Consensus is the process of forming an agreement between many parties. Achieving consensus is therefore amongst the oldest problems that humanity has faced, preceding even the emergence of complex societies. Algorithms for achieving consensus also lie at the heart of designs for blockchains; revolutionary technologies that have existed for barely a decade. The issue of ensuring agreement between multiple computers in a network has some important parallels with achieving consensus among groups of people. The most prominent of these is the need for the participants in both types of consensus to make some form of commitment.
In human groups attempting to reach a consensus, the commitment typically involves all parties agreeing, ahead of time, to abide by the outcome of the decision-making process. In the blockchain scenario, the computers participating in consensus (generically known as nodes) can only make commitments using the passing of electronic messages. As a result, these must take a different form from the human setting. The key technological breakthrough that enabled the world’s first successful blockchain, Bitcoin, was to use a simple algorithm to enable nodes to demonstrate a commitment of resources. More importantly still, the inventor of Bitcoin introduced a scheme where nodes (also known as miners) are paid for each commitment that they make.
In the Bitcoin consensus protocol, the commitment of resources is known as Proof-of-Work (PoW). This is an elegant design that enables the amount of computational effort that has been expended in producing the proof (which is a compact 256-bit number) to be verified by other nodes very cheaply. In Bitcoin, a PoW contest takes place to establish which miner can produce the proof most quickly, and with it receive payment for producing a block. The stochastic nature of the algorithm also solves the problem of how to allocate the production of blocks to different nodes in the peer-to-peer network at different times. Unfortunately, the success of Bitcoin and the properties of its PoW consensus has led to centralization and unacceptable energy consumption.
From an economic perspective, the commitment only needs to involve some expense for the node, and does not necessarily require consumption of energy or any other external resource. A much more energy-efficient, decentralized and secure consensus can be achieved by using a resource that is intrinsic to the ledger. This is the rationale for Proof-of-Stake (PoS) consensus where the commitment typically takes the form of provably locking tokens for a specific period of time.
Since its invention, many PoS variants have been proposed. While these have generally represented an improvement over PoW, many difficulties remain unresolved. One problem with most forms of PoS is that people with the largest coin holdings have the greatest control of the consensus. If these “whales” also earn excessive rewards for maintaining the network, then this leads to a self-reinforcing spiral towards ever greater centralization.
Another issue with PoS is that it is exclusive, and leads to smaller token holders being left unable to participate in the consensus. Nonetheless, holders of small deposits are often willing to stake their tokens in exchange for rewards, and this desire is typically fulfilled by staking pools. The pools accept deposits from many different token holders and aggregate the funds into a single account that they then use to become a validator¹. In exchange for the temporary “loan” of the tokens, the operators pay rewards for the contributions.
The disadvantage of stake pools is that the small token holdings are often transferred directly to staking pool operators, and this introduces a reliance on “trusted” third parties. This is contrary to the objective of decentralization and leaves the small token holders exposed to the stake pool operators being hacked or fraudulent. The cryptoeconomic security is also harmed, as token holders with an interest in the blockchain are not able to participate. An attempt to address these limitations was made with a scheme known as delegated Proof-of-Stake dPoS.
Perhaps the best known dPoS chain is EOS², whose consensus was initially marketed as a way of increasing transaction throughput. The small number of nodes in EOS (21 at any one time) allowed greater throughput to be achieved than earlier chains as the system is more centralized. However, more recent consensus designs can support high throughput without resorting to restrictions on the number of nodes. It was also proposed that the dPoS consensus offsets the technical centralization of the protocol while addressing some of the defects of conventional PoS consensus schemes.
There are many variants of dPoS, but the general principle is that the governing foundation selects a group of entities that it considers to be eligible for becoming validators. This typically requires the candidate to be known publicly and to fulfil other obligations specified by the chain’s governance. The candidates then canvass other stakeholders and offer incentives for them to delegate their tokens towards them. The candidates that receive the most delegated stake are then elected as validators. This process has superficial similarities with stake pools but several important differences. Most importantly, the returns for being a validator are guaranteed and delegated stake is not subject to any financial risk.
Since individual users have little influence over the election of validators and no “skin-in-the-game”, their choice of candidate will be based primarily on the size of the incentive that they are offered. This looks very much like institutional bribery and it is unsurprising that dPoS chains are prone to manipulation and specifically the formation of cartels. Once established, these are difficult to displace, as stake delegated to members of the cartel is pooled to the exclusion of everyone else. The cartel can further exploit the semi-permissioned process for becoming a validator to create further barriers to new entrants. A remarkable example of this can be found on the Lisk blockchain, where a cartel openly advertizes that it controls a majority of the nodes on the network. Worse still, the cartel also offers incentives to users to discourage them from voting for its competitors.
With these factors in mind, we set out to design a consensus scheme that overcame the limitations of PoS, and that genuinely delivered on the promise of dPoS consensus but without its major drawbacks. In doing so, we first discuss two unrealised advantages of dPoS that, when implemented correctly in the PoS-uD consensus, can bring great benefits to the platform in terms of cost, efficiency and security. The two key features are a restriction on the number of nodes that operate the network and an economic design that provides an opportunity for smaller investors to delegate stake to validators securely and without promoting corruption.
