Today we’re excited to announce the launch of the Chorus One Podcast. This podcast hosted by our team members will focus on ideas, protocols, and projects that facilitate the creation of a permissionless, open financial system.
You can find the first three episodes, as well as future weekly episodes, on all major podcasting platforms: Libsyn, Spotify, Apple Podcasts, TuneIn, Google Play, and Stitcher.
It’s no secret that researching and publishing content to educate, generate awareness, and to publicly participate in questions of network governance is the cornerstone of the Chorus One vision to foster “ a community of engaged token holders that work together to shape the future of decentralized networks “.
With the Chorus One Podcast, we are structuring this effort and aim to provide a consistent outlet that covers relevant topics and projects tangential to Chorus One on a weekly basis. This intersection involves staking, blockchain governance, interoperability, and decentralized finance in general.
We aim to experiment with different formats, so it won’t be a standard interview-only podcast. Some episodes will explain specific concepts, others will feature a discussion with stakeholders, e.g. around a relevant governance topic, and some will just be interviews with projects from the space. What you can be sure about is that there will at least be one of our hosts/team members ( Brian, Meher, Brendan, or Felix) and lots of pertinent, in-depth information on the emerging open financial system.
The first episode is an introduction to the podcast. It is structured as an intro to our company, the podcast, and hosts covering what currently excites us most about the crypto space.
The second episode is an interview with Alfonso Cevallos conducted by Felix. Alfonso is a researcher from the Web3 Foundation working on the Proof-of-Stake implementation that is going to be used in Polkadot (Nominated Proof-of-Stake).
The third episode is an interview in which Meher dives deep into the Terra stablecoin protocol with Nicholas Platias, Head of Research at Terra Money.
We’re looking forward to having you as a listener and releasing weekly episodes each Monday. Please join our Telegram if you have suggestions for who or what to feature on the podcast!
Originally published at https://blog.chorus.one on July 2, 2019.
We are about to witness a wave of high-profile Proof-of-Stake projects launch their main networks. At Chorus One, we have spent more than a year researching the ecosystem, designing our infrastructure, and most importantly, actively participated in multiple PoS networks. This led us to experience different approaches to bootstrap a staking community.
A key question is how to transition from testnets to a permission-less, decentralized network with millions of dollars of value at stake. This post summarizes the problem statement and introduces the concept and value proposition of incentivized testnets. Another follow-on post will cover more concrete insights, learnings, and recommendations on how to ideally bootstrap a staking community utilizing testnet competitions.
The goal for a PoS network is to be maintained by a multitude of independent, geographically diversified entities (validators). Voting power should (ideally) be somewhat evenly distributed across these validators to minimize the likelihood of a small number of actors wielding outsized control over the network. A genuinely decentralized network will also assist with network stability and favorable regulatory treatment.
Operating blockchain nodes costs money. There are costs related to provisioning and configuring the infrastructure. But there are also, often overlooked, costs associated with the time and skill (human capital) that is required to set up, operate, and maintain a validator.
Proof-of-Stake networks have a token that is supposed to compensate validators for these costs. But rewards are only paid out once the network is live. Who is incentivized to run nodes on a testnet with no compensation?
One approach is to assume that the community aka investors holding the token will run nodes themselves and will prepare adequately for the mainnet by participating in testnets. In reality, it is likely that the best node operators aren’t already invested in the project. The skills and capacity for investing capital in early-stage projects can be totally orthogonal to the skills required to operate a node well. Also, having investors as node operators will probably result in a more centralized network, especially considering concentrated token distributions.
Some node operators will participate in testnets in expectation of delegations on the mainnet. This implies the existence of some form of delegation mechanism. But what about validator skin in the game? Many projects emphasize the need for validators to have some economic stake in the project. This mostly translates to requiring a minimum buy-in for validators, which narrows the set of potential node operators to those that have enough capital to invest relatively large amounts themselves.
