Introducing Chorus One’s latest post on ethresear.ch

Today, our research team published a study on ethresear.ch, delving into the impact of latency (time) on MEV extraction. More specifically, we demonstrate the costs associated with introducing artificial latency within a PBS (Proposer-Builder Separation) framework. Additionally, we present findings from Adagio, an empirical study that explores the implications of latency optimization aimed at maximizing MEV capture.

In late August 2023, we launched Adagio, a latency-optimized setup on the Ethereum mainnet. The primary objective was to collect actionable data ethically, with minimal disruptions to the network.  Until this point, Adagio has not been a client-facing product, but an internal research initiative running on approximately 100 self-funded validators. We initially shared ongoing results of the Adagio pilot in our Q3 Quarterly Insights report  in October.

In alignment with our commitment to operational honesty and rational competition, this study discloses the full results of Adagio, alongside an extensive discussion of node operator incentives and potential adverse knock-on effects on the Ethereum network. As pioneers in MEV research, our primary objective is to address and mitigate existing competitive dynamics by offering a detailed analysis backed by proprietary data from our study, which will be explored further in the subsequent sections of this article.

This article offers a top-level summary of our study, contextualizing it within the ongoing Ethereum community dialogue on ethically optimizing MEV performance. We dive into the key findings of the study, highlighting significant observations and results. Central to our discussion is the exploration of the outcomes tied to the implementation of the Adagio setup, which demonstrates an overarching boost in MEV capture.

‍Ultimately, we recognise that node operators are compelled and incentivised to employ latency optimization as a matter of strategic necessity. As more operators take advantage of this inefficiency, they set a higher standard for returns, making it easier for investors to choose setups that use latency optimization.

This creates a cycle where the use of latency optimization becomes a standard practice, putting pressure on operators who are hesitant to join in. In the end, the competitive advantage of a node operator is determined by their willingness to exploit this systematic inefficiency in the system.

Additionally, we demonstrate that the parameters set by our Adagio setup corresponds to an Annual Percentage Rate (APR) that is 1.58% higher than the vanilla (standard) case, with a range from 1.30% to 3.09%. Insights into these parameters are provided below, with additional clarity available in the original post. ‍

‍‍

A Note on the Wider Conversation on Timing Games

Let’s preface this section with the phrase - Right Place at the Right Time.

Delightfully analogous to the quote above, we’re adding further insights to the overarching discourse on the implication of latency optimization (i.e, a strategy where block proposers intentionally delay the publication of their block for as long as possible to maximize MEV capture) when it has become a burning topic within the Ethereum community, drawing increased attention from various stakeholders concerned about its network implications.

Yet, despite its growing significance, there has been a noticeable lack of empirical research on this subject. As pioneers in MEV research, we've been investigating this concept for over a year, incorporating latency optimization as one of our MEV strategies from the outset. Now, we're proud to contribute to the ongoing discussions and scrutinize the most significant claims with robust, evidence-based research.

‍‍

Why did we undertake this effort?

In a previous article about Chorus One’s approach to MEV, we emphasized the importance of exploring the dynamics between builders, relays, and validators with the dimension of time.

Our focus on how latency optimization can profoundly influence MEV performance remains unchanged. However, we've identified a crucial gap in empirical data supporting this concept. Compounding this issue, various actors have advocated for methods to increase MEV extraction without rigorous analysis, resulting in inflated values based on biased assumptions. Recognizing the serious consequences this scenario poses in terms of centralization pressure, we now find it imperative to conduct a deep dive into this complex scenario.

Our strategy involves implementing a setup tailored to collect actionable data through self-funded validators in an ethical manner, ensuring minimal disruptions to the network. This initiative is geared toward addressing the existing gap in empirical research and offering a more nuanced understanding of the implications of latency optimization in the MEV domain.

‍‍

Key objectives

The key objectives of this research is three-fold, including:

1. To describe the auction dynamics that give rise to latency strategies, and the associated externalities imposed on the Ethereum network
2. To demonstrate practical results for maximizing MEV extraction through our Adagio setup
3. To initiate a constructive discussion, contributing to an informed decision by the community.

In the following section, we will present a comprehensive overview of the three most pivotal and relevant observations from the study, and as promised earlier, we will also delve into the results of Adagio.

‍

Observations

1. PBS dynamics, and the MEV-Boost auction

‍

‍Context: First, we delve into PBS inefficiencies and MEV returns. ‍

Here, we explore the inefficiencies in the Proposer-Builder Separation (PBS) framework, showing how timing in auctions can be strategically exploited to generate consistent, excess MEV returns.

Additionally, we demonstrate how all client-facing node operators are incentivized to compete for latency-optimized MEV capture, irrespective of their voting power.

‍

‍Key Finding: Latency optimization is beneficial for all client-facing node operators, irrespective of their size or voting power.

Using an empirical framework to estimate the potential yearly excess returns for validators who optimize for latency considering factors like the frequency of MEV opportunities, network conditions, and different latency strategies, our results indicate that node operators with different voting powers have varying levels of predictability in their MEV increases.

The above figure demonstrates that higher voting power tends to result in more predictable returns, while lower voting power introduces more variance. The median weekly MEV reward increase is around 5.47% for a node operator with 13% voting power and 5.11% for a node operator with 1% voting power.

The implication here is that big and small node operators cater to different utilities of their clients (delegators) because they operate at different levels of risk and reward. As a result, optimizing for latency is beneficial for both small and large node operators. In simpler terms, regardless of their size, node operators could consider optimizing latency to better serve their clients and enhance their overall performance.

As we look at a longer timeframe, the variability in rewards for any voting power profile is expected to decrease due to statistical principles. This means that rewards are likely to cluster around the 5% mark, regardless of the size of the node operator.

In practical terms, if execution layer rewards make up 30% of the total rewards, adopting a latency-aware strategy can boost the Annual Percentage Rate (APR) from 4.2% to 4.27%. This represents a noteworthy 1.67% increase in overall APR. Therefore, this presents a significant opportunity, encouraging node operators to adopt strategies that consider and optimize for latency.

‍

2. The cost of artificial latency

‍

Context: Second, we discuss the costs of introducing artificial delays, explaining how it increases MEV rewards but at the expense of subsequent proposers.

‍

Key Finding: MEV tends to benefit node operators with higher voting power, giving them more stable returns. When these operators engage in strategic latency tactics, it can increase centralization risks and potentially raise gas cost and faster burnt ETH for the next proposer..

While sophisticated validators benefit from optimized MEV capture with artificial latency, the broader impact results in increased gas costs and a faster burning of ETH for the next proposers. The Ethereum network aims to maximize decentralization by encouraging hobbyists to run validators, but the outlined risks disproportionately affect solo validators. Below, we demonstrate that these downside risks are significant in scale, and disproportionately impact solo validators.

Figure 2 illustrates that introducing artificial latency increases the percentage of ETH burned, potentially reducing final rewards. Even a small increase in burnt ETH can significantly decrease rewards, especially for smaller node operators who are chosen less frequently to propose blocks. The negative impact is most significant for solo validators, making them less competitive on overall APR and subject to greater income variability. Large node operators playing timing games benefit from comparatively higher APR at lower variance to the detriment of other operators.

MEV tends to benefit node operators with higher voting power, giving them more stable returns. When these operators engage in strategic latency tactics, it can increase centralization risks and potentially raise gas fees for the entire Ethereum network. Moreover, larger node operators, due to their size, have access to more data, giving them an edge in testing strategies and optimizing latency.

In this scenario, node operators find it necessary to optimize for latency to stay competitive. As more operators adopt these strategies, it becomes a standard practice, creating a cycle where those hesitant to participate face increasing pressure. This results in an environment where a node operator's success is tied to its willingness to exploit systematic inefficiencies in the process.

‍

3. Empirical results from the Adagio pilot

‍

Context: In late August 2023, Chorus One  launched a latency-optimized setup — internally dubbed Adagio — on Ethereum mainnet.

Its goal was to gather actionable data in a sane manner, minimizing any potential disruptions to the network. Until this point, Adagio has not been a client-facing product, but an internal research initiative running on approximately 100 self-funded validators. We are committed to both operational honesty and rational competition, and therefore disclose our findings via this study.

In simple terms, this section analyzes the outcomes of our Adagio pilot, focusing on how different relay configurations affect the timing of bid selection and eligibility in the MEV-Boost auction.

Our pilot comprises four distinct setups, each representing a variable (i.e. a relay) in our experiment:The Benchmark Setup, The Aggressive Setup, The Normal Setup, and the Moderate Setup.

‍

Key Findings: The results of this pilot indicate that the timing strategies opted by node operators used within relay operations have a significant impact on how competitive they are.

The aggressive setup, in particular, allows non-optimistic relays to perform similarly to optimistic ones. This means that certain relays can only effectively compete if they introduce an artificial delay.

