TLDR: If proof of stake is the route forward that we wish to pave, we must be aware of what we are signing up for and the potentially unavoidable side effects that may crop up. Merging governance capability to the network adds another layer of complexity and adds a whole new array of attack vectors for unwanted behavior and power creep. While IOG should be commended for publishing their work on Cardano, some of the underlying assumptions in their reward models invalidate any “proof” or guarantee of certain behavior in the on-chain network that underpins the formal specification and verification process. To quantify decentralization, it is suggested to use an existing economics metric, the Gini coefficient.
Part I: Proof of Stake and Governance
The largest issue, in my mind, is that Cardano is trying to merge governance with a proof of stake protocol. In a way, proof of stake is an admission that money and power are, in many ways, synonymous. Proof of stake doubles down on this concept by dictating that one’s ability to influence the network (as well as rewards received from the network) is tied to the amount of the underlying native asset they control (i.e. “money”). In the case of Cardano, this takes the form of stake pool operators (SPOs) who run the network nodes along with ADA holders who delegate their stake. Tying voting power to the amount of native asset owned or controlled, as Catalyst has functioned thus far, introduces a number of problems and creates opportunities for foul play.
- It builds upon the already great economic disparities that exist and increases the risk of an oligarchy forming, an existing criticism of PoS even without a formal governance structure.
- It detracts from voter participation due to voter apathy. There is little incentive to vote if one wealthy individual’s vote has the same weight as tens of thousands of “average” voters.
- It disproportionately benefits the voice of SPOs who have borrowed pledge.
Along with these, I would add
1a. currently, voting rewards are distributed proportionally to voting power. While this distribution is ‘proportional’ in a sense, it disproportionately rewards those whose votes already carry the highest weight (i.e. already have plenty of incentive to vote). A real world analog is Covid related subsidies for farmers in the US where, despite best intentions, relief has primarily benefitted large farming operations.
3a. Charles’ suggestion to allow the option for SPOs to vote on their delegators behalf gives them extremely outsized power especially if it is the default option. Doing this ties money, political influence, and network security all to SPOs. It makes it extremely difficult to optimize the network as a whole when all three are coupled together within a single group. I believe that there should be a way to allow for some form of representative voting but, at the current stage, there are no checks or balances in place to counteract a party abusing their privileged position.
…and yes, while I agree that governance is a critical step to utility and adoption, the irony of governance on a cryptocurrency platform is not lost on me.
“You wanted to be safe from the government so you became a stupid government.” - Rick Sanchez
Part II: Proof of Stake, Decentralization, and the RSS
A second issue, specific to Cardano, that I see (that has justifiably been a point of contention recently) is the reward sharing scheme (RSS). For details, I will be referencing the 2020 paper published by Brujnes et al. My primary concern is one shared by others in that proof of stake networks can lead to oligopolies. The IOG publication referenced is intended to reinforce the idea that the RSS has been run through the hoops for formal specification and verification that Cardano aspires to live up to. It’s a rather long technical document and is perhaps easy to get lost in the details, so I’ve outlined a few key areas that I see as misleading or altogether problematic.
Starting from the beginning, “A reward scheme determines the way by which the reward R is distributed to the pools and pool members, and the central issue of this work is to determine reward schemes with desired properties” (pg. 6). This is technically not true in that the reward is nearly always less than R, and not by an inconsequential amount. They do clarify this later in the document, “Note that we don’t have to distribute the whole amount R” (pg. 8). This is by no fault of the pool operators, it is merely a consequence of a0 (or α in the document). A knock-on effect of this is that the monetary expansion parameter no longer accurately describes monetary expansion on the network. Currently, approximately only 70% of the intended rewards are being distributed as is evidenced here.
A recurring complaint that I have is that some of the equations and text are confusing and/or misleading. One example is the myopic utility that a player i gets from their own pool
ui,i = (mi+(1-mi)ai,i/σi) * (r-c)
seems nonintuitive at first glance, but if you expand the first part of the right hand term in margin, mi, instead of relative player pledge, ai,i/σi, it becomes much easier to see that
ui,i = (ai,i/σi+(1-ai,i/σi)mi) * (r-c)
this is just the reward of the operator’s own pledge + the reward from margin on the remaining stake delegated to the pool (after the fixed pool cost has been deducted).