Additionally, because there are no economic incentives to participate in testnets, operators won’t put in too much effort to seriously test the software or optimize their architecture and operations. Finally, the choices of networks to validate on for node operators are increasing. Joining a testnet has associated opportunity cost for validators. In conclusion, PoS projects need a way to convince good and dedicated node operators that will increase the value of the network to join their ecosystem.
As a summary, the high-level goals to accomplish before launching a PoS mainnet are:
An emerging trend is to run an incentivized testnet competition that rewards participants with tokens based on their performance during the competition. The idea is to bootstrap a community of high-quality node operators while at the same time testing and improving network performance, robustness, incentives, and other features in adversarial conditions that resemble a live network.
The project that first established and carried out such a competition is Cosmos with their “Game of Stakes” (GoS). Multiple PoS projects are currently exploring their own testnet competitions. We’re aware of the Enigma incentivized testnet and many others that didn’t announce their plans publicly yet.
The common thread across these competitions is the desire to battle test the protocol’s cryptoeconomic design, network performance, and features such as governance and delegation. Often additional rewards (bounties) are offered to participants that scrutinize each part of the system to uncover code or incentive flaws.
Going back to the PoS network launch goals stated above, we can see that an incentivized testnet competition is an amazing tool to realize them:
Another positive side-effect of a testnet competition is that it enables project teams and validators to test and establish communication channels and coordination processes that will persist to the mainnet. This can include announcement and discussion channels, upgrade processes, call schedules, etc.
While GoS worked out incredibly well on many fronts, we believe that there is room for improvements for future incentivized testnet competitions. We’re always happy to share our experiences and feedback, reach out to us to learn more! A follow-on post will go into detail covering learnings and recommendations gathered from the GoS experience, our research, and conversations with validators, protocol designers, as well as other players in the staking space.
This post is a comprehensive overview of staking on the Cosmos Hub. It will explain the current implementation, cover implications and risks for delegators, as well as expected returns including a reward calculator. The results provided by the calculator serve as a projection, Chorus One doesn’t guarantee their accuracy. The Cosmos Hub is about to launch and with that Atoms, the cryptocurrency native to the Cosmos Network, can be used to stake (also referred to as bonding) to help secure the internet of blockchains and to receive rewards for it. The concept of staking can be hard to grasp and the Cosmos Hub implementation is one of the most sophisticated to date with a lot of caveats that need to be considered to achieve the optimal risk-adjusted return as an Atom holder.
Staking means you are locking your tokens and participate in securing and maintaining the Cosmos Hub, for which you are rewarded in the network’s native tokens (Atoms). You can delegate your tokens to a validator that will run the required node infrastructure for you in exchange for a cut of the rewards. This post specifically focuses on delegating, if you want to learn about the difference between validating and delegating check out our explanation of these concepts here.
Staking in the Cosmos Network is highly incentivized, the main utility of Atoms is to be used to determine the decision power of validators in the consensus process. Atom holders collectively decide which validators will secure the Cosmos Hub and their individual influence in the network.
To start staking you need to own Atom tokens, which at launch means you will need to have participated in the fundraiser. Transfer of Atom tokens will be enabled through a governance vote, so please be aware that any offer to buy Atoms before that is either a scam, the wrong token, or an IOU, which will mean that you should make sure you trust whoever you are buying the Atoms from.
Once you own Atoms, you can participate in securing the network and earn rewards by staking them. A list of validators, their terms, and other information will be available on the blockchain. Presumably, most wallets and other websites will also make this information available in their interfaces.
To participate, you need to send a special type of transaction to the network and the protocol will then automatically assign (bond) your tokens to the validator you specified, increasing their voting power in the consensus process. From that point on your tokens are locked and associated to that validator’s consensus votes. Check this infographic for a reference to how consensus is formed with Tendermint.
Important to note here is that at launch, the official Voyager wallet won’t be audited, so the recommended way to delegate is to use the CLI (command line interface). Delegating using the CLI requires some technical expertise: You have to set up Go, install the Cosmos SDK and dependencies, type in commands into the command line, etc. We’ve done a lot of work on making that process easier and will be releasing a tutorial about it very shortly. An alternative option for non-technical users may be to wait for a stable Voyager release.