In extreme cases, a relay might not be competitive on its own, but because it captures exclusive order flow, node operators might intentionally introduce an artificial delay when querying it or might choose not to use it at all. Essentially, these timing strategies play a crucial role in determining how relays can effectively participate and compete in the overall system.

These results offer valuable insights into how strategically introducing latency within the relay infrastructure can impact the overall effectiveness and competition in the MEV-Boost auction. The goal is to level the playing field among different relays by customizing their latency parameters.

The above graph displays the eligibility time of winning bids in the Adagio pilot compared to the broader network distribution. As expected, Adagio selects bids that become eligible later with respect to the network distribution. Notably, our setup always selects bids eligible before 1s, reducing the risks of missed slots and increased number of forks for the network.  

Finally, it’s worth mentioning that our results indicate that certain setups are more favorable to winning bids. This opens up the possibility for relays adopting latency optimization to impact their submission rate.

‍

Implications on overall MEV increase by adopting the Adagio setup

Bringing together the data on latency optimization payoff and the results of our Adagio pilot allows us to quantify the expected annual increase of validator-side MEV returns.

The simulation results presented in Fig. 4 show that, on average, there is a 4.75% increase in MEV extracted per block, with a range from 3.92% to 9.27%. This corresponds to an Annual Percentage Rate (APR) that is 1.58% higher than the vanilla (standard) case, with a range from 1.30% to 3.09%.

The increased variability in the range is mainly due to the limited voting power in the pilot, but some of it is also caused by fluctuations in bid eligibility times. The observed median value is 5% lower than the theoretically projected value. To address this difference, the approach will be updated to minimize variance in bid selections and keep eligibility times below the 950ms threshold.

‍

Key Takeaways

Let’s take a moment to consolidate the key takeaways derived from our study and the Adagio setup.

1. Latency optimization is beneficial for all client-facing node operators, irrespective of their size or voting power because they serve different utilities for their delegators.

2. MEV tends to benefit node operators with higher voting power, giving them more stable returns. When these operators engage in strategic latency tactics, it can increase centralization risks and potentially raise gas fees for the entire Ethereum network. In this scenario, node operators find it necessary to optimize for latency to remain competitive. As more operators adopt these strategies, it becomes a standard practice, creating a cycle where those hesitant to participate face increasing pressure. This results in an environment where a node operator's success is tied to its willingness to exploit systematic inefficiencies in the process.

3. Timing strategies used within relay operations have a significant impact on how competitive they are. While a relay might not be competitive on its own, introducing an artificial delay when querying it or choosing not to use it at all (by node operators) can play a crucial role in determining how relays can effectively participate and compete in the overall system. And strategically implemented timing strategies, like those used in our Adagio pilot, can invariably lead to an increase in additional MEV captured.

‍

Chorus One’s MEV Work and Achievements

Since inception, Chorus One has recognised the importance of MEV and spearheaded the exploration of the concept within the industry. From establishing robust MEV policies and strategies, receiving a grant from dYdX for investigating MEV in the context of the dYdX Chain to conducting empirical studies that investigate the practical implications of factors influencing MEV returns, we've consistently taken a pioneering role. Our dedication revolves around enhancing the general understanding of MEV through rational, honest, and practical methods.

For comprehensive details about our MEV policies, work, and achievements, please visit our MEV page.

‍

‍Reach out!

If you’d like to learn more, have questions, or would like to get in touch with our research team, please reach out to us at research@chorus.one.

If you want to learn more about our staking services, or would like to get started, please reach out at staking@chorus.one

‍

About Chorus One ‍

Chorus One is one of the biggest institutional staking providers globally operating infrastructure for 45+ Proof-of-Stake networks including Ethereum, Cosmos, Solana, Avalanche, and Near amongst others. Since 2018, we have been at the forefront of the PoS industry and now offer easy enterprise-grade staking solutions, industry-leading research, and also invest in some of the most cutting-edge protocols through Chorus Ventures.

• This is an excerpt from our Q3 Quarterly Insights report - https://chorus.one/reports-research/quarterly-network-insights-q3-2023-2024

‍

People like to say that those who cannot remember the past are condemned to repeat it. However, sometimes forgetting the past is a deliberate choice: an invitation to build on completely new grounds, a bet that enables a different future.

All bets have consequences. Specifically in crypto, many of t hese consequences are so material t hat t hey become hard to comprehend: hundred-million dollar exploit after exploit, billions vanishing in thin air... In its relatively short history, Ethereum has made many bets when deciding what the optimal protocol looks like. One such gamble was the decision to not enshrine native delegation into their Proof-of-Stake protocol layer.

Before the Merge, the standard PoS implementation was some sort of DPoS (Delegated Proof-of-Stake). The likes of Solana and Cosmos had already cemented some of the ground work, with features like voting and delegation mechanisms becoming the norm. Ethereum departed from this by opting for a purePoS design philosophy.

The thought-process here had to do with simplicity but even above this, the goal was to force individual staking for a more resilient network: resilient to capture and resilient to third-party influence, whether in the form of companies or nation states.

How successful have these ideas been? We could write ad infinitum about the value of decentralization, creating strong social layers and any other such platitudes, but we believe there’s more weight in real arguments. In this analysis we want to expand on the concepts and current state of the liquid staking market and what it actually means for the future of Ethereum. Also, we talk about the role of Lido and other LST protocols such as Stakewise in this market.

‍

About derivatives and Liquid Staking

If t ere’s some hing that history has shown us is that derivatives can strengthen markets. This is true of traditional commodities where the underlying asset is difficult or impossible to trade, like oil, or even mature financial instruments, like a single stock becoming a complicated index. In fact, the growth in the use of derivatives has led to exponential growth in the total volume of contracts in our economy.

It is common as well that in most markets, the volume of derivatives greatly surpasses the spot, providing significant opportunities across a large design space. It might sound familiar (and we will get to crypto in a moment), but this open-design space has posed major challenges for risk-management practices in the already mature traditional finance, in areas such as regulation and supervision of the mechanisms, and monetary policy.

Liquid tokens are one of the first derivative primitives developed solely for the crypto markets, and have greatly inherited from their predecessors. When designing these products in the context of our industry, one has to account not only for the protocol-specific interactions, but also the terms of regulation (from the internal governance mechanisms and also in the legal sense), fluctuating market dynamics and increasingly sophisticated trading stakeholders.

Let ’s review some of Ethereum’s design choices, and how they fit into t his idea. Ethereum has enforced some pretty intense protocol restrictions on staked assets, famously their 32ETH requirement per validator and lack of native delegation. Game theory has a notoriously difficult reputation in distributed systems design. Mechanisms for incentivizing or disincentivizing any behavior will typically almost always have negative externalities.

Also, on-chain restrictions tend to be quite futile. In our last edition, we discussed some effects that can be observed in assets that resemble “money ”, like the token markets of LSTs, including network effects and power law distributions. But now we want to go deeper and consider, why is Liquid Staking so big in Ethereum and not other chains?

We observe a clear relationship between the existence of a native delegation mechanism and the slower adoption of Liquid Staking protocols. In that sense, other chains have enshrined DPoS, which makes it significantly less likely to result in high-adoption or a similar dynamic, whilst Ethereum has found it self increasingly growing in that direction.

We observe the results of the restrictions imposed at the protocol level. The network *allows* stake to be managed by individual actors, but there is no way to prevent aggregation or pooling. No matter how many incentives you create for the behavior on-chain to be as observable and maximally auditable as possible, the reality is that as it stands, the effect is never auditable.

‍

stETH and alternatives

At the time of writing this analysis, Lido has managed to concentrate 31.76% of the market share for staking in Ethereum under its signature token stETH. This is an out standing figure, not only in absolute terms but also relative to its position in the Liquid Staking market, where it controls an extraordinary ~80%, with close to 167,000 unique depositors on their public smart contracts. It is, by a margin, the largest protocol in crypto by Total Value Locked.

A big issue with TVL is that it is heavily dependent on crypto prices. In the case of Lido, we actually observe that the inflow charts show a constant growing trend from protocol launch to the present day. This is independent from the decreased crypto prices, minimal transaction output on-chain and t e consequent inferior returns on the asset, with an APR that moves in between 3.2 and 3.6% on the average day. This is of course, below the network average for vanilla nodes considering the protocol takes a 10% cut from staking rewards, divided between the DAO and its 38 permissioned Node Operators.

Recently, there’s been heated debate related to the position and surface of Lido inside Ethereum, as it relates to decentralization concerns and a specific number that constantly pops up. What is this 33.3% we keep hearing about ?

There are two important thresholds related to PoS, the first one being t his 33.3 percent number; which in practical terms means that if an attacker could take control of that surface of the network they would be able to prevent it from finalizing... at least during a period of time. This is a progressive issue with more questions than answers: what if a protocol controls 51% of all stake? How about 100%?

