Business Modeling


#1

Background: I would like to be a validator in the state of California and therefore I am expressing views from this angle.

About me: I am a business person, while I am familiar with the technology behind blockchains; in my work I focus on the business side of the industry. My day job is to build business models for blockchain enabled solutions.

Security and long term state of the network

  • Premise: Validators are incentivized to keep the size of their group small to keep the token rewards for a selected few
  • Technology: less validators means faster transaction speed

However, for security reasons both validators and users may be incentivized to increase the number of validators as the network builds up.

Let’s start small and say that we have 3 core validators:

The security of the network relies on 3 individuals who have their identity publically available which includes their up to date: name, residence address, and business address. In my state, under the public notary license, validators are liable if this information is not kept up to date within 30 days of a change.

Let’s assume that people keep their hardware, private keys, etc. safely away from their primary residence listed in the public registry. Still, as the network grows in value, it would be easy for malicious actors to intimidate validators and/or family members. In the worst case scenario, organized attacks by criminal organizations could be coordinated in a way in which every validator is physically attacked and incapacitated at the same time. From their primary residence, validators can be followed and routines can be established, which is enough for a criminal mind to predict the best time of an attack on the network.

Character assassination (this time not referring to physical harm, but an attack to one’s reputation) is also much easier and harmful as the number of validator is kept small. In addition, the hacking of an individual’s social media accounts, email accounts, and usurpation of one’s online identity are all very possible in a 3 validators scenario.

All these malicious actions are more likely to happen as the network is scaling up, additional factors to consider:

  • Competitors
  • Value of assets in circulation

12:

In a twelve validators scenario, the network is still somewhat vulnerable to coordinated attacks on all validators or a majority of them. While this is starting to be a bigger group, I would assume that both the validator group and the users would be frequently monitoring the network and its environment for competitors and/or rise in the value of assets traded.

25:

In a 25 validators scenario, the network has an increase resiliency to a coordinated attack on all validators or a majority of them. However, it is conceivable that a group could undertake such attacks mentioned before and undermine or even destroy the network.

50:

If every state had at least one validator, there would be a significant increase in the difficulty and cost of coordinating an attack on every validator or a majority of them at once. While not impossible, the reward would have to be significant enough to offset the difficulty and cost of coordinating such an attack.

If the network becomes highly valuable, the reward of a large scale attack could offset the costs which may be a call for an even higher number of validators.

5000+:

If every state had a minimum of a 100 validators per state, while not impossible, it would be extremely difficult to significantly impact the network through an attack on the validator group. The implication on the technical side is hard for me to predict, potentially the tradeoff on speed may be too significant to adopt a model with such a large number of validators.

Personal thoughts:

I believe the Oracles POA Blockchain will be dynamic and its community will adapt as the network popularity increases and as the value of its tokens rise to provide added security to both users and validators. If this project is truly successful, a winning strategy might call for an increasing number of validator nodes over time.

As a start a 12 validators model seems reasonable but I can see a quick push for a higher number as the network scales up in size and value.


Few digging questions on PoA vs PoS
#2

Mel,
this is a very important piece of writing. 5000+ validators are out of my imagination from the technical perspective but I do like the idea very much.

We will try to achieve 25 active validators in three phases.

Phase 1 (Inception):
3
Phase 2 (Stability):
12
Phase 3 (Expansion):
25


#3

Here are my considerations:

  1. Security of the Network – The security of the network is function of both the number of nodes and the diversity of the nodes. Here diversity has a couple of aspects, geographical diversity as Melanie indicated above and in Oracles Network social diversity of Validators also is a factor in securing the network ( a novel an interesting twist ). I am attracted to the idea that any “respectable individual” could participate as a Validator in the network This may occur as the network scales horizontally but as the value of the main network increases I believe there should be some consideration for scaling the number of Validators into at least the hundreds. For example, given the economics makes sense, I can imagine that for any given consensus round there are logically only 25 Vaildators but those 25 Validators are randomly chosen from a much larger set of approved/vetted Validator pool each running a node. In this way the performance of the network will not degrade but the number of functional Validators can grow much larger. Stated an other way, given the expectation that the network is going to be wildly successful and highly valued, there should be some thought/desire/consideration given to how to share/distribute the financial benefits of being a Validator across a larger more diverse set of Validators.