Once you are bonded you start receiving rewards, these are influenced by the following factors:
The global inflation rate, which gradually decreases to 7% when more than 2/3 of the total Atom supply is bonded. If less than 2/3 is bonded, the global inflation rate will gradually adjusts up to a maximum of 20%.
The staked Atom supply. Rewards get calculated based on the total supply, but distributed only to those who are staking. So the fewer people stake, the higher the effective rate of rewards for those staking.
The block time interval. The longer the block time interval, the lower the actual rewards paid out to stakers, as rewards are paid out on a per block basis.
As the effective inflation rate, fee levels, and Atom price are largely independent of your behavior, I will first focus on the impact of factors that you have an influence on. The important factors to consider here are (aside from the amount to stake) validator commission rates and uptime, as well as your re-staking behavior.
There is another, possibly the most important factor, to consider when staking in Cosmos. That is the possibility of getting slashed as a result of your validator not following protocol rules. What this means is that deposited tokens (not just rewards!) can be removed by the protocol if the validator you are bonded to misbehaves, e.g. by double-signing a block. This punishment can be as high as 5% of your delegated amount, and it serves to protect the network from malicious validators. Since slashing also applies to delegators, it is important to choose your validator(s) based on their trustworthiness and the security of their infrastructure. Double-signing a block is an attack on the network and could be a result of an actually malicious validator that tries to cheat the network, a validator whose setup is flawed in some way, or host compromise, which could be a result of bad key management practices (e.g. rogue employees) or other security holes in validator infrastructure or operations.
At launch, slashing parameters are set to 5% for a double-signing and 0.01% if a validator misses 95% of blocks in a rolling 10,000 block window. Depending on the block times in the network, this means about half a day to a day of consecutive downtime will result in a 0.01% slashing for the validator and his delegators (e.g. at 5 second block times, the 10,000 block window corresponds to 13 hours and 54 minutes. If a validator is offline for around 13 hours and 12 minutes within this window, a slashing of 0.01% will occur).
The following graph shows how the effective inflation rate (the annual yield an Atom holder delegating will receive in Atoms) based on an assumed 15% commission rate, 5s block times, no revenues from transaction fees (which is likely in the bootstrapping phase of the network) and not considering downtimes, slashings, and re-staking behavior. One thing to note is that the global inflation rate will gradually adjust towards 7% when more than 2/3 of the total Atom supply is staking and towards 20% when there’s less than 2/3 of the Atom supply staking. The rate of change in the inflation rate in the network is limited to 13% per year. As the inflation rate at launch is set to 7%, this effectively means that it will take at least a year of low staking participation for the inflation rate to reach 20%.
To protect against a validator attacking the network and then immediately withdrawing his stake, the Cosmos Hub is enforcing a 21-day unbonding period. During this period, staked Atoms do not receive rewards anymore, but slashing is still possible. This means your Atoms are illiquid for 21-days after you decide to stop staking! In the future, there may be some possibility to get short term liquidity on unbonding Atoms through financial derivatives.
You can at any time change which validator you delegate to without delays and at no cost, aside from fees paid for the re-delegation transaction. Use this function to change your validator if you aren’t satisfied with its service any longer, factors could e.g. include a rise in commission rates, or extended downtimes that lower your rewards, or softer factors such as you wanting to support another validator team that benefits the ecosystem, a team that supports your staking efforts, or that shares your opinions on how to govern the network, etc. Be aware that re-delegation take 21 days to finish and that the protocol limits re-delegations to seven per account. Read more here.
There are situations in which you are automatically unbonded from the validator you are bonded to, which requires you to bond your Atoms again if you want to continue to stake. These are:
This basic reward calculator projects potential rewards from delegating Atoms to Cosmos validators based on the assumptions stated. The calculator requires you to put in the current global inflation rate and staked supply. It may be extended to help you determine your optimal re-staking interval and the resulting expected rewards.
form.myjotform.com
We will update this article to account for changes and provide other resources to our community of delegators to help them in their staking journey. Please feel free to share this post with other Atom holders and ask us questions on our Telegram or on any other channel.
