StakeSure & @eigenlayer: Strong cryptoeconomic security
--------------
Prior definitions of cryptoeconomic security were adversary-centric.
Cryptoeconomic security: For any attack & adversary,
Cost of corruption > Profit from corruption
where cost of corruption is the minimum amount slashable to the adversary and pfc is the total profit that can be extracted by the adversary.
To check whether the condition is satisifed, it requires modeling the adversaries fully. This is complex, if not outright impossible:
a) the adversary may have an extrinsic incentive like a short position to increase the profit from corruption.
b) the adversary may have extrinsic reasons to have lower cost of corruption - for example, the adversary is custodying someone else's funds (called the principal agent problem).
This foundational issue was memorialized in a paper titled "Rationality is Self-Defeating in Permissionless Systems" ().
--------------
In our recent work StakeSure (), we redefined cryptoeconomic security.
We flipped the viewpoint from the adversary viewpoint to the *protocol* viewpoint or the protocol user viewpoint.
Strong cryptoeconomic security:
For any attack,
Redistributable stake > Harm from corruption to protocol (or protocol user)
The idea is that the slashed funds are redistributed to the protocol (or protocol users) and hence if the protocol ensures that the total funds that can be redistributed to users upon protocol failure is greater than the funds that can be harmed, then the protocol has strong cryptoeconomic security. Once this equation is satisfied, it is irrelevant to the protocol what the intention of the adversary is! No matter what the intention of the adverary, the protocol remains solvent!
This equation is fully calculable onchain. For example, in the case of a bridge, harm from corruption is the amount of money that can be stolen from the bridge within the fraud proof period (weekly transaction volume say). Redistributable stake is the amount of stake that is uniquely attributable for the fault - also an onchain measurable.
In the case of a bridge which is transacting in arbitrary quantities (like NFTs), the bridge can let each transaction specify how much redistributable-stake that particular transaction needs in terms of a failure. This ensures that protocol *users* can self-specify how much security they want. This is analogous to how when shipping a fedex parcel, you can self specify how much insurance is needed (by declaring the value and paying a premium).
------------------
Adversary-lens
------------------
The adversary can take a short position outside - yes - but it does not matter.
The adversary may be a CEX that is using customer funds to attack the system - yes - but it does not matter to the protocol. Of course, when a user deposits funds to a CEX they are trusting that the CEX handles the funds safely - otherwise they should not deposit to the CEX.
------------------
How does it circumvent the "impossibility" result in
Assumption 3: The system S actually leverages in some fashion the behavioral assumption(s) it makes on participants, such as a rationality assumption.
StakeSure makes each participant make *an assumption* ONLY about themself - they specify how much insurance they themself want rather than having to imagine how other participants act (including other users)!!! Even if other users specify redistributable stake lesser than their true value and the system gets attack, the honest user who specified their redistributable stake correctly is ALWAYS solvent - it will be able to redistribute its portion of the stake.
------------------
StakeSure transforms the cryptoeconomic landscape completely.
1) Exactly measure how much cryptoeconomic security is sufficient, rather than have random curves define it.
2) Self-scale the amount of security. If more redistributable security is needed, the protocol users become willing to pay more.
3) Isolation of safety. If a certain user holds a certain amount of redistributable stake, then they do not need to model any other users who they may be sharing the platform with.
4) Compensation: Users of the platform will be compensated if something goes wrong, completing the system of "karma".
5) Universality: Any application can self-specify the amount of harm-from-corruption so that many applications can share a common staking system.
------------------
Tagging PoS builders and experts
@VitalikButerin @Tim_Roughgarden @zmanian @aeyakovenko @drakefjustin @JTremback @sunnya97 @valardragon @dankrad @zooko @muneeb @rphmeier @dntse @jneu_net @karl_dot_tech @phildaian @danrobinson @gakonst @buchmanster @musalbas @sgoldfed @EdFelten @toghrulmaharram @yilongl_megaeth @yangl1996 @yq_acc @gluk64 @sandeepnailwalarxiv.org/abs/1910.08820
arxiv.org/pdf/1910.08820
--------------
Prior definitions of cryptoeconomic security were adversary-centric.