Before diving into some arguments, it is interesting to contextualize liquid ETH derivatives as they compare to native ETH. In the derivatives market, the instrument allows the unbundling of various risks affecting the value of an underlying asset. LSTs such as stETH combine pooling and some pseudo-delegation, and although this delegation is probably the main catalyst of high adoption, it is the pooling effect that has a huge effect on decentralization. As slashing risk is socialized, it turns operator selection into a highly opinionated activity.

Another common use of derivatives is leveraged position-taking, in a way the opposite of the previous one that is more focused on hedging risk. This makes an interesting case for the growth of stETH, as in a way its liquidity and yielding capabilities are augmenting native ETH’s utility. There is no reason you cannot, for example, take leveraged positions in a liquid token and enjoy both sources of revenue. At least, this is true of the likes of stETH which have found almost complete DeFi integration. As long as they are two distinct assets, one could see more value accrual going to derivatives, which is consistent with traditional markets.

This growth spurt is an interesting subject of study by itself, but we think it would be also possible to identify growth catalysts, and also apply them across the industry, to discover where some other undervalued protocols might exist if any. For this, you would want to identify when the protocol had growth spurts, find out which events led to that and search for these catalysts in other protocols.

One such example comes when protocols become liquid enough to be accessible to bigger players.

What would happen if we addressed so-called centralization vectors, and revisited the in-protocol delegation. Or more realistically, if we had the chance to reduce the pooling effect and allowed the market to decide the distributions of stake, for example, by having one LST per node operator.

Alternatives like Stakewise have been building in that design space to create a completely new staking experience, one that takes into account the past.

In particular, Stakewise V3 has a modular designt hat mimics network modularity, against more monolithic LST protocols. For instance, it allows stakers the freedom to selectt heir own validator, rather than enforcing socialized pooling. The protocol also helps mitigate some slashing risk, as losses can be easily confined to a single “vault”. Each staker receives a proportional amount of Vault Liquid Tokens (VLT) in return for depositing in a specific vault, which they can then mint into osETH, the traded liquid staking derivative.

Although not without its complexities, it offers an alternative to the opinionated nature of permissioned protocols like Lido, in an industry where only a better product can go face to face with the incumbent.

‍

A view into the future

If you design a system where the people with the most stake enforce the rules and there is an incentive for that stake to consolidate, there’s something to be said about those rules. However, can we really make the claim that t here’s some inherent flaw in the design?

One of the points that get brought up is in the selection of the protocol participants. However, a more decentralized mechanism for choosing node operators can actually have the unintended result of greater centralization of stake. We need only to look at simple DPoS, which counts into its severe shortcomings a generally poor delegate selection with very top heavy stake delegation and capital inefficiency.

Another issue has to do with enforcing limits on Liquid Staking protocols, or asking them to self limit in the name of some reported values. This paternalistic attitude punishes successful products in the crypto ecosystem, while simultaneously asserting the largest group of stake in a PoS system is not representative of the system. Users have shown with their actions that even with LST or even DPoS downsides (all kinds of risk, superlinear penalty scaling) this is still prefered to the alternative of taking on technical complexity.

An underlying problem exists in the beliefs that control a lot of Ethereum’s design decisions, meaning that all value should accrue to just ETH and no other token can be generating value on the base layer. This taxation is something that we should be wary of, as it is very pervasive in the technocracies and other systems we stand separate to. Applications on Ethereum have to be allowed to also generate revenue.

Ultimately, the debate about Lido controlling high levels of stake does seem to be an optics issue, and not an immediate threat to Ethereum. Moreover, it is the symptom of a thriving economy, which we have observed when compared to the traditional derivatives market.

Ethereum’s co-founder, Vitalik Buterin, recently wrote an article out lining some changes that could be applied to protocol and staking pools to improve decentralization. There he outlines the ways in which the delegator role can be made more meaningful, especially in regards to pool selection. This would allow immediate effects in the voting tools within pools, more competition between pools and also some level of enshrined delegation, whilst maintaining the philosophy of high-level minimum viable enshrinement in the network and the value of the decentralized blockspace that is Ethereum’s prime product. At least, this looks like a way forward. Let ’s see if it succeeds in creating an alternative, or if we will continue to replicate the same faulty systems of our recent financial history.

‍

About Chorus One

Chorus One is one of the biggest institutional staking providers globally operating infrastructure for 45+ Proof-of-Stake networks including Ethereum, Cosmos, Solana, Avalanche, and Near amongst others. Since 2018, we have been at the forefront of the PoS industry and now offer easy enterprise-grade staking solutions, industry-leading research, and also invest in some of the most cutting-edge protocols through Chorus Ventures.

Introduction

Web3 founders face a crucial decision when deciding to launch their product. If they want to avoid the layer 2 option due to concerns surrounding centralized sequencers and multisig bridges, they must choose between two main paths: developing their product as a smart contract and deploying it on an existing Layer 1 blockchain, or taking the ambitious route of creating their own blockchain from scratch. The former option comes with different advantages, notably removing the complexities of infrastructure management, ensuring a decentralized foundation, and leveraging the network effect inherent in the underlying blockchain.

Yet, opting for a smart contract deployment is not without tradeoffs. It leads to a competition for block space, resulting in a worse user experience characterized by inflated gas costs and transaction fees, coupled with an impact on transaction executions. The immutability of smart contracts can also be restrictive, offering little flexibility for the protocol in the case of critical bugs or hacks. The smart contract approach also lacks sovereignty, as the protocol will be subject to the rules of the hosting blockchain.

One solution that has gained popularity in the last two years to address the challenges of the smart contract approach is the appchain thesis, which was pioneered by Cosmos and followed by Polkadot. The idea behind this model is to build a dedicated blockchain for one application. Compared to the smart-contract solution, this model offers sovereignty and full customizability from the blockchain to the application. It also enhances performance and scalability since the application has its own blockspace. This leads to increased opportunities for the token to capture value, such as MEV, as Osmosis does, in addition to capturing other network fees.

Certainly, this solution involves several important factors to consider. It requires the management of the chain's infrastructure, ensuring its own security, attracting validators, and designing a tokenomics model that aligns the interests of validators, stakers, and app users.

What if we could easily launch an application, similar to deploying a smart contract, and gain the benefits of an appchain, all without any initial investment or extensive effort? This is exactly what Saga's value proposition is about.

‍

Saga’s value proposition and architecture

The Saga protocol functions like application-specific blockchains as a service. In other words, Saga is a blockchain used to easily launch other blockchains, called “Chainlets” in the Saga ecosystem. Chainlets are secured by the Saga blockchain and its validators through a mechanism called Interchain Security, a well-known shared-security system in Cosmos.

Interchain security means that one blockchain, in this case Saga, acts as a provider of security for other blockchains, in this case the Chainlets. As a result, the Chainlets inherit the benefits of running a Cosmos SDK appchain but outsource their block validation and validator set to Saga.

Therefore, a Chainlet is a sovereign blockchain that has the same level of security and decentralization as Saga.

Saga introduces an easy, decentralized, and secure approach to deploying application-specific blockchains. This solution also grants developers the autonomy to choose their preferred Virtual Machine (VM), with initial support for the Ethereum Virtual Machine (EVM).

In the long run, Chainlets aims to be VM agnostic, which means that developers would have the flexibility to choose from a variety of virtual machines, including the EVM, CosmWasm, or the Javascript VM for example.

‍

‍

How to launch its own Chainlet?

The way Chainlets are created differs slightly from what we can observe on the Cosmos Hub when launching consumer chains with Replicated Security. In contrast to the Cosmos Hub, the launch of a Chainlet with Saga is entirely permissionless.

Developers only need to have SAGA tokens to pay for setting up and maintaining their Chainlet. This is similar to services offered by Amazon Web Services and other SaaS platforms, except that here the subscription fee is paid in SAGA tokens to create and maintain a Chainlet.

This means that once the fee is paid, the role of Saga validators is to set up and run the infrastructure for a Chainlet, similar to how Cosmos Hub validators also operate the infrastructure of the consumer chains.

To launch a Chainlet, a developer is required to allocate funds to an escrow account using SAGA tokens. This escrow account can be pre-funded to any desired amount and works like a prepaid service to cover the costs associated with the Chainlet. If the deposited fee is depleted, the Chainlet goes offline until the developer deposits more SAGA in the account. The fee is determined per epoch, where one epoch lasts approximately one day.

Diverse methods could be used for funding the escrow account with SAGA tokens:

1. Directly fund the account with SAGA tokens
2. Stake SAGA with the escrow account to cover the fee through staking rewards
3. Allow sponsors, communities and DAOs to pay the fee
4. Implement an IBC mechanism to seamlessly convert any crypto into SAGA and pay for the fee

This subscription fee is determined by the Saga validator set. Before the start of a new epoch, each Saga validator submits the fee they would like to receive for running a Chainlet. These bids are then locked before the start of the next epoch, and a Musical Chair Auction begins.

The Musical Chair Auction is a process that aims to establish a universal price for running a Chainlet. In this context, each validator presents their bid, and only the w validators with the lowest prices are included in the 'Winning Set'. The remaining validators with higher bids constitute the 'Losing Set'.