Originally published at blog.chorus.one on March 12, 2019.
This is the first part of a 3-piece blog series on the key ideas behind the Cosmos Network.
In March 2019, one of the promising Blockchain 3.0 projects — the Cosmos Hub — goes live. It delivers the ability to build an Internet of Blockchains — myriad decentralized ledgers, hosting disparate financial applications, able to coordinate the movement of financial assets between each other. Understanding the Cosmos vision and its implementation is valuable for cryptocurrency technologists and investors, since the upside is massive. This is the story of the key ideas behind Cosmos, and how they came to be. We start off in 2014, with Jae Kwon’s vision of consensus without mining. One by one, we’ll covers five key ideas leveraged by the Cosmos team to arrive at the current system. These key concepts are:
If the above looks unfamiliar, you’re in the right place! Reading this set of two articles, will position you to follow the conversations around this quantum leap in blockchain technology. This article covers concept (1)-(3) while later articles cover concepts (4)-(6).
Our story starts in 2014. Back then the first wave of Bitcoin 2.0 projects like Colored Coins, Mastercoin and Peercoin were in vogue. Most of these attempted to build on top of Bitcoin, but a few attempted to create Proof of Stake — a new way of securing cryptocurrency ledgers that would obviate the need for mining hardware, and reduce the operating costs of a cryptocurrency ledger. With bitcoin hovering around $600, miners were already spending over $400 million annually running their mining machines to operate the Bitcoin blockchain while concurrently delivering a capacity of fewer than 7 transactions per second. The need for a new way of coming to consensus over the balances of accounts was needed — ideally some method that would cut the annual operating costs 100-fold, so that an even more deflationary cryptocurrency could be realized. After all, these were the days cryptocurrency users watched over the inflation rates like hawks.
Out of these efforts, Peercoin and Nxt were the most prominent. The technical approach of both was to try to simulate mining using coin balances — deploy some mechanism that would scan the balances of all accounts, and randomly select some account to produce the next block. Higher the number of coins held by an account, higher the odds it would be selected to create the next block. It was as if the coins one held would become virtual ASIC miners, and periodically give one the chance to create a block and earn some reward. It was an approach headed for the dustbin of history, but we didn’t know that yet.
This is when Jae Kwon quietly entered the scene with a logical and deceptively simple idea: To leverage previous academic work around consensus protocols to build a cryptocurrency system called Tendermint. If anyone scanned the academic literature of consensus mechanisms from the last 15 years, they would have stumbled upon Byzantine Fault Tolerant consensus mechanisms like PBFT and DLS. These consensus mechanisms were built for scenarios where a group of accountants that ‘knew’ each other could jointly agree on the state of a system, for instance, a financial ledger (containing accounts and balances). These mechanisms were not suitable to build a system like Bitcoin. Bitcoin relies on permissionless entry — anyone can become an accountant for the Bitcoin network by setting up a mining pool. Academic consensus mechanisms were built for scenarios where some social/legal process would identify a known, closed set of accountants. Jae’s contribution was to marry the idea of security bonds, which we cover later, with classical consensus mechanisms to build a cryptocurrency network secured without mining.
These academic mechanisms, the most notable of which is Practical Byzantine Fault Tolerance, are best imagined as glorified roundtable voting systems. Imagine a roundtable with a lot of seats; each seat populated by an accountant as in the diagram below. In reality, these accountants are not humans but software running on disparate computers on the internet. These accountants carry their own individual copy of a financial ledger being maintained by the group. This ledger, the blockchain, is a set of ordered pages (also known as blocks) with each page containing user transactions. The role of PBFT is to ensure that books carried by the accountants stay synced up with each other and that there always is a single authoritative version of the book. One accountant is selected as a leader, and its role is to collate user transactions, package them up in a page, sign the page digitally and propose that the page is added to the ledgers of the other accountants. Accountants have communication channels open with each other. Other accountants receive the proposed page, verify the veracity of the accounting in it; sign and broadcast affirmative votes provided the accounting is correct. Once an affirmative quorum of ⅔ of the accountants is reached, the leader collects the affirmative votes and proposes the next page. The next page can contain proof that the previous page had sufficient affirmations. When the PBFT leader becomes unavailable, a new leader can be elected. This is the basic mechanism of updating the ledger — by the slow addition of pages containing user transactions, each page requiring a roundtable voting cycle.
