we have talked mainly about the short-term security of the network consensus but it is not the only aspect that must be considered. The protocol must remain secure in the long-term. It means that the security budget must be considered in the long-term perspective to ensure that the protocol will have sufficient resources for rewarding rational participants in the next few decades. Moreover, not only security but also a high level of decentralization must be ensured.
In theory, a protocol can ensure a high level of security even in the case that there is only a single dictator. However, it holds true only in the case that the dictator will act rationally. It cannot be ensured in the physical world and hence we want to avoid this situation. A low number of participants is also an unwanted situation since they might collude and start acting dishonestly. Thus, only a high level of decentralization can ensure a high level of security. In other words, a protocol must be resilient to external attacks (a rich participant) but also to internal ones (collusion).
Is the punishing of malicious participants necessary?
To answer the question of whether it is necessary to punish irrational participants is broad and it depends on many factors. It is not only the security question but it is also about the decentralization level and long-term sustainability of both these qualities. It is hard to achieve that.
Teams have to make tough design decisions when considering PoW or PoS consensus. PoS consensus must deal with well-described attacks for example with nothing at stake or grinding attacks. It is cheap to create a new block in the PoS network so it is easy to create alternative blocks. Thus, more versions can exist at the same moment and the protocol must have defined rules for chain selection. In many PoS implementations, the history of blockchain can be used as a source of randomness during the process of electing a node that will get the right to produce a new block. The protocol must prevent dishonest participants from manipulating the randomness mechanism otherwise they could trick the election process in a way that they would be always elected.
In contrast with the dominant PoW consensus, there are more PoS concepts that deal with these problems differently. Some teams believe that they need to introduce a punishment mechanism and penalize dishonest participants when they play against the protocol. A protocol usually freeze staked coins of participants for a defined period. When malicious behavior is observed by other nodes the malicious node is penalized by deducing a certain amount of coins. This process is called slashing.
Slashing is a mechanism that forces rational participants to follow the rules of the protocol. Irrational participants are aware that malicious behavior is penalized so they are directly economically discouraged from doing so. From the protocol’s perspective, it seems to be smart to decrease the consensual power of malicious participants by slashing. It can be ensured that irrational participants playing intentionally against the protocol will be economically drained.
In the case of Bitcoin, practice preceded the formal theory and modeling. The IOHK team decided to do it the other way round. They wanted to do academic research in the field of game theory and formal theory before they started to implement the protocol. An incentive model was considered and a unique reward sharing scheme was proposed. The reward-sharing scheme promotes the fair formation of stake pools and welcomes as many participants as possible in the PoS network. The IOHK team mathematically proved that all security assumptions are correct and used the results of research before the protocol was implemented and deployed in the main-net. One of the results of the research is the fact that penalization of malicious participants is unnecessary under the condition that the desired number of pools come into existence and they are in a Nash equilibrium. Let’s have a short look at the Nash equilibrium theory before we will continue.
Incentive models are built based on game theory. Game theory is about studying strategic interactions among people that are to make a strategic decision. Interactions can be mathematically modeled and analyzed. Game theory is applicable in many fields like social science, logic systems, computer science, etc.
Nash equilibrium is used for modeling and defining the solution in a game where players do not cooperate together. The game can involve two or more players. In a Nash equilibrium, each player is assumed to know the equilibrium strategies of the other players and no player has anything to gain by changing only their own strategy.
Each player needs to choose a strategy and action plan. It is mostly based on events that have happened so far in the game. The point is that no player can increase their own profit by changing the strategy while the other players keep their strategy unchanged. The set of strategies of the players constitutes a Nash equilibrium. In other words, it is economically rational to keep the winning strategy and not deviate much. Significant deviation could be considered irrational behavior regardless of whether it was intentional or not.
Imagine that we have two players. Alice and Bob need to choose a strategy. Alice picks strategy A and Bob picks strategy B. A Nash equilibrium is achieved when Alice has no better available strategy than A to maximize her profit in response to Bob and his chosen strategy B. Bob also needs to choose a winning strategy and he picked B. Bob has no better available strategy than B to maximize his profit in response to Alice and her chosen strategy. Keeping the equilibrium is the best strategy for both players regarding profit.
It works in the same way when there are more players. If Carol and Dan join the game with their strategies C and D then a Nash equilibrium is achieved when strategy A is the best pick for Alice to respond to strategies B, C, and D. The same principle can be analogically applied to all players.
Game theory is well suited for modeling the behavior of participants that operate nodes in a decentralized network. In the case of Cardano, game theorists used Nash equilibrium to analyze the outcome of the strategic interaction of several pool operators and their members. The outcome of each decision-maker depends on the decisions of the others. Cardano is a global decentralized network. Thus pool operators and members of pools cannot predict the behavior of others. Each decision is made upon a limited set of information. If Alice is a pool operator then she can just predict which decision will be made by Bob. However, Alice cannot be certain. Alice can think about thinking of other participants and she can make some rational decisions regarding her strategy. Alice can expect that all other pool operators will behave rationally. The same can be said about delegators. It is smart to expect rational behavior since participants strive to maximize their profits. It is thus easy for Alice to make her decision since she knows what others can take into consideration and can predict their behavior.
Reward sharing scheme
The Ouroboros PoS protocol can interact with people living in the physical world only via incentives. The protocol knows what is in its best interest regarding security and decentralization. People know what is in their best interests regarding rewards. Thus, the interest of the protocol and participants can be aligned.
