So the teams behind Cardano has gone to great lenght to mathematically prove the security of the Proof of Stake model. (https://iohk.io/research/papers/#9BKRHCSI) However many would argue all security is no stronger than the weakest link in any security system. In light of such a framework I am wondering how the distribution of Proof of stake pools could affect the security of the whole system itself. Keep in mind I have a basic understanding of the underlying model behind this so I am simply trying to ask critical questions and hopefully there are some more wiser people out there who can answer how this has already been tackled. Also appologize in advance that english is not my first language but hopefully my meaning come across.
Staking pools are likely to be skewed geographically to where there is currently a lot of Cardano in circulation. I would argue for this to be the case since most investors tend to want to put the currency they invest into in use in a country that the laws they understand (among other reasons.) Now in itself this is not a problem but lets say a country puts regulations in place that causes dramatic changes quickly. For example the outlawing of staking pools causing a large portion of systems to quickly be shut down. As far as my understanding of the paper goes this would not shut down or corrupt any transfers but I am wondering if this could cause transaction times to come to a grinding halt until new pools with available hardware where up and running. This could have dire consequences in the case of time critical transactions and thus a security risk. I believe ideally staking pools should be geographically spread out to such a degree that no single country has a majority of the transaction computational power. There are many ways one can get to good geopgrahic distribution - one could get this by good governence, incentives or by rules of the system itself.
#Risks to the staking pools
As far as my basic understanding goes a user can at any point in time change what staking pool they let stake for them. If the computational method used by Cardano is costly in hardware, and I am going to assume this is the case if one ideally wants around 100-150 pools with a majority of transactions, then these pools runs financial risks whenever they expand hardware and if rational actors they would limit growth to anything with a quick return of interest on hardware expenditure. In theory if Cardano has a high growht rate it could be slowed down by staking pools willingness to invest large enough sums to get hardware quickly enough. Again this could cause slow downs in transactions speeds and if any such transactions where time critical that could cause problems. If not tackled properly it could also cause less incentive for quality taking pools to be formed that are long term stable. If staking pools are themselves free to set the fee one might argue this would be self correcting in a market economy where fees would increase if needed for investment or actors with deeper pockets would leveragte the advantage to burn more money up front for a larger market share. However it would still cause periods of boom and bust that are part of any market economy and could thus cause slowdowns during periods of bust. One example of how to solve this would be for the treasury/governance system to incentives investment in infastructure across pools in cases where growth is limited by economic constraints on hardware.
#Staking pool fee as the single most important factor for user selection of pool
One problem that could in theory happen is that pools that invest the least in security measures are more competitive in fee prices and become the most popular pools. This could cause these pools to be more easily hacked or influenced and could become a weakness in the system. To avoid this either the treasury/governance should incentivize security measures by staking pools or for example some form of security standard certificate could be developed by security professionals and paid/managed through the treasury system. Other examples would be to reward pools with no security incidents over time. In any case one should atleast consider the fact that if there are no incentives for security in the pools and all incentives lies in having the lowest fee cost this could cause pools to have less of a security standard than what would be ideal.
#Paralyzing honest staking pools in a coordinated effort
I do not know if this is far out there but let me just post it for consideredation: The lesser distributed pools are and the lesser security measures are implemented the easier it would be for coordinated attack on any such system. For example if say 80-90% of all staking pools where located in Korea , Japan and US and these countries came in a war situation where they decided to wage economical warfare on other countries all by law required the public state pools to be shut down and at same time replaced them with staking pools that did not give a honest view of transactions (for example excluding or funneling founds from other countries) they could more easily overcome the 50%+1 requirement than if said staking pools with hardware where more geopgrahically diversed. If security was too relaxed this could also be done by hacking attacks so incentivizing staking pools to have security seems to be important for this semi distributed system to work.
#Reputation / PR / Legal
To gain a competitive edge or by ethical reasons or to build buisness relationships staking pools could use fees to help spread ADA popularity across the world by setting up hardware / infastructure in locations that need it most. Google / Facebook is already doing this with network infastructure across places that do not have such infastrucutre. I see no reason why fees could not be used to educate and build infastructure to expand ADA across the world. After all it would be in the interest of staking pools to increase growth, and some might even be motivated by more lofty goals as wanting to make the world a better place (and gain a competitive edge at the same time in being more likely selected as a pool.) All of this is very fine but problem could be caused over how this is implemented. Picture if someone is motivated by pure business motives and invest in infrasctructure only if people in that place claim to the pool of the actor that is investing. “Africapool” invest heavily in several countires in africa with government deals that allows users only to give staking claims to africapool. I am not saying this is going to happen but it could happen if incentives are too large for the staking pools. And it could then cause individual staking pools to have a too large dominance in one geographical location thus again creating security problems and or legal problems like say first gaining the exclusive right of a country to allow its citizen to stake in ada and then cranking up the fees of the pool. Again to avoid such behaviour one would need to look how staking pools are allowed to use fees and guidance/governance given to staking pools.
Okay that was all I could think of for now in my 45 minutes typing this but perhaps others can join in on this discussion and add other theoretical concerns as well. I have high hopes for Cardano in general and most of my concerns are theoretical in nature so I am not so bothered by them but I hope it is usefull to discuss them in any case.