The beauty of PBFT is that it tolerates up to ⅓ of the accountants, including the leader, to be actively malicious. Below this threshold, actively malicious accountants cannot create invalid ledgers, and ledger users are safe against their malicious behavior. Another powerful property is that pages, once added to the ledger, are final and cannot be reversed. This is in contrast to Bitcoin where blocks added to the blockchain, can be replaced by new ones provided a sufficient number of miners actively work towards such an outcome. Finally, the system naturally has a few orders of magnitude lower operating costs per transaction as compared to Bitcoin.
Therefore, PBFT and its derivatives were the perfect building block for consortium blockchains. Consortia are able to select a set of its own members to run the accountants on their individual infrastructures, and be able to deliver a financial ledger to consortium users. Many permissioned blockchain projects, such as Hyperledger Fabric, Symbiont etc. have taken similar paths. One of the earliest permissioned ledger companies was Monax (previously called Eris Industries). Monax wanted to build a permissioned version of the Ethereum Virtual Machine and looked to replace Proof-of-Work with something more suitable. They discovered Tendermint in 2014 and became its first real user. So a short aside is that Tendermint has seen considerable usage among consortium blockchains for many years.
But let’s get back to the topic of cryptocurrency networks. The design we described does not work to build a cryptocurrency for it is infeasible to agree on a definitive set of accountants for a distributed, mutually untrusting, cryptocurrency community. In other words, we needed a mechanism that could allow anyone to spin up an accounting server, and be able to join the accounting set of a PBFT based cryptocurrency.
A second key insight paved the way forward. Let’s first state the equivalent idea, in the world of human relationships. In situations where we need to trust other people/counterparties to behave well, security deposits are often instituted to guarantee good behavior. For example, in order to let an apartment, a landlord asks for financial value to be put into escrow. If the renter misbehaves, say by trashing some equipment in the apartment, the landlord has the recourse of using the escrowed financial value to make themselves whole. The act of putting financial value in escrow, with the threat of never receiving it back, creates economic incentives for good behavior for the renter.
The original Tendermint paper from 2014 applied the same dynamic to the scenario of sourcing accountants from a cryptocurrency community at large. Let’s say we had a cryptocurrency token at our disposal for escrow. Could we source a diverse group of accountants by requiring prospective accountants to place security deposits, in the form of this token, into escrow on the cryptocurrency ledger itself? Further, could one punish these accountants by destroying their security deposits if they misbehaved? Both of these have been demonstrated possible in a beautiful application of economic incentive design.
The Cosmos Hub has Atoms, with a starting supply of around 220 million, as its internal token. Accounts and Atom balances of the accounts are maintained in the ledger (the blockchain) of the Cosmos Hub. In order to select the accountants that would maintain the ledger, an option is created for any account holder to post its Atom balances as a security deposit and become an accountant for the ledger. Witness the beautiful circularity in the design: One has a ledger of Atom balances; particular holders of Atom balances are able to (voluntarily) use those balances as security deposits and become accountants; and the set of accountants chosen thus maintain and update the ledger. This is how the fundamental problem of selecting a group of accountants for PBFT flavored consensus algorithms was resolved in the Tendermint paper from 2014.
Of course, different accountants will post different amounts of security deposits. Those posting larger security deposits (like 10 million Atoms) have greater value at stake than those supplying smaller security deposits (like 1 million Atoms). If both these parties were to have an equal say in deciding which pages get added to the ledger; then there would be an enormous incentive for the larger security deposit accountant to split their deposit into smaller amounts, and get a bigger say. The only logical conclusion, therefore, is for the say, or voting power, of each accountant to be proportional to the security deposit posted by them.