Cardano uses a reward-sharing scheme that promotes the fair distribution of rewards in the environment with a large number of stakeholders with different roles. In the Cardano network, pools are responsible for block production. Other stakeholders, called delegators, can join the pool. A pool can be perceived as one of many small companies. The pool operator is a manager and delegators are employees. The consensual power of the pools usually consists of the stake of the pool operators and many stakes of employees.
The incentive mechanism can be parametrized to reach the desired number of pools. The base idea is that when participants are properly incentivized then a Nash equilibrium will be reached based on their rational and honest behavior. The goal of the incentive mechanism is to flourish a high level of decentralization and security. A number of attacks must be mitigated, for example, censorship of transactions, Sybil attack, the dominance of a single participant. These qualities must be achieved concurrently with the high efficiency of the protocol.
Cardano’s reward-sharing scheme works in a way that it rewards both pool operators and also delegators. The protocol makes regular snapshots of participants and it serves as an input for rewarding. The protocol firstly provides a higher reward to pool operators for their service. Secondly, all delegators are also rewarded. The Cardano ecosystem is very inclusive. The small pools can receive similar proportional rewards as big pools. At the same time, there is an upper bound that limits the size of pools. Once a pool reaches the upper bound the reward is cut. Thus, an entity with a big stake is forced to create more pools instead of having just one. The new smaller pool will compete with other smaller pools. Delegators can decide whether they will support a new small pool of a pool operator that owns more pools or whether they support a small pool that is owned by somebody else. It is something that the pool operator cannot directly influence.
Rewarding all stakeholders is actually very smart since there are more individuals making their own decisions. When a pool operator (the manager of a company) does not behave in the best interest of the protocol then delegators will delegate to another pool (employees leave the company). Delegators can do it right away. Thus, a malicious operator can lose power relatively quickly. A new snapshot is taken every 5 days and the new snapshot is used with the delay of one epoch. Let’s assume that a pool operator begins to behave maliciously and starts doing so at the end of the current epoch. Delegators will have 5 days to respond to it and redelegate their stake elsewhere. In 10 days, the pool can lose a significant stake and thus consensual power. At the same time, other pools will have higher stakes.
A higher decentralization can be achieved when it is easy to join. Both delegation and the creation of a new pool must be relatively cheap. In the ideal case, the majority of coins in circulation should be used for staking. In the Cardano ecosystem, you need only a few ADA coins to participate in staking. Delegation is not fixed to a period of time and delegators can always cheaply redelegate their stake.
An alternative to this approach is freezing coins to a certain period of time and their deduction in the case of misbehavior. It has a few negative consequences. In the first place, cryptocurrencies are here to be spendable. When coins are locked then it prevents their basic nature. When a stakeholder does not have sufficient coins to create its own pool or validation node then she cannot use coins for staking. When coins can be slashed the delegators risk their coins when the pool operator begins to misbehave. Many smaller stakeholders will not probably want to risk that. It seems that coin locking and slashing is not the best approach regarding decentralization. The environment where a minimum number of coins is required to create a validation node is also rather exclusive. The cryptocurrencies are volatile and it can be nearly impossible to create a new node when the price of coins reaches a new ATH every few years. The only solution is to decrease the required number of coins.
In some DPoS projects, we can see that voters can decide about a limited number of block producers that have equal power. Block producers are selected from a set of candidates. Incentives for voters are not often taken into account. As a result, we can observe the low participation of voters. Thus, only a small number of coins can decide about block producers. Since only block producers are rewarded they become richer. Moreover, they can vote for each other. It means that Alice, as a block producer, can vote for Bob, who is also a block producer. Bob, in return, votes for Alice. A network with a limited set of block producers with the same power can be very efficient regarding scalability but decentralization is sacrificed. Moreover, it can be relatively cheap to be elected and behave maliciously afterward.
Cardano’s reward-sharing scheme proportionally rewards all stakeholders for their participation. Stakeholders are rewarded every 5 days. Delegation of ADA coins to a pool can be considered as a certain form of voting. Delegators decide to share rewards with a given pool. The pool receives rewards only for services that are in line with the best interest of the protocol. Delegators behave rationally and select pools that generate rewards for them. Pool operators are dependent on delegators and the size of their reward depends on the total stake of their pools. Thus, pool operators are also incentivized to behave rationally. There is a beautiful symbiosis between the protocol, pool operators, and delegators.
Put it simply, Cardano does not need slashing since it has a unique reward-sharing scheme that supports a high level of decentralization in the environment where all stakeholders are economically incentivized to behave rationally. The protocol economically incentivizes the existence of the desired number of pools. A Nash equilibrium is a prescription of a strategy for each rational participant, with the property that if other players follow it, it does not make sense for a rational player to deviate from it. In addition, the Cardano ecosystem is highly inclusive and delegators have control over their coins and they can also cheaply change their decisions regarding delegation. Moreover, delegation is a risk-free process. In such an environment, it is irrational to behave maliciously and it can be expected that irrational participants will form only a marginal group. When a majority of ADA coins are in the hands of rational participants then the irrational ones have low power. The security of Cardano grows with the distribution of ADA coins.
In the case that malicious participants would be willing to lose money, slashing would not probably help much. Having a needed consensual power to cause damage to a decentralized network is always about having the needed amount of resources and willingness to lose money. It is impossible to prevent this type of attack. It is possible to achieve a state when a network survives the attack and the attacker will be economically drained. It would be relatively easy to implement slashing in the Cardano protocol. At the moment, it seems that is not necessary and the main-net runs flawlessly without that.