At first glance, restricting the number of nodes might appear to be a backward step since protocols such as Algorand are designed to support huge numbers of validators that can even run on desktop computers with intermittent internet access. While an impressive achievement from a cryptographic and distributed computing point-of-view, the economic inefficiency of the Algorand protocol will cause it to be uncompetitive with PoS-uD for enterprise applications. To explain why this is the case, we introduce the cost trilemma for blockchains and how it informed the design of PoS-uD.
The cost trilemma reflects the trade-off between three properties that are all desirable but are in conflict with each other. In the trilemma, cost refers to the total operating cost of the blockchain, which should ideally be kept as low as possible. Another property is security, which reflects how expensive it is for an attacker to own 51% of the stake and take control of the consensus. And finally, decentralization, which refers to the ledger’s degree of replication.
The total operating cost reflects all aspects of running the ledger, and is recovered from users of the network in two ways. The first way is direct charges in the form of transaction fees. The second is indirectly through the issuance of new tokens, also known as inflation³. If the issuance is set at a high rate, such as the 5% or more charged historically on the Bitcoin, Ethereum or EOS networks, it means that users’ assets are depreciating at approximately the same rate. For a network designed for the economy-of-things and extremely high transaction throughput it is essential that the operating costs be kept low.
On the other side of the cost trilemma are the properties of security and decentralization, which are both funded by the operating cost. Decentralization is short-hand for the cost of operating the physical infrastructure that maintains the network. At one extreme, a small number of nodes is cheap to operate but centralized, and at the other, massive replication of the ledger by low-powered machines, as proposed by Algorand, will be prohibitively expensive. Technical innovations such as effective sharding can be used to achieve greater decentralization at lower cost, which is one of the reasons that third-generation designs, such as Fetch.AI, are likely to displace older protocols.
Beyond the cost of purchasing and running the compute resources for a node, validators are also subject to the opportunity cost of locking their tokens as stake. Opportunity cost is a quite abstract concept, but can be thought of as the cost of not being able to use the staked tokens for other purposes such as active trading. What matters from a consensus point-of-view is that the opportunity cost increases proportionally to the amount of tokens that are staked. An individual can therefore decide how much to bid to become a validator based on whether they expect a profit after accounting for operating and opportunity costs.
The consequence of the economic factors is that the quantity of staked tokens, and therefore the security of the protocol, depends directly on the size of the charges that have been levied on users after subtracting the cost of physically operating the network. This relationship inspired Fetch.AI to develop a consensus that made it possible to choose the optimal trade-off between the different aspects of the cost trilemma, which is one of the major benefits of PoS-uD. The alternative used by many other projects such as Ethereum and Algorand leads to coupling of security and operational costs, and are likely to lead to much higher fees for users as a result.
The other important design criterion in the development of PoS-uD was to enable stake to be delegated more securely and efficiently than in “standard” PoS but without the potential for abuse that is associated with dPoS. Implemented properly, stake delegation has several benefits for the blockchain. The main benefit is that it can greatly decrease the barriers to participating in the consensus, which increases both the decentralization and security. The decentralization is improved by increasing the number and diversity of participants in the consensus while greater security is achieved by the increasing the quantity of staked tokens.
The PoS-uD staking design is referred to as being “unpermissioned” since becoming a validator does not require any kind of approval by the Fetch.AI foundation, and instead relies on competition in the market. Another key component of the design is that the delegation of stake to another party does entail some financial risk. In particular, the delegated stake could be lost if the validator launches an attack on the protocol. The presence of risk means that users are likely to demand that validators have a public identity, operate their nodes with transparency and efficiency, and offer good returns for staking tokens. Collectively, these different elements contribute to establishing a reputation for validators.
The validator’s dependence on reputation is beneficial for the overall security and function of the platform. This arises from what economists call dynamic incentives, which mean that most of the benefit that a validator can expect to earn from operating a node will be realised in the future. Dynamic incentives increase the system’s security, as the benefits of good behaviour extend beyond the reward that is immediately available. Another advantage of this approach is that it establishes validators as parties who act in the interests of users in the governance of the chain.
The final step of the development of the PoS-uD consensus was to design a market mechanism that fulfilled all of these objectives. In doing so, we wished to ensure that the costs of becoming a validator are constant to ensure that the risks and rewards are uniform for all participants in the consensus. The auction mechanism that is used in our staking program has been designed to fulfil these requirements.
The auctioning of validator rights also enables the bidders to be certain of the rewards that are available, which enables them to offer a defined interest rate for the delegation of stake by retail investors. This staking model is complementary to our minimal agency scheme for operating the blockchain once the validators have been selected, and can also be adapted to accommodate developments of the underlying ledger technology. These features combined with a means for navigating the cost trilemma make the Fetch.AI platform the ideal economic basis for decentralized applications such as exchanges, prediction markets and the machine-to-machine economy.
While most blockchain projects are focussed on improving the underlying technology, the cause of the unsatisfying user experience on many existing platforms is often flawed economics. The Fetch.AI ledger is being designed from the bottom-up with sound economic principles combined with technical innovations. These developments are aimed at driving user adoption in the short term and supporting our ambitions for the agent economy in the future.
1. Validators are nodes that take part in the consensus protocol equivalently to miners in PoW chains.
2. dPoS consensus has proven to be quite popular, and is used by Lisk, Tron, Neo, Steem, Bitshares and Tezos to name a few well-known examples.
3. The technically correct term for new token issuance is seignorage.