Security bonds solved a separate, titanically important, problem in the cryptocurrency space — the problem of how to punish accountants for their misbehavior. Systems, prior to early Tendermint, had relied on attracting a set of accountants (miners) via the promise of inflationary rewards. One can think of these block rewards as a carrot — individual miners ran accounting systems for cryptocurrency in the expectation of inflationary rewards in the native tokens of the networks. In 2014, the Bitcoin system printed new bitcoin, worth $400 million plus, and awarded them to its set of functional accountants in 2014 — the Bitcoin miners. However, Bitcoin has no mechanism to actively punish a miner if they try to, say, include a fraudulent transaction in the network. Bitcoin possesses only carrots but no sticks!
Tendermint based cryptocurrencies including Atoms, however, institute mechanisms to punish misbehaving accountants — destroy part of their security bonds! It also rewards accountants the same way as Bitcoin, by inflating the token supply and distributing inflated tokens to the accountant set. This might seem like an innocuous difference, but it will become a centerpiece in our later blogs.
For example, one of the ways an accountant can misbehave is to attempt to vote twice, for two different pages, to be added at the same place in the ledger. Unlike a normal voting system, there is no central party like the Government to ensure that an accountant votes only once. Accountants are able to place two contradictory votes when two leaders propose pages concurrently. The ability to punish accountants is critical to disincentive such behavior. Other misbehaviors include the inclusion of invalid transactions in pages proposed by an accountant and being offline for extended durations of time. Each of these misbehaviors attracts penalties of varying amounts.
This unique combination of security bonds for accountants, and the need for accountants to run open source software to maintain the blockchain created a new role, and a business opportunity. This new economic opportunity is to build infrastructure in order to be a validator — a party that supplies security bonds, and operates infrastructure to maintain different Tendermint blockchains as an accountant. Chorus One is one of those accountants: a validator for the Cosmos Hub.
This means that, if the Chorus accountant were to misbehave in any way, the firm stands to lose a significant amount of capital. Misbehavior can occur due to configuration faults, external attacks or rogue insiders. The difficulty of running a validator stems from the need to build a secure system that can ward off these different attack vectors through an intelligent design. We summarized part of our design, that leads us to be confident enough to post a large security bond, in this article.
The concept of a validator has existed since 2014 — it has taken half a decade to go from theory to practice to commercial business opportunity! The passage of time has introduced a new role in cryptocurrency systems based on Tendermint — the delegator. The fundamental issue that emerged with validation, is the disjointedness between the set of parties capable of running a validator; and the set of parties that held atoms. For instance, a hedge fund might hold millions of Atoms, but be unwilling to run validation infrastructure since it is not their core competency. Tendermint based cryptocurrency systems, including the Cosmos Hub, solve this problem by allowing accounts to delegate, or transfer, their voting power to other parties running a validator. Rewards from running the validator, are then split between delegators and validators. You can find out more about the validation-delegation relationship here.
In this article, we’ve covered the 3 keys ideas that Jae Kwon presented as a vision in 2014 — the decision to build a PBFT-inspired cryptocurrency design, the usage of security bonds to adapt the consensus mechanisms to a cryptocurrency setting, and the wholesale creation of the validation/delegation ecosystem.
It has been a long journey to go from ideation to a practical working system. The reward of the Tendermint design is a cryptocurrency ledger design (plus open source implementation) with low operating costs that can process hundreds of transactions a second. This in itself is a big contribution to the blockchain ecosystem.
But, the true revolutionary implications of the design are still to follow! In the next article, we will cover the business opportunities presented by application-specific blockchains. Someday in the future, the implementation of shared security or sortition security networks with the Atoms as a base currency will also be presented. All of these are key to understanding the opportunities in the Cosmos ecosystem. Stay tuned, and let us know your questions.
If you want to discuss Cosmos further, stop by our Chorus One Telegram and say hi. And, of course, we’re happy to answer any questions about delegating to Chorus One.