  2. Perishable as a property of both wet/dry systems. In both biological (wet ) and computer systems (dry) all things have a lifecycle and eventually rot/perish or become obsolete. It thus makes sense to me that to maintain a “healthy” network Validators should be termed in some reasonable fashion. They can be recycled, i…e. exit for some reasonable time and then re-enter the Validator pool.

  3. Competition not conflict – In the governance model would hope there would be Validator penalties for non-participation in voting and under performing in other metrics (TBD ) that promote the security and health of the network. This is would be an effort to de-personalize/de-politicize the network and reduce motivation for such things as “character assassination”.

Perhaps overly ambitious be these represent my desires to ceate a new blockchain platform built around POA consensus/Governance that has following properties:

  1. Secure ( both in number and diversity of Validator nodes )
  2. Fast, cost-efficient scalable, eco-friendly platform that offers consensus as a service
  3. Shares the benefits/weallth

As an aside, I plan to attend the following Berkeley Bitcoin Meetup:

Berkeley Bitcoin Meetup – Governance Deep Dive, Sun 12/10 @ 6PM


Improving Adoption and Accessibility of POA Network
#6

@MEM
Mel, thank you for sharing your thoughts here!
Would you like to post those as a guest post in our Medium?


#7

It is a very important combination of factors that you point here. As the network grows, so will the monetary value of the validators’ rewards. Given that they are known people with known addresses, this drives the following dynamic:

  1. Validators are interested in preserving and growing their source of income. Limited number of validators helps achieve that.
  2. Validators are interested in preserving their personal safety. Growing number of validators with rewards spread out to bigger group helps achieve that.

I like @jlegassic’s idea about “only 25 Vaildators but those 25 Validators are randomly chosen from a much larger set of approved/vetted Validator pool each running a node”. It is an interesting concept of having a large pool of approved validators to make it uncertain who exactly derives the main rewards at a given moment yet still to preserve the discoverability of nefarious actions. However, who exactly validated each block will be the public info, so figuring who’s making the main rewards is not difficult. Unless 25 validators change all the time, so there is no long term dominance of a set group.
This is a really important matter and how we address them will define how the network evolves.


#8

In the world of PoS, staking wallets are selected at random, with priority given to those least recently selected. With PoS 3.0 specifically, only online staking time is credited (offline time doesn’t count). In case of POA it could count only online node time, promoting node uptime.

It’s very true that the number of validators is a risk/reward trade-off curve and that the network compromise probability (NCP) should be monitored and proactively kept low at all times. Estimating NCP isn’t too hard - it’s

  1. To a lesser extent, a function of the already mined economic value: P1(mined value)
  2. To a larger extent, a function of the ROI for operating a validator node: P2(ROI)
  3. To a significant extent, a function of validator’s voting weight on the network: P3(1/# validators)

I’d claim that P1 isn’t worth worrying about. Wealthy are always a target, and it’s fairly easy to find them by zip codes, cars, occupation, etc. In fact, it’s harder to attack the wealthy, since they commonly employ robust security systems. P2 is the underlying root cause for attracting attackers, since lucrative economic engines are always in danger of hostile takeovers and P3 is the probability multiplier, since as we’ve said: fewer validators - easier to compromise the network.

NCP is, therefore, P2(ROI) * P3(1/# validators)

Now, keep in mind that attacker needs to only acquire a majority vote on the network to remove the old validators and add the new ones, thus taking over the entire network. With 12 validators, only 7 need to be compromised concurrently (pretty easy, given enough incentive). Given high enough ROI, geo-distribution is a deterrent, but not a serious friction point in today’s connected world, so I don’t think it’s a material variable for NCP. Geo-distribution does play a significant role in POA operational availability.

Take a couple of examples (using decimal orders of magnitude):

Network ROI = 1BTC/month; # validators = 10, node ROI = 0.1BTC/month: taking over 6 validators ensures 1BTC/month income. I’d say that’s not enough incentive and probability is no higher than getting robbed.