More importantly, the paper discusses Sybil resistance and Nash equilibrium, but in different contexts within separate models. The impression that is given to the Cardano community is that the RSS proposed provides both, however, it is not the RSS that leads to the Nash equilibrium but rather the explicit mathematical boundary condition dictating that a pool leader can create at most one pool. Throughout all models, with the exception of the few paragraphs in section 4.3, “we have assumed that each player can create at most one pool…” “…hence explicitly excluding Sybil attacks and whale stakeholders” (pg. 21, 19). Therefore, any conclusions made in regard to a Nash equilibrium (k pools of equal size) are only valid if SPOs are somehow limited to only creating a single pool. Formal specification and verification are of little value if the underlying assumptions are false.
Why does their model approach a Nash equilibrium? Because their model forces players to optimize for single pool returns rather than total possible returns . If their model had allowed for a single player to operate multiple pools then we would no longer expect to see the Nash equilibrium as there is no longer an artificial boundary (determined by k ) preventing growth. This is why the comparison between the “naïve” reward function, R/σ, and their RSS is a bit unfair. You would expect to see the same equilibrium in the “naïve” reward function as well if you placed the same simple saturation limitation on pools.
A final note on the article, the sum of rewards for each of the pools in tables 1-7 (pg. 29-32, 36-37) is greater than 1 in every case, suggesting that there is an error either in these simulations or in the table. Further supporting that this is an error, they state “…we observe the maximum rewards obtained by each pool at each epoch are in the range [R/((1+α)k), R/k]” (pg. 24) implying that with 10 pools the maximum reward should be ≤ 0.1, while the tables show that every pool has reward > 0.1.
Now, let’s suppose that Cardano implements an identity solution to allow these players (at least any that desire to be a SPO) to be identifiable. We could then strictly enforce that a single person or entity only be able to operate a single pool. The problem with this is that there are always workarounds. If I’m a wealthy SPO, I can simply start a second pool under the name of a family member. Or I can set up multiple business that are technically competitors, but choose to play nice with one another. There will always be work-arounds in the real world that are outside the realm of enforceablility by the protocol. As a side note, IOG in fact uses the Pareto distribution or “80-20” rule in determining the initial stake distribution, thereby acknowledging this pre-existing centralization of wealth in their own model .
So perhaps there is no way to enforce or adequately incentivize decentralization in a PoS network. Even so, since this appears to be the path that the industry is choosing to forge ahead on, it would be beneficial to know how decentralized the network is. This at least enables us to determine if the actions we take are truly aiding decentralization or not. While often confused as a metric for decentralization, the “optimum number of stake pools” k and even the current number of stake pools is a rather poor indicator. Slightly better, is IOG’s decentralization parameter, d , which is (oddly directly) proportional to the percentage of blocks minted by the old Byron nodes. I say slightly better because it focuses on the number of blocks produced rather than the number of pools, however, it is not as simple as saying that we will be “100% decentralized” once all nodes are producing Shelley blocks.
If we acknowledge block production as a source of income we can draw from existing economic metrics and use the Gini coefficient as a decentralization metric. The Gini coefficient is a means of measuring income or wealth inequality (taken by adding the normalized income or wealth discrepancy between each of the members). A Gini coefficient of 0 is perfect equality (each person has the same income) while a Gini coefficient of 1 is maximum inequality (one person has all of the income). If used as a decentralization metric for Cardano, one would instead add the normalized discrepancy in blocks produced between stake pools.
Here n is the number of stake pools, bi is the number of blocks produced by the ith pool over some specified interval, and bavg is the average number of blocks produced by all pools during that interval.
Of course, there will always be issues when one attempts to boil down a complex concept, such as decentralization, to a single number. One problem with using the Gini coefficient, as with any metric in our case, is the previous issue of pool splitting. Pools are assumed unique, whereas a single stake pool operator can run multiple stake pools so, ideally, an identity solution should be in place to correctly lump pools with their proper owners. Another thing to consider is how to define the number of pool operators . Do we count the pool operators that have never produced a block? What about pools with so little stake that they wouldn’t be expected to produce a block within 100 years? The easiest starting point is to just consider all pools with at least 1 lovelace staked and come to terms with the fact that this Gini coefficient would be skewed more towards inequality than it would be otherwise.
Finally, it may also be informative to consider two separate Gini coefficients. One would be the Gini coefficient for the wealth in the network (ADA pledged/owned) while the second would be the Gini coefficient for the income in the network (rewards received). These could be examined on a SPO basis or a global basis to draw a better picture of how decentralized the network is and if it is becoming more or less centralized over time.