The final cost of running a Chainlet is determined by the highest bid within the Winning Set. This implies that the validator with the highest bid in the Winning Set gets its desired price, while other validators within the Winning Set not only secure their desired price but also receive an additional margin on their bid.

The price that developers will have to pay for Saga validators to run a Chainlet is:

Pricerun chainlet = max(BidWinning Set )Number ValidatorsSaga  

‍

‍

To prevent collusion or Sybil attacks related to the Winning and Losing Set, the count of validators within this set must be large enough to make controlling the Winning Set challenging. According to the Saga team, this number should range between 75% and 85% of the participants in the Musical Chair Auction.

However, the Musical Chair Auction is not riskless for a validator. In fact, the mechanism is designed to incentivize validators to submit bids as low as possible, rewarding validators within the Winning Set, while penalizing those in the Losing Set.

A possible way for the team to handle punishment is to treat it like validator downtime: validators who are down for a certain period get a minor slash and are jailed (removed from the active set). Validators who lose the auction too often in a given period could also be minorly slashed and jailed.

Hence, the SAGA token has multiple use cases: it is used as a subscription fee to keep the Chainlet alive and to reward the validators for running the infrastructure. In this case, there is a 1:1 relationship between costs and revenues with the auction system. We can also think about having pools of validators that share the cost, with validators only running some Chainlets and not others, to improve scalability.

Saga and its Chainlets introduce an interesting token structure, as gas fees are not explicitly collected from end users. Within a Chainlet, gas fees can be paid using Saga, the developer’s own Chainlet token, no tokens at all (gasless transactions), or even other tokens such as ETH or USDC.

It's worth noting that gas fees generated within a specific Chainlet are directed to a wallet managed by the developer. This confers a high degree of flexibility to the Chainlet and its team in determining their preferred monetization approach.

Consequently, with Chainlets, developers benefit from predictable and low costs, an easy process for deploying their blockchains, and the capacity to horizontally scale applications. While Chainlets inherit security from Saga, there exists a method for a Chainlet to also leverage and inherit Ethereum's security using the Saga stack. Let’s delve into this aspect in the following section.

‍‍

Zoom on a specific type of Chainlets: Ethlets

Saga Ethlet is a new Ethereum scaling solution that combines the best attributes from appchains, rollups, and validiums into a single product. Launching an Ethlet will be as easy as launching a Chainlet: with one click, an Ethlet can be created and inherit Ethereum's security.

How does this mechanism work? Ethlets work with three essential components: Data Availability, State Hash Commitment, and Fraud Proof.

At the end of each epoch (~ 1 day), blocks produced during that time frame are batched, forming the 'batched epoch'. A new epoch referred to as the 'challenge period' then begins. During this challenge period, Saga’s validators can use a fraud-proof mechanism (optimistic ZK or interactive) that enables the identification of any fraudulent transactions or state transitions that might occur within the blocks from the batched epoch. If, by the end of the challenge period, no fraud-proof has been presented, the state hash of the previous batched epoch is committed to Ethereum, and therefore, this committed state inherits the security of Ethereum.

This implies that there is a one-epoch delay for a state hash to be committed to Ethereum and inherit its security. However, it's important to note that blocks inherit Saga’s security even before being committed to Ethereum.

‍

Finally, Saga will be used as a Data Availability layer, similar to a validium, to avoid the high Data Availability costs of Ethereum. An Ethlet thus achieves fast finality through Tendermint, facilitates rapid bridging, and leverages the advantages of IBC. This approach ensures cost-effectiveness while also inheriting Ethereum's security.

‍

Conclusion

Saga offers any developer the ability to easily launch their application as a Chainlet and inherit Saga’s mainnet level of security and decentralization from the start. By choosing this option, the application will benefit from its dedicated blockspace, and the team will gain more control over the blockchain and the application layers compared to launching as a smart contract. If the developer choses, they can upgrade a Chainlet into an Ethlet and gain the benefits of Ethereum Security.

Saga is initially focused on gaming and entertainment chains, as we can notice from their partnerships. Gaming applications are one of the fastest-growing sectors in web3, and a gaming project, such as a video game, needs its own dedicated scalable blockchain capable of supporting high transaction volumes – exactly what Saga is offering and what Chainlets based on the Cosmos SDK can provide. As web3 gaming and entertainment continue to grow and the demand for scalable architecture for users increases, Saga presents itself as the solution to provide the necessary architecture and is confident in onboarding the next 1000 chains in the Multiverse.

‍

About Chorus One

Chorus One is one of the biggest institutional staking providers globally operating infrastructure for 40+ Proof-of-Stake networks including Ethereum, Cosmos, Solana, Avalanche, and Near amongst others. Since 2018, we have been at the forefront of the PoS industry and now offer easy enterprise-grade staking solutions, industry-leading research, and also invest in some of the most cutting-edge protocols through Chorus Ventures.

This document is a summary of a longer article — “The financialized staking economy” — published in Chorus One’s ‘Annual Staking Review’ for 2022. Click here to read the entire report.

Cryptocurrencies can be used in three kinds of yield-bearing activity. These have cumulative trust assumptions -

• Base layer: Staking income is generated by the chain itself to incentivize its liveness & security.
• Smart contract layer: Protocols run on the chain and may pay incentives for capital. At a minimum, these carry risks associated with protocol security (e.g. hacks), and protocol design (e.g. collateral management).
• Off-chain: Centralized parties may offer interest on cryptocurrency assets. Complex trust assumptions are involved here including counterparty prudence & sophistication, technical security, and legislative risk.

We believe staking yield is the most attractive risk-adjusted source of yield in crypto for two reasons:

1. Firstly, yield enabled by the base layer, i.e. staking yield, carries by far the least risk. Specifically, it does not carry significant idiosyncratic risk beyond the priced-in chain risk, as a failure for staking yield to materialize, or a reduction of the notional for an appropriately operated node would be equivalent to chain failure. There is some tail risk associated with improper operation of validator nodes (e.g. double signing, downtime), but this can be minimized by choosing a professional validator like Chorus One.
2. Secondly, it delivers competitive returns, even if compared to riskier sources of yield. For example, using Uniswap (the largest DeFi App of all) as a proxy, liquidity provisioning on Uniswap is a losing proposition for as much as 50% of users due to “impermanent risk”. A second example is Binance Earn as a stand-in for off-chain yield generation — it currently pays 4.3% on Ethereum, vs. a 7.5% staking yield! Especially in an environment with limited organic on-chain activity, staking is a very competitive source of return. If on-chain activity increases, staking yield adjusts to this, via increased transaction fees and MEV rewards. It’s a call option on on-chain activity.

Why staking is an attractive source of yield beyond crypto

Proof-of-stake ecosystems do not have an anchor in the real world. This means that the staking yield rate denoted in native terms is completely decoupled from any kind of factor in the wider economy. For staking, endogenous capital (e.g. ETH) is the only factor of production.

This is a difference to proof-of-work (PoW) systems, where electricity and hardware costs serve as an unbridgeable anchor to the real economy, directly affecting a miner’s yield rate. It is also different from most CeFi and DeFi yield sources, which depend more heavily on user activity.

The above implies that staking can be an uncorrelated yield source for two kinds of investors — those that are bullish long-term and denominate their holdings in native units, and those that are hedged against the price risk of the staked asset.

Hedging the staking yield

The token price risk may be hedged out through on- or off-chain solutions. The former case has the advantage of transparency, reflected in an improved counterparty risk assessment and iron-clad terms. With some of the largest lending desks in the space embroiled in a liquidity crisis, this is a significant factor. Validators are ideally positioned to execute on-chain hedging, as they directly interface with the staking yield source and thus no custody transfer, i.e. additional risk, is required to interface with a hedging solution.

One increasingly popular on-chain hedging solution is a “staking yield interest rate swap”. This allows validators to swap token-denominated staking yield for a stablecoin, typically USDC, locking in a stable and predictable income for a staking client. The associated risk is very minor as neither the validator nor the swap counterparty takes custody of the principal — the worst case, a counterparty default, would reduce to the price risk on the yield earned on the staked notional. Chorus One can leverage Alkimiya, the leading protocol for on-chain capital markets, to execute this type of hedge.

A second way to hedge is by using the staking yield to finance classic options-based strategies. For example, a zero-cost collar options package may incorporate the staking yield in a way that enables an asymmetric pay-off.

Chorus One is invested in & advises a range of solutions optimizing staking yield for return (i.e. MEV) and risk (i.e. hedging). Reach out to us at sales@chorus.one to learn more about how these can be tailored to fit your use case.

About Chorus One

Chorus One is one of the biggest institutional staking providers globally operating infrastructure for 35+ Proof-of-Stake networks including Ethereum, Cosmos, Solana, Avalanche, and Near amongst others. Since 2018, we have been at the forefront of the PoS industry and now offer easy enterprise-grade staking solutions, industry-leading research, and also invest in some of the most cutting-edge protocols through Chorus Ventures. We are a team of over 50 passionate individuals spread throughout the globe who believe in the transformative power of blockchain technology.