Network ROI = 10BTC/month; # validators = 10: taking over 6 validators ensures 10BTC/month income. I’d say that’s borderline enough incentive for someone capable to arrange simultaneous hostile takeover on 6 validators. Geo-distribution makes this harder by <~1month of payouts, so it’s not a significant factor.

Network ROI = 10BTC/month; # validators = 50: taking over 26 validators ensures 10BTC/month. Again, we are back to not enough incentive for the operational complexity and risks involved.

Network ROI = 100BTC/month; # validators = 50: taking over 26 validators ensures 100BTC/month. ROI is now so high, that hostile takeover is likely and with just a few months of payouts orchestrating a hostile takeover is significantly probable.

Bottom line: we need to grow our validators base as the network ROI grows and continuously reassess NCP. Such validators should be chosen to further minimize the NCP. Geo-distribution, empirically provable trustworthiness, cybersecurity proficiencies, etc. are all desirable skills to look for. Silent methods to signal node is compromised are also desirable. One approach is a ping-alive method - every validator has to offer periodic proof the node hasn’t been compromised. Another approach is to enable validator to temporarily suspend their own voting rights, so that in case of hostile takeover attempt, they can drive P3 to zero and render themselves not a target.

Security will definitely become a big deal in a network where every validator is in public sight.

Best, MM


#9

awesome ideas! make a lot of sense.


#10

Thanks @Lena,

@Micwebnet , @jlegassic, and @oxanakunets all made very valid points, happy to summarize our discussion and guest post it on Oracles Medium.


#11

FYI, I was unable to attend the Governance Deep Dive at Berkeley Bitcoin Meetup.

They did however post a fairly comprehensive reading guide:

Blockchain Goverance Reading Guide – courtesy of Berkeley Bitcoin Meetup

Even if you don’t read any of the articles this document is worth a look/see and outlines in broad strokes what is happening in the Blockchain Governance space.


#12

Hi everyone,

I am working on a piece on Medium, planning on publishing it tomorrow or the day after.

Feel free to edit, make suggestions, etc, this is a draft copy.

@Micwebnet , @jlegassic, and @oxanakunets : Please make sure that you are comfortable with what is written so far as you are cited in this essay.

Thank you

Mel


#13

Hi everyone,

The Medium post: https://medium.com/@melaniemarsollier/proof-of-authority-security-6d00b07e03fb

I will keep you up to date as interesting perspectives are shared on Medium.

Cheers,

M


#14

Melanie,

Just read post on Medium. Well concise, clear and well stated. Appreciate the shout out.

To be fair, I got the whole “wet/dry” comparison from this following talk by Nick Szabo ( around 11 min mark his does comparison of “wet/dry” code and security. )

Nick Szabo – History of Blockchain

I think somewhere he defines the sweet spot is at the intersection of the “wet/dry” code but more related to implementation of “rigid, well defined” wet code to run on the blockchain in “dry” smart contracts.

POA Networks takes things further by adding drops of “wetness” to the dry security model. This humanization of the “dry” security model of the Blockchain is a very daring, very important, perhaps revolutionary, sociotech experiment.


#15

Thank you @jlegassic ,

I will watch it and make some edits around the humanization of the dry security. I’ll keep you posted when I have a final version for you to review.

@Lena I have noticed that your stories have all the same branding in the images display, would you have one that incorporates POA and security?

Thanks,

mel


#16

@MEM Sure! We asked our designer to prepare one for your post.
We’ll incorporate it once the banner is ready.

Thank you,
Lena


#17

Hi John–

I’ve been meaning to comment on your post. I think this is exceptional thinking and would like to bring this up for discussion. Do you suppose we could coordinate a ZOOM meeting this coming weekend, February 3 / 4 2018?

Jim


#18

Jim,

I think Melanie wanted to chat as well, so let me reach out to her and we can Zoom sometime this weekend 2/3 or 2/4.

I’ll keep you posted.

John


#19

Yes, the more the merrier! I’ll try to keep the weekend free. Thanks John!

Jim


#20

This discussion topic should be renamed ''Governance" I’ll update with the latest governance advancement soon.


#21

This post was flagged by the community and is temporarily hidden.