Cryptoeconomic security: For any attack & adversary,
Cost of corruption > Profit from corruption
where cost of corruption is the minimum amount slashable to the adversary and pfc is the total profit that can be extracted by the adversary.
To check whether the condition is satisifed, it requires modeling the adversaries fully. This is complex, if not outright impossible:
a) the adversary may have an extrinsic incentive like a short position to increase the profit from corruption.
b) the adversary may have extrinsic reasons to have lower cost of corruption - for example, the adversary is custodying someone else's funds (called the principal agent problem).
This foundational issue was memorialized in a paper titled "Rationality is Self-Defeating in Permissionless Systems" ().
--------------
In our recent work StakeSure (), we redefined cryptoeconomic security.
We flipped the viewpoint from the adversary viewpoint to the *protocol* viewpoint or the protocol user viewpoint.
Strong cryptoeconomic security:
For any attack,
Redistributable stake > Harm from corruption to protocol (or protocol user)
The idea is that the slashed funds are redistributed to the protocol (or protocol users) and hence if the protocol ensures that the total funds that can be redistributed to users upon protocol failure is greater than the funds that can be harmed, then the protocol has strong cryptoeconomic security. Once this equation is satisfied, it is irrelevant to the protocol what the intention of the adversary is! No matter what the intention of the adverary, the protocol remains solvent!
This equation is fully calculable onchain. For example, in the case of a bridge, harm from corruption is the amount of money that can be stolen from the bridge within the fraud proof period (weekly transaction volume say). Redistributable stake is the amount of stake that is uniquely attributable for the fault - also an onchain measurable.
In the case of a bridge which is transacting in arbitrary quantities (like NFTs), the bridge can let each transaction specify how much redistributable-stake that particular transaction needs in terms of a failure. This ensures that protocol *users* can self-specify how much security they want. This is analogous to how when shipping a fedex parcel, you can self specify how much insurance is needed (by declaring the value and paying a premium).
------------------
Adversary-lens
------------------
The adversary can take a short position outside - yes - but it does not matter.
The adversary may be a CEX that is using customer funds to attack the system - yes - but it does not matter to the protocol. Of course, when a user deposits funds to a CEX they are trusting that the CEX handles the funds safely - otherwise they should not deposit to the CEX.
------------------
How does it circumvent the "impossibility" result in
Assumption 3: The system S actually leverages in some fashion the behavioral assumption(s) it makes on participants, such as a rationality assumption.
StakeSure makes each participant make *an assumption* ONLY about themself - they specify how much insurance they themself want rather than having to imagine how other participants act (including other users)!!! Even if other users specify redistributable stake lesser than their true value and the system gets attack, the honest user who specified their redistributable stake correctly is ALWAYS solvent - it will be able to redistribute its portion of the stake.
------------------
StakeSure transforms the cryptoeconomic landscape completely.
1) Exactly measure how much cryptoeconomic security is sufficient, rather than have random curves define it.
2) Self-scale the amount of security. If more redistributable security is needed, the protocol users become willing to pay more.
3) Isolation of safety. If a certain user holds a certain amount of redistributable stake, then they do not need to model any other users who they may be sharing the platform with.
4) Compensation: Users of the platform will be compensated if something goes wrong, completing the system of "karma".
5) Universality: Any application can self-specify the amount of harm-from-corruption so that many applications can share a common staking system.
------------------
Tagging PoS builders and experts
@VitalikButerin @Tim_Roughgarden @zmanian @aeyakovenko @drakefjustin @JTremback @sunnya97 @valardragon @dankrad @zooko @muneeb @rphmeier @dntse @jneu_net @karl_dot_tech @phildaian @danrobinson @gakonst @buchmanster @musalbas @sgoldfed @EdFelten @toghrulmaharram @yilongl_megaeth @yangl1996 @yq_acc @gluk64 @sandeepnailwalarxiv.org/abs/1910.08820
https://x.com/sreeramkannan/status/1781250246980624539
arxiv.org/pdf/1910.08820
• • •
Missing some Tweet in this thread? You can try to
force a refresh