For more information, please visit chorus.one

‍

Introduction

Cosmos is steadily becoming the place to create the ultimate modular blockchain. Cosmos SDK allows developers to effortlessly roll out tailored blockchains, resulting in a flood of new projects that provide specialized settings for novel products. The goal of modular blockchains is to divide Execution, Settlement, Consensus, and Data Availability. Refer to page 19 of this report to learn more about modular vs. monolithic blockchain designs (Ethereum). As a result, we see various teams tackling the issues of each layer and creating optimal solutions and developer environments. Ultimately, developers could use these optimizations to create an application that is highly performant using such an ultimate modular blockchain. Not to mention the greater decentralization that comes with spreading your product across numerous ecosystems.

Let’s go over the problems that current ecosystems face in each layer of the modular stack, and how various quality teams are solving these issues. Please bear in mind that there are other teams that are solving these issues too, we are just exploring some.

Issues with Data Availability

It is important to explain that when a block is appended to the blockchain, each block contains a header and all the transaction data. Full nodes download and verify both, whilst light clients only download the header to optimize for speed and scalability.

Full nodes (validators) cannot be deceived because they download and validate the header as well as all transaction data, whereas light clients only download the block header and presume valid transactions (optimistic). If a block includes malicious transactions, light clients depend on full nodes to give them a fraud proof. This is because light nodes verify blocks against consensus rules, but not against transaction validity proofs. This means that a 51% attack where consensus is altered can easily trick light nodes. As node runners scale, secure methods to operate light clients would be preferable because of their reduced operational costs. If nodes are cheaper to run, decentralization also becomes easier to achieve.

The DA problem refers to how nodes can be certain that when a new block is generated, all of the data in that block is truly published to the network. The problem is that if a block producer does not disclose all of the data in a block, no one will be able to determine if a malicious transaction is concealed within that block. A reliable source of truth as a data layer is required that orders transactions as they come and checks their history. This is what Celestia does, solely optimizing the Consensus and the DA layer. This entails that Celestia is only responsible for ordering transactions and guaranteeing their data availability; this is similar to reducing consensus to atomic broadcast. This is the reason why Celestia was originally called ‘Lazy Ledger’, however, efficiently performing this job for a future with thousands of applications is no easy job. Celestia can also take care of consensus. See the different types of nodes in Celestia here.

​​Two key features of Celestia’s DA layer are data availability sampling (DAS) and Namespaced Merkle trees (NMTs). Both are innovative blockchain scalability solutions: DAS allows light nodes to validate data availability without downloading a complete block; NMTs allow Celestia’s execution and settlement layers to download transactions that are only meaningful to them. In a nutshell, Celestia allows light nodes to verify just a small set of data, that when combined with the work of other light nodes, provides a high-security guarantee that the transactions are valid. Hence, Celestia assumes that there is a minimum number of light nodes sampling the data availability layer.

“This assumption is necessary so that a full node can reconstruct an entire block from the portions of data light nodes sampled and stored.”

It is worth noting for later that these layers (DA & Consensus) are naturally decentralized and easier to have fully on-chain, as most of the work is taken on by the validators. Scaling here will ultimately depend on the consensus algorithm. ‘Rollapp’ developers will not need to assemble a validator set for their applications either.

Issues with Execution & Settlement layers

• Execution refers to the computation needed for executing transactions that change the state machine accurately.
• Settlement involves creating an environment in which execution levels can check evidence, settle fraud claims, and communicate with other execution layers.

The present web3 environment suffers from centralization in the execution and settlement layers. This is due to the fact that the on-chain tech stack severely limits an application’s functional capability. As a result, developers are forced to perform heavy computation off-chain, in a centralized manner. On-chain apps are not inherently interoperable with external systems, and they are also constrained by a particular blockchain’s storage and processing capability.

More than just a distributed blockchain database is required to create the ultimate decentralized apps. High-performance processing, data IO from/to IPFS, links to various blockchains, managed databases, and interaction with various Web2 and Web3 services are all common requirements for your application. Additionally, different types of applications require different types of execution environments that can optimize for their needs.

Blockless — Facilitating custom execution

Blockless can take advantage of Celestia’s data availability and focus to improve application development around the execution layer. Blockless provides a p2p execution framework for creating decentralized serverless apps. dApps are not limited by on-chain capacity and throughput by offloading operations from L1 to the performant, configurable execution layer offered by Blockless. With Blockless you can transfer intensive processing from a centralized cloud service platform or a blockchain to the Blockless decentralized node network using built-in functions. With the Blockless SDK, you can access any Web2 and Web3 applications as it currently supports IPFS, AWS3, Ethereum, BNB Chain, and Cosmos.

Developers using Blockless will only need to provide the serverless functions they want to implement (in any language!), as well as a manifest file that specifies the minimal number of nodes required, hardware specifications, geolocation, and node layout. In no time, their services will be operating with ultra-high uptime and hands-free horizontal scaling. To learn more about the architecture of the Blockless network go here, but yet again, its orchestration chain is a Cosmos-based blockchain responsible for function/app registration. The cherry on the cake is that you can use and incorporate or sell community functions and extensions into your own application design in a plug-and-play manner using Blockless Marketplace. In Cosmos, you can already do this through projects like Archway or Abstract.

SAGA — Rollups as a service and Settlement optimization

Popular L2s and Rollups today like Arbitrum, Optimism, and StarkNet use Ethereum for data availability and rely on single sequencers to execute their transactions. Such single sequencers are able to perform fast when submitting to Ethereum but evidently stand as a centralized point of failure. Saga has partnered with Celestia to provide roll-ups as a service to enable a decentralized sequencer set.

“Saga’s original design is meant to provide critical infrastructure to the appchain vision, where the Saga protocol abstracts away the creation of a blockchain by leveraging IBC.”

Saga provides easy-to-deploy “chainlets” for any developer to roll out an application without having to care about L1 developments. Although their main focus is to support full appchain formation on top of the
Saga Mainnet, the technology can also support the modular thesis. This means that rollup developers can use Saga’s validators to act as sequencers and decentralize their set. In other words, Saga validators can also work in shifts submitting new blocks for Celestia rollups.

Saga offers a service that organizes validators into sequencers and punishes misconduct through shared security. Saga’s technology provides functionalities to detect invalid block productions with fraud proofs and to manage censoring or inactivity, challenges are made to process a set of transactions. This means that Saga can enhance the settlement layer whilst using Celestia for data to generate fraud proofs and offline censor challenges. This could also even be done for Ethereum, with the additional benefit of having shared security between chainlets and IBC out of the box. To further understand the difference between running a rollup or a chainlet, please refer to this fantastic article.

Conclusion

In such a modular world, developers finally have full customization power. One could choose to build sovereign rollup or settlement rollups, or even a hybrid. In our example, it could even be possible to use Saga’s consensus instead of Celestia’s. Referring to our example, we could have an application that decentralizes its execution computing through Blockless whilst programming in any language, decentralizes its sequencer set and is able to deploy unlimited Chainlets if more block space is required with Saga, and has a reliable and decentralized data availability layer with Celestia. What’s best, all these layers are built and optimized with Cosmos SDK chains, meaning they will have out-of-the-box compatibility with IBC and shared security of Chainlets.

The MEV supply chain is critical to the future performance and business models of the Solana network. Solana is in a phase of actively searching for, and ultimately choosing its MEV supply chain. One approach is to replicate the model established on Ethereum, building a searching and block-building marketplace. This path has multiple downsides, such as artificially introducing a global mempool that would increase Solana’s latency, and may also increase the risk of centralization and censorship.

We’re happy to announce that Chorus One has released a whitepaper today where we contrast the most relevant characteristics of Ethereum and Solana; review some of the features of the block-building marketplace model, i.e “flashbots-like model”, and what retrofitting it onto Solana would entail.

Given the particularities of Solana, we also propose an alternative to the block-building marketplace: the solana-mev client. This model allows for decentralized extraction by validators, through a modified Solana validator client, capable of handling MEV opportunities directly in the banking stage of the validator. Along with the whitepaper, Chorus One is also releasing an open-source prototype implementation of the approach detailed inside the whitepaper itself.

The client can be run by any validator. Even small validators or those with no specific expertise can benefit from MEV rewards by choosing to run the solana-mev client. That means the validators will be able to execute MEV strategies as they appear in their slot, in contrast with the current competitive aspect of searching, which results in a few winner bots extracting the value.

The model shrinks the incentive for independent bots to spam the network which ultimately contributes to episodes of intense traffic, as most of them send transactions targeting the same MEV opportunities.

Given that not all MEV strategies can be implemented inside the validator, independent searchers will continue to play a relevant role in the MEV space on Solana. That is guaranteed by their advantage of quickly building and updating sophisticated strategies, as well as expanding their focus to newly deployed programs and pools. This includes long-tail MEV.

