What happens if keys to10 Billion ADA is lost?

How would it affect network security?

Is a mechanism possible to gradually deplete this wallet if the keys are lost or the wallet has been left dormant for a very long time ?

Is there a way to secure the network without having to touch people’s wallets?

Some of the ideas and discussions that came up elsewhere include:

Check TestNet Classic to understand. It’s just that – an opinion IF the network ever needs it. Right now, density is where it should be so this is not a requirement. In the future, density could fall if enough keys are lost.

Let’s say this: 10B ADA are in cold storage and staked to retired pools. Network density would fall by ~40% and with it, proportionally, network security.

Have I missed something here? Surely if ada is staked to a retired pool, it doesn’t contribute to consensus, so doesn’t affect the overall security of the network? How would an attacker use a retired pool to override consensus?

I meant to a pool whose KES keys weren’t renewed, not a retired pool.

Still. if their keys expire, that doesn’t automatically mean somebody else can take over their stake, surely?

If the pool is assigned blocks to mint but doesn’t mint those blocks, density is lowered, which means fewer blocks. Just check TestNet Classic to understand what I mean.

Why would a pool with expired keys be assigned blocks to mint? that seems like a bug. googles testnet classic

It’s by design and how it works. TestNet Classic is at 2% density because of this.

This is the only reason why I’d vote for such a mechanism in the future IF this is ever needed.

well I don’t think taking people’s cold storage Ada from them is the solution to this - is there a reason why we can’t just treat their Ada as unstaked and not contributing to consensus?

Once again – if I have to choose between a minute percentage, such as 0.01% every 10 epochs, after 5 (or 20 years), or network being insecure, I’ll choose the former.

Obviously neither are ideal, and hopefully we’ll never need.

well I would be in favour of gradually depleting wallets that are idle for extreme periods of time… but I still don’t see why we can’t just exclude ada that’s not staked to a currently valid pool from the consensus mechanism?

it’s definitely controversial. If unstaked and staked-to-expired-pools are not part of consensus, I don’t really see the reason to do it. But if it’s like <1% per year, only on balances that are over 60 years old, I wouldn’t have a problem with that. You can always move it.

the simpler and easier fix is some combination of:

1. if a pool’s KES keys are expired, don’t include any stake they have as part of the chance to mint blocks

2. make delegation/staking expire (on a long interval like 1+ year)

3. underwear

4. The protocol doesn’t know that a KES key expired.

5. This works but isn’t it the same as taking ADA from someone’s wallet after 1 year, as they won’t be earning rewards?

6. then make it the downstream effect of that: a pool that doesn’t mint at least once every 73/etc epochs stake is invalidated for the purposes of slottery mechanics.

7. still vastly preferable to actively reducing their balance

Is this to do with the fact that Cardano can’t tell the time? If so, that’s shit and needs to get fixed.
My understanding of certificates is that they can have an expiry date in them.

Only the owner of the cold.skey can generate new kes.skey for their pool, which in turn generates the new operational certificate. Only the owner of the kes.skey knows when it expires and no one has the kes.skey, only the pool operator.

okay but if they haven’t generated a new operational certificate, their pool isn’t valid so the stake is invalid? I still don’t get why this is an issue, except for obscure technical reasons which should be fixed, rather than taking people’s money.

WHAT HAPPENS IF A KEYS TO A LOT OF ADA ARE LOST?

CAN THE NETWORK IN THE FUTURE RUN WITHOUT HAVING TO TAKE MONEY FROM THE WALLETS OF LOST KEYS?

WE ALL GO TO SLEEP AT NIGHT BELIEVING THE ADA IN OUR WALLET IS NOT MOVING ANYWHERE WITHOUT THE KEYS REGARDLESS OF THE NUMBER OF YEARS A WALLET IS IN COLD STORAGE.

I am not sure what exactly you refer to as security issue, but density is just that (blocks created vs how many could’ve been created mapped against f coefficient) , losing 33% stake does not change equations by much.

Slot co-efficient (f) determines stake distribution frequency for the chain, and is currently set to 0.05 (thus, expected blocks per epoch in ideal case updated to 43200 * 0.05 = 21600). It can be update by BFT key holders as desired.

As for chain, what’s really important is having a block within window determined via securityParam (k) specified in genesis (3*k/f) , which is ~1.5 days on mainnet.

PS: Using legacy testnet for analogy is not really relevant, as the issue there was a unexpected bug - even now, that chain can be restored to sanity wrt density if there is a real need.

So from this I take it that even if people loose their keys in the future like for example let’s say 10,000 people loose keys to 10 B ADA in the future, the network would be still safe.

The consensus/protocol is not at risk in mentioned scenario , correct.