In summary, the MEV client enables permissionless and decentralized extraction that benefits the ecosystem through transparent and ethical strategies, as well as increased financial returns for network participants.

For a comprehensive overview of the motivations and the model, please refer to the whitepaper here.

Authors: Jennifer Parak, Maksym Kulish

One of the most important events of 2022 in the crypto community was The Merge upgrade of the Ethereum protocol, which switched Ethereum from a Proof-of-Work legacy chain implementation to a Proof-of-Stake Beacon chain. It has proved that principal innovation is possible for the oldest and largest decentralized systems, without any disruption to the protocol users.

At Chorus One, we worked on securing next-generation Ethereum since the Beacon Chain took off in 2020, and we operate multiple thousands of validators on the mainnet today. Our new product OPUS — an Ethereum Validation-as-a-Service API — is designed to enable any organization and individual to run staking validator clients on Ethereum Beacon Chain, with a non-custodial, permission-less approach where we require customers to specify their own withdrawal and fee recipient addresses, so they remain in possession of both their stake funds and rewards. This post focuses on the technology implementation of validator keys provision and storage approach within our Validation-as-a-Service API product and shows off some challenges we faced and solutions we created in the process.

Background

Ethereum Staking Keys

The Merge has introduced two new types of keys involved in securing the Ethereum chain, in addition to legacy chain wallet keys that are remaining unchanged within Beacon Chain [1]. These keys are composed of the Signing (Validator) key pair and the Withdrawal key pair. In addition to new key functionality, the Signing key is also using a new cryptographic signature scheme, called BLS, which stands for Boneh–Lynn–Shacham. This means older key generation tools will not work for creating Signing keys. BLS signatures, specifically those over the BLS12–381 curve are used in Beacon chain block signatures and attestations. This makes it possible to aggregate multiple signatures and verify them in a single operation, which is an outstanding improvement in scalability [2].

Like most other Proof-Of-Stake blockchains, next-generation Ethereum depends on the functioning of validators for securing the transaction flow. Validators are members of the network who lock a portion of their Ethereum coins (with a minimum amount of 32 ETH) to become responsible for proposing new signed blocks of transactions, and verifying such signatures of other validators, which is called attesting. Normally, every Ethereum validator should attest signatures for a slot once per Ethereum epoch (around 6.4 minutes); and for every slot, in every epoch, one validator is pseudo-randomly chosen to produce a block of transactions to be attested by others. Validators are being rewarded for both block proposals and block attestations. The mechanism of signing the blocks and verifying the signatures of others relies on the Signing key pair. The verification mechanism works because every public part of a Signing key (Public Signing Key) is published on-chain, so every signature done with the private part of the Signing key (Private Signing Key) can be verified by every other validator. Despite having the power for creating blockchain content, the Signing keys can not be used to move any funds including staking funds, and they only listen for and sign the transaction content provided by the peering network of Ethereum nodes.

The Withdrawal key pair is neither used for blocks nor for attestations, but it has control over staked funds. After the Shanghai fork, withdrawals will be activated, which will enable the funds to be moved to an owner-controlled withdrawal address specified in the deposit contract. With EIP-4895 withdrawals will be enabled in a push-based fashion [3], such that funds that were previously locked on the consensus layer on depositing are automatically pushed to the execution layer as a system-level operation. This means users won’t have to pay any gas for a withdrawal transaction. For users who have specified a BLS withdrawal address in their deposit contract, they would need to broadcast a BLS_TO_EXECUTION_CHANGE message to the beacon chain to update their withdrawal address to an execution address.

Finally, when the validator successfully proposes a block, a special Fee Recipient address receives the accumulated gas fees from the block. Since the Fee Recipient is not directly involved in staking, we will largely omit it in this post.

More information about different types of keys involved in Ethereum staking can be found in the following resources: [4], [5]

Managing Validator keys for OPUS Validation-as-a-Service API

As part of the OPUS Validation-as-a-Service API, we require customers to retain ownership of Withdrawal keys, so that staked funds can never be controlled or accessed by Chorus One. A Signing key, however, is different: since Chorus One is a responsible party for hosting and maintaining the Ethereum validator, the inner workings of the Validation-as-a-Service API require us to generate, load, and store Signing keys. Thus, a robust solution for key management is an essential part of our Validation-as-a-Service API.

Early into the project lifecycle, we used the staking deposit command line interface (CLI) provided by the Ethereum Foundation (https://github.com/ethereum/staking-deposit-cli). While the staking CLI is a great tool for solo/home stakers, we realized that it was not designed for our use case. First of all, staking-deposit-cli by default stores the newly generated keystore into a filesystem, posing a potential security threat from leaking key material. While it is possible to use infrastructure-specific workarounds like ramdisks to mitigate the threat, such workarounds would add complexity and failure points to the platform. The open-source nature of staking-deposit-cli allowed us to fork the source code and modify it to cater to our needs, but the lack of thoroughly automated test suites meant we had a hard time syncing our changes with upstream updates. Finally, all of our codebase is Rust, and having to support Python CLI within the infrastructure, including keeping a good security track record by timely patching all the Python dependencies, puts an additional burden on the development team. In the end, we decided to pursue an alternative approach to generating keys, which we describe in the next paragraph.

Eth-staking-smith

Having endured even more difficulties with staking-cli when generating Ethereum keys on a large scale, our Ethereum Team decided to tackle the problem during our company-wide engineering hackathon where we built an MVP for an Ethereum key generation tool written in Rust. This was the birth of the Eth-staking-smith project.

Eth-staking-smith can be used as a CLI tool or as a Rust library to generate Signing keys and deposit data derived from a new mnemonic or to regenerate deposit data from an existing mnemonic. These use cases were implemented, in order to provide the same functionality as the staking-deposit-cli whilst avoiding all problems mentioned above.

Example command to generate keys from a newly generated mnemonic:

eth-staking-smith new-mnemonic --chain mainnet --keystore_password testtest --num_validators 1

‍

Example command to generate keys from an existing mnemonic:

eth-staking-smith existing-mnemonic --chain mainnet --keystore_password testtest --mnemonic "entire habit bottom mention spoil clown finger wheat motion fox axis mechanic country make garment bar blind stadium sugar water scissors canyon often ketchup" --num_validators 1 --withdrawal_credentials "0x0100000000000000000000000000000000000000000000000000000000000001"

‍

For both use cases, Eth-staking-smith will generate the following key material:

• Private Signing keys
• Keystores
• Mnemonic (existing or newly generated)
• Deposit data smart contract properties

Let’s zoom into the generated key material

Private Signing keys

As mentioned above, the Private Signing key is the key used to provide a signature to any action taken by the validator. The Eth-staking-smith Signing key output is done without encryption because in our use case, we use remote API to store the key material immediately upon the generation. Remote API implements encryption for both data transfer and data at rest. We decided to make keystore use optional, but Eth-staking-smith can still generate encrypted keystores for the users who need that.

Example:

{
…
 "private_keys": [
    "6d446ca271eb229044b9039354ecdfa6244d1a11615ec1a46fc82a800367de5d"
  ]
…
}

‍

Keystores

The keystore is an encrypted version of the private Signing key in the specified format [6]. When generating keys with eth-staking smith, a keystore password can be specified and in that case, the keystore data will be output. Using a key derivation function (e.g. <code-text>scrypt<code-text>, or <code-text>pbkdf2<code-text>), a decryption-key is derived using the given passphrase and a set of strong built-in derivation arguments. The example below highlights the field <code-text>function<code-text> that shows the key derivation function used. The keystore is a useful alternative that is less vulnerable to an attacker than storing the private Signing keys in a plaintext file, since they would need the keystore file, as well as the passphrase to decrypt the file.

Example:

{
…
 "keystores": [
  {
    "crypto": {
    "checksum": {
      "function": "sha256",
      "message": "af14321c3083de535a0dd895b4e2fb156e6b0eda346120c8d7afb5277d3a489f",
      "params": {}
    },
    "cipher": {
    "function": "aes-128-ctr",
    "message": "8032685ad92a579e66328bbd6c747e41497dc6897c17cebbd83958394943924b",
    "params": {
      "iv": "da5699bb18ee7fea6095634a2fa05d18"
    }
  },
  "kdf": {
    "function": "pbkdf2",
    "message": "",
      "params": {
        "c": 262144,
        "dklen": 32,
        "prf": "hmac-sha256",
        "salt": "afb431f05b7fe02f253d9bc446ac686776541d38956fa6d39e14894f44e414d8"
       }
    }
 },
  "description": "",
  "name": null,
  "path": "m/12381/3600/0/0/0",
  "pubkey": "8844cebb34d10e0e57f3c29ada375dafe14762ab85b2e408c3d6d55ce6d03317660bca9f2c2d17d8fbe14a2529ada1ea",
  "uuid": "6dbae828-d0f0–42ed-9c06-d9079642ea08",
  "version": 4
  }
],
…
}

‍

Mnemonic

The mnemonic, passed in by the user or the one generated, is returned as part of the output so that the user can store it safely. Further information on mnemonics can be found under the reference [7].

Example:

{
…
 "mnemonic": {
    "seed": "ski interest capable knee usual ugly duty exercise tattoo subway delay upper bid forget say"
  },
…
}

‍

Deposit data

Finally, the deposit data is returned, which is used to make the deposit of 32ETH using the Ethereum deposit contract to activate the validator. One of the most important fields in the deposit data is the withdrawal credentials.

By default, withdrawal credentials are BLS addresses derived from the mnemonic, however, there exists a use case where a user might want to overwrite the derived withdrawal credentials with already existing ones.

The BLS address format is called <code-text>0x00<code-text> credentials, and is actually set to be deprecated sometime after withdrawals will be enabled. Another alternative way to provide withdrawal credentials is to use a legacy Ethereum wallet address, prefixed by <code-text>0x01<code-text>. Ethereum will be pivoting from using <code-text>0x00<code-text> (formerly eth2) to <code-text>0x01<code-text> execution (formerly eth1) addresses. To learn more about this, we recommend watching the panel from Devcon 2022 [8] and looking into the Ethereum specification [4]. Eth-staking-smith, therefore, allows the user to pass in a <code-text>0x00<code-text>, <code-text>0x01<code-text> execution withdrawal credentials, as well as an execution address to overwrite the withdrawal credentials.

Example deposit data with BLS credentials (<code-text>--withdrawal_credentials 0x0045b91b2f60b88e7392d49ae1364b55e713d06f30e563f9f99e10994b26221d<code-text>)

{
…
"deposit_data": [
  {
    "amount": 32000000000,
    "deposit_cli_version": "2.3.0",
    "deposit_data_root": "95ac4064aabfdece592ddeaba83dc77cf095f2644c09e3453f83253a8b7e0ae1",
    "deposit_message_root": "6a0c14a9acd99ab4b9757f2ff2f41e04b44c0c53448fdf978c118841cd337582",
    "fork_version": "00001020",
    "network_name": "goerli",
    "pubkey": "8844cebb34d10e0e57f3c29ada375dafe14762ab85b2e408c3d6d55ce6d03317660bca9f2c2d17d8fbe14a2529ada1ea",
    "signature": "82effe6d57877b7d642775ae3d56f9411d41a85218b552c6318925c7ba23f7470ebe3a35045e2fc36b0e848e6f4ec1d503f2014dc5a7ad94a267f5b237f2475b5da9ff358fbd5a8e9f497f1db0cfb15624e686991d002077a6cd4efda8bdc67e",
    "withdrawal_credentials": "01000000000000000000000071c7656ec7ab88b098defb751b7401b5f6d8976f"
  }
],
…
}

‍

Below we present a full-fledged example output of the key material generated by Eth-staking-smith:

Command:

eth-staking-smith existing-mnemonic --chain goerli --keystore_password testtest --mnemonic "ski interest capable knee usual ugly duty exercise tattoo subway delay upper bid forget say" --num_validators 1

‍

Output:

{
"deposit_data": [
  {
    "amount": 32000000000,
    "deposit_cli_version": "2.3.0",
    "deposit_data_root": "2abc7681f73a01acbc1974ab47119766bf57d94f86a72828f8875295f5bd92de",
    "deposit_message_root": "bfd9d2c616eb570ad3fd4d4caf169b88f80490d8923537474bf1f6c5cec5e56d",
    "fork_version": "00001020",
    "network_name": "goerli",
    "pubkey": "8844cebb34d10e0e57f3c29ada375dafe14762ab85b2e408c3d6d55ce6d03317660bca9f2c2d17d8fbe14a2529ada1ea",
    "signature": "97c0ad0d4f721dc53f33a399dbf0ff2cab6f679f4efdcdaa9f8bdd22cd11b5e37c12fdd2cd29369b1b907a51573a9ef60f93d768fd2d47a99b5d55fe6516a87b9090e16c42f5a8fcbf91d24883359bffb074a02d6d4d7f6c3cd04c8e09f8dc02",
    "withdrawal_credentials": "0045b91b2f60b88e7392d49ae1364b55e713d06f30e563f9f99e10994b26221d"
  }
],
"keystores": [
  {
    "crypto": {
    "checksum": {
      "function": "sha256",
      "message": "af14321c3083de535a0dd895b4e2fb156e6b0eda346120c8d7afb5277d3a489f",
      "params": {}
  },
  "cipher": {
  "function": "aes-128-ctr",
  "message": "8032685ad92a579e66328bbd6c747e41497dc6897c17cebbd83958394943924b",
  "params": {
    "iv": "da5699bb18ee7fea6095634a2fa05d18"
    }
  },
  "kdf": {
    "function": "pbkdf2",
    "message": "",
    "params": {
      "c": 262144,
      "dklen": 32,
      "prf": "hmac-sha256",
      "salt": "afb431f05b7fe02f253d9bc446ac686776541d38956fa6d39e14894f44e414d8"
      }
    }
  },
  "description": "",
  "name": null,
  "path": "m/12381/3600/0/0/0",
  "pubkey": "8844cebb34d10e0e57f3c29ada375dafe14762ab85b2e408c3d6d55ce6d03317660bca9f2c2d17d8fbe14a2529ada1ea",
  "uuid": "6dbae828-d0f0–42ed-9c06-d9079642ea08",
  "version": 4
  }
],
"mnemonic": {
  "seed": "ski interest capable knee usual ugly duty exercise tattoo subway delay upper bid forget say"
},
"private_keys": [
  "6d446ca271eb229044b9039354ecdfa6244d1a11615ec1a46fc82a800367de5d"
  ]
}

‍

Security Improvements

Since writing key material on disk was a major security vulnerability for us, Eth-staking-smith removes this issue entirely by not writing any files on disk.

To avoid heavy-lifting and re-creating crypto primitives from scratch, we’re re-using functionalities from the lighthouse client implementation [9] for key generation, which builds on top of blst — a BLS12–381 signature library [10], which is currently undergoing formal verification.

For entropy collection, one customization was made: Eth-staking-smith defers entropy collection to the operating system by using <code-text>getrandom()<code-text> on Linux and thereby making use of Linux’s state-of-the-art randomness approach.

Tweaking Security <> Performance parameters

Finally, since key generation at scale was notoriously slow for us with staking-deposit-cli, we took initiative to add additional arguments for our users to tweak performance <> security parameters depending on their specific use case.

As per our use case, our API does not require the keystore file, but only the private key in raw format. We, therefore, enable the user to opt-out of keystore generation in order to improve performance. This can be done by omitting the <code-text>--keystore_password<code-text> argument as follows:

eth-staking-smith new-mnemonic --chain goerli --num_validators 1

‍

We measured that omitting keystore speeds up the key generation process by 99%. The key generation performance we experience with Eth-staking-smith is consistently sub-second, with slight variability depending on hardware and platform.

In case the user requires the keystore file for redundancy, there’s another option to speed up the keystore generation process by choosing a different key-derivation function. By default, Eth-staking-smith will use <code-text>pbkdf2<code-text> to derive the decryption key to achieve better performance. There’s also the option to use <code-text>scrypt<code-text> which offers better security, however, consequently, worse performance. This can be done by choosing the key-derivation function using the <code-text>--kdf<code-text> argument as follows:

eth-staking-smith new-mnemonic --chain goerli --keystore_password testtest --num_validators 1 --kdf scrypt

‍

Converting BLS withdrawal to execution address

As mentioned above, users who had previously specified a BLS (0x00) withdrawal address, will need to make a request to the beacon chain to update their validators’ withdrawal address to point to an execution address. To perform this operation, the user will need to have the BLS withdrawal key mnemonic phrase. Once done, withdrawals will be automatically funded on the execution address.

Eth-staking-smith enables the user to generate a signed <code-text>BLS_TO_EXECUTION_CHANGE<code-text> message which they can send to the beacon chain to update their withdrawal address.

eth-staking-smith bls-to-execution-change --chain mainnet --mnemonic "entire habit bottom mention spoil clown finger wheat motion fox axis mechanic country make garment bar blind stadium sugar water scissors canyon often ketchup" --validator_index 0 --withdrawal_credentials "0x0045b91b2f60b88e7392d49ae1364b55e713d06f30e563f9f99e10994b26221d" --execution_address "0x71C7656EC7ab88b098defB751B7401B5f6d8976F"

‍

Users can use the response to make the request to the beacon node as follows:

```
curl -H "Content-Type: application/json" -d '{
  "message": {
    "validator_index": 0,
    "from_bls_pubkey": "0x0045b91b2f60b88e7392d49ae1364b55e713d06f30e563f9f99e10994b26221d",
    "to_execution_address": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F"
  },
  "signature": "0x9220e5badefdfe8abc36cae01af29b981edeb940ff88c438f72c8af876fbd6416138c85f5348c5ace92a081fa15291aa0ffb856141b871dc807f3ec2fe9c8415cac3d76579c61455ab3938bc162e139d060c8aa13fcd670febe46bf0bb579c5a"
}' http://localhost:3500/eth/v1/beacon/pool/bls_to_execution_change
```

‍

Conclusion

Throughout this post, we explained the basics of Ethereum Beacon Chain block validation, the key material involved in the process, and walked through an automation tool we created at Chorus One for Proof-of-Stake key management.

We hope the tool can be useful to some of our readers, especially those who use Rust for their blockchain automation work. It is also open-source, and we will welcome bug reports and pull requests on Github.

If the reader is interested in using OPUS Validation-as-a-Service API which builds upon that automation, you are welcome to join the wait-list for private beta, contact via sales@chorus.one.

References:

[1] https://kb.beaconcha.in/ethereum-2-keys

[2] https://eth2book.info/altair/part2/building_blocks/signatures#aggregation

[3] https://eips.ethereum.org/EIPS/eip-4895

[4] https://notes.ethereum.org/@GW1ZUbNKR5iRjjKYx6_dJQ/Skxf3tNcg_

[5] https://github.com/ethereum/consensus-specs/blob/dev/specs/capella/beacon-chain.md

[6] https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2335.md

[7] https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki

[8] https://www.youtube.com/watch?v=zf7HJT_DMFw&feature=youtu.be

[9] https://github.com/sigp/lighthouse

[10] https://github.com/supranational/blst

Will Ethereum become a deflationary cryptocurrency, now that The Merge has happened? The answer to this question, in short, can be given in two words: “it depends!” Its long form, however, would offer you a better understanding of whether Ethereum will indeed remain inflationary (albeit only slightly as miners have packed their bags) or become a deflationary asset as time goes on.

If you’re confused by all the information floating around and can’t quite grasp all the terms related to it, read on as this article simplifies the topic at hand. In this piece, we’ll take you by the hand and walk you through the following:

• The Merge — what is it?
• Back to the drawing board: What is inflation? What is deflation?
• Inflationary vs deflationary vs disinflationary crypto assets
• Explaining Ethereum’s issuance mechanism and inflationary state before The Merge
• How Ethereum could go from a nearly Net Zero inflation rate to becoming deflationary after The Merge

The Merge — what is it?

At 6:42 AM UTC (2:42 AM EDT / 8:42 AM CEST) on Thursday, September 15, 2022, Ethereum’s long-awaited transition from Proof-of-Work to Proof-of-Stake, dubbed “The Merge”, was finally completed. As Chorus One and the rest of the ecosystem could confirm, the operation — after years of blood, sweat, and delays — was successful.

‍

Having started out as a network relying on Proof-of-Work, thus fast shaping into the “hub” of miners as Bitcoin’s biggest competitor, Ethereum soon encountered scalability issues with its Execution Layer. Too much energy consumption between competing miners to process transactions and not enough security for the network, after all.

The Beacon Chain was, therefore, introduced in December 2020 as the network’s Consensus Layer. This innovation could be seen as Ethereum’s spine, master coordinator, or watchful lighthouse tower, with its key functions set to store data, and manage the network’s validators. Functionalities also included scanning the network, validating transactions, collecting votes, distributing rewards to performing validators, deducting rewards of offline validators, and slashing the ETH of malicious actors.

This Proof-of-Stake blockchain ran alongside the PoW network with the objective to — one day — merge and transform Ethereum into a Proof-of-Stake only network. A win for decentralization and the environment!

That day happened on September 15th, 2022. But before that, Ethereum was inflating at roughly 3.67% — with a ~ 4.62% issuance inflation rate. We will break down the calculations behind this inflation rate, shortly. But first, let’s go back to the drawing board to remind ourselves about the definition of inflation and deflation, in the first place.

What is inflation? What is deflation?

Inflation happens when more bills are printed (FIAT money) or more tokens are minted (cryptocurrency) for circulation in the system. The value of the currency then decreases. In FIAT, this means that more bills would be needed to afford things. In certain cryptocurrencies, this means that the price of the currency goes down.

Deflation, on the other hand, happens when tokens are removed or destroyed from the system through “burning”. By logic, the value of the currency is supposed to increase. There are, however, much more complicated dynamics to this. Those won’t be our point of focus, today.

Explaining Ethereum’s issuance mechanism and inflationary state before The Merge

Before The Merge, Ethereum rewarded the capital-intensive mining activity with up to 2.08 ETH approximately every ~ 13.3 seconds. This rounded up to roughly ~ 4,930,000 ETH/year in miners rewards. The network also had around ~ 119.3M ETH in total supply. (Source: Ethereum.org)

We can find the inflation rate by summing up the Executive Layer and Consensus Layer inflation rates.

Let’s calculate the figure for the Execution Layer by dividing the amount of PoW issued rewards with the total amount of ETH in circulation, to be:

• ~ 4.93M ETH/ ~ 119.3M ETH = ~ 0.0413 = ~ 4.13%

Then, we move to the Consensus Layer issuance, based on the amount of ETH staked. We’ll round up that number to 13,000,000 of staked ETH presently.

If 1,600 ETH/day is issued, that’s 584K ETH/year in Consensus Layer issuance, amounting to an inflation rate of:

• ~ 584K ETH/ ~ 119.3M ETH = ~ 0.00489 = ~ 0.49%

That’s almost Net Zero!

Summing both figures, we had an issuance inflation rate of ~ 4.62%, pre-Merge. In other words, miners made approximately ~ 89.4% of issued ETH whilst stakers got ~ 10.6% of the pie as ETH’s issuance inflated at ~ 4.62%.

Goodbye miners. Stay on, stakers!

Through The Merge, Ethereum has therefore addressed:

1. Energy efficiency
2. Issuance reduction (up to 88%!)
3. PoS security, among other things

Among what it hasn’t addressed, however, are:

1. High gas fees
2. Slow transaction speed

We’ll get to understand how not addressing high gas fees could actually be a plus for “Deflationary Assets” or “Ultra Sound Money” advocates.

Inflationary vs disinflationary vs deflationary crypto assets

As we go back to the drawing board for the second time in our walk-through, let’s revisit the difference between inflationary, deflationary, and disinflationary crypto assets.

Inflationary

Some cryptocurrencies’ tokenomics are set-up to increase token supply over time. From the start, they are “programmed” to be inflationary. Other cryptocurrency projects, which propose unlimited coin supply, are inflationary as well — as unlimited supply is bound to outweigh demand, decreasing the currency’s value over time. An example of a coin with unlimited supply is DOGECOIN.

Disinflationary

With its halving mechanism until the last 21 millionth Bitcoin is minted, Bitcoin is a disinflationary cryptocurrency. It is set up for a chronological decrease in its issuance. A disinflationary cryptocurrency can, in other words, be described as “an inflationary cryptocurrency with disinflationary measures” in the sense that the demand may, over time, become greater than the diminishing issuance of new tokens.

Deflationary

A good example of a deflationary cryptocurrency is the Binance Coin. BNB’s initial supply saw 200,000,000 tokens in circulation. At the end of Q3, nearly 40 million BNBs had been burned as part of the plan to halve the initial supply from 200 million to 100 million.

Look at tokens in circulation as a balloon and issuance as air: BNB’s mechanism is to deflate the balloon till 50% of air in it remains whilst Bitcoin’s mechanism is to keep inflating its balloon with a set maximum air supply, but doing so with a little less air at every pump.

How Ethereum could go from a nearly Net Zero inflation rate to becoming deflationary after The Merge

So what about Ethereum, now that The Merge has basically rendered a close to Net Zero inflation rate? Why is it touted as a potential deflationary coin?

Enter EIP-1559, the mechanism that burns a portion of ETH gas fees during transactions on the network. With the inflation rate already dropping to 0.49% as explained above, EIP-1559 has the potential to decrease ETH supply — but only on the condition that the gas prices are above 15 Gwei.

Consequently, it is no surprise that ultra sound money advocates would plead users to set their ETH transaction fees to a minimum 15.1 gwei.

Ultrasound.money tracks Ethereum’s supply in real time. A negative figure reflects how many ETHs have been burned since The Merge. In other words, a negative figure showcases deflation, whilst a positive figure showcases inflation.

32 hours into The Merge era, Ethereum had issued over 376 more ETH. Inflationary.

A month on and the figures keep rising…

Or maybe not… a wider perspective shows us that there has actually been a decrease since October 8th, when the issuance peaked at over 13,000 ETH.

Ethereum — Deflationary or not?

Ultrasound.Money projects gas fees to be above 70 Gwei, registering a -3.40% supply decrease across the next two years.

As we’ve witnessed now, four weeks since The Merge, we’re bound to see periods of a deflationary ETH and periods with a low but healthy inflation — both of which would be vital for an economic equilibrium.