Sure, I understand all this. I don’t know how to enforce this magical “best behavior” though. At the very least I don’t know how to enforce it without serious side effects.
I would like to give you an idea what we are already planning: With Alpenglow we ship a new way to collect metrics. As part of this, all validators will tell us how quickly all validators vote (everybody reports on everybody once per epoch). This data could serve as a basis for a “much more accurate TVC”. We could simply take the median (to make it simple) report and directly pay according to that. This is not only what you want (silly TVC), but so much better than what you want. It’s like TVC on steroids.
However, this “better TVC” solution has obvious issues:
You can earn more by not telling the truth.
You can improve by moving to a geographically more central location.
Problem 2 we cannot really solve with this approach, it’s inherent with anything TVC. It’s even a tradeoff: The better you make TVC, the more of a centralization problem you have.
Problem 1 we can also not solve, at least not without what we would call “crypto delirium” (i.e., 100x overhead just to do the accounting in a more secure way, and it’s still 99% insecure). Both 1 and 2 are serious problems. No TVC is better than “good TVC” that has serious side effects.
Look, I understand the sentiment: Why do these “stubborn researchers” not just do TVC?!? The truth is, we thought long and hard about these things, and at the beginning of this long thinking process TVC sounds like a reasonable (even obvious!) idea. But if you think it to the end, “no TVC” actually trumps “TVC” (mainly because of the two reasons above). I know that this is difficult to understand, and I could tell you much much more about this stuff.
I hope this helps you understand why we are not just stubborn. We actually thought about this a lot…
I don’t want TVC. I wish we could assess the work of a validator much better than TVC. For instance TVC rewards voting like the mob. Today when there is a choice between 2 forks, often the rooted fork is the failing one (empty block, too long block…). A validator voting for the alternate fork is penalized while it should be rewarded.
I don’t really understand your issue 1, but I can perfectly understand than there is no feasible way to do this assessment fairly, without side effects like centralization, or without opening the door to many abuses. If there is no feasible way, let’s stick with the minimal service.
I totally get the point that you are trying to get across that inflation is tax on non-stakers => reducing inflation reduces motivation to stake; and more inflation rewards the stakers at the expense of non-stakers.
However I would like to add another dimension to this discussion. In my view as long as REAL ORGANIC DEMAND (ROD) < NET ISSUANCE (NI), SOL continues to be purely speculative play with no fundamental bottom, because there is no motivation (except for speculation) to hold SOL as there is always more SOL coming to market than needed by the market. ROD is fees. NI is issuance minus burn. The sooner ROD > NI the sooner SOL becomes an investment rather than speculation. It will start to make sense to hold / accumulate SOL for hedging / operational / real demand reasons rather than just speculation because there will be less SOL coming to market than needed by market (meaning the real organic demand). This is why for example TRON which is technologically inferior, less transactions, more expensive fees, less TVL etc. has much lower volatility and keeps going up. The ROD / NI ratio is far more favourable for TRON than SOL.
So burning everything will probably benefit validators more because the breaking point when ROD > NI unlocking a new type of demand gets closer.
From purely technological perspective 10 geographically diversified validators may be better than 10000 validators on the same continent.
However from censorship perspective 10000 is incomparably more resilient.
In my view blockchain added value is more in censorship resistance than in technological reziliance.
How many times did you lose money because your bank´s system crashed? Exactly … never. Me neither. But I did lose money once because of some KYC AML nonsense without any basis just sending 10K USD from EU to my friend in Malaysia. This 10K is forever lost. Also I had my bank account disappear twice in two different countries because of some rules or regulation and had to fight the bank to get the money back. I am a normal person, not involved in any controversial activity and from EU country not on any sanction list. There are many individuals and even countries that lost billions because of sanctions, regulations etc.
From this perspective if USA decides that for example tomorrow everybody who buys from / sells to / invests in / travels to China is sanctioned they will have much easier job bullying / suing / shutting down 50 validators than 10000 to enforce that. If blockchain can not offer the kind of security that I dont get my account locked when for example I travel to China or I dont lose money when I transfer 10K USD to Malaysia, then why not just keep the money in the bank?
In my opinion, any blockchain that has easily bulliable number of validators can not be seriously considered for holding or transferring significant assets. I am not aware of any research that would estimate some minimum threshold number but I suspect 10 or 50 would definitely not be it. More like 2000 … 10000 on different continents in countries with different political alignments to feel comfortable and sleep well with my money on the blockchain.
From the perspective of big financial institution planning to put billions of RWA on Solana, what exactly does 20% malicious actors threshold mean? What is the worse 21% malicious actors can do?
Can they “steal” assets that are on Solana?
Can they double-spend? Around USD 37B is now staked. So USD 7.77B is approximately 21%. Can somebody stake USD 7.77B then transfer 10B on Solana and double-spend it?
What % of stake would attacker need to execute the above attacks?
What is the absolutely worst case they could do with 21%?
According to AI double spend would be theoretically possible if 40% honest validators vote for block A, 40% vote for block B and malicious actors with 20% vote for both blocks. But I guess with timeouts, lockouts etc. in practice it is more complex.
Accounts are protected by strong crypto, even if 99% of stake was compromised.
If somebody really gathers 21% of the stake (the price would go up substantially if somebody started buying a lot of SOL), then they can try to compromise the protocol. This is not at all trivial and subject to slashing. A $7B transaction would probably raise eyebrows. Somebody on the other side must be willing to take such a transaction. As you write yourself, even with 21% a double spend attack is absolutely not trivial, and needs other stake to split up their votes, which is highly unlikely.
If you really want to risk $7B+ to attack a blockchain, you are probably more successful by just bribing some key holders in a centralized exchange or the traditional financial system.
Geographic diversity is important. 10000 validators sounds great, but most of them would have very little stake (and hence very little voting power). From a security point of view, the most valuable validators and the most important. I think 100 well-diversified validators with roughly similar stake is sufficient for security. A few 100 might be better. Beyond 1000 you don’t gain much security.
The centralized financial system is easier to attack. Usually it’s enough to bribe/attack/etc. very few participants.
If every SOL was staked, then burning is the same as re-distributing among the participants.
Bitcoin already is a chain which is used for speculation because of its very limited (and shrinking) supply. While Solana also has a shrinking supply (shrinking inflation), the primary goal of Solana is to build a high-performance financial system.
Be aware that this is a topic outside of my area of expertise.
Thank you for your reply. My reply was more for Umberto … I agree with burning as much as possible which is the current plan - to burn 100% of voting transactions fees.
I decided to comment on the economics here because I think a good economic model is essential for a successful project and more so if the objective is to build high performance financial system. If the token price goes always down not just the speculators but also developers and validators will start considering other options. Also the USD value securing the network will go down limiting adoption potential. This is not to say that SOL token is always going down or to complain about the SOL economics. Just bringing in the awareness of the economics before major change. And I think your approach to basically keep the economic model as similar as possible to what it is at the moment and focus on the technology is probably the best.
Unlike BTC, I believe SOL has the potential of becoming a solid investment instrument and reserve asset with its value backed by utility (fees) and not just by speculation and narrative and therefore having its long term viability, development and validator participation secured … providing it can get to the point of fees > net issuance.
Crypto has shown that what can be hacked will be hacked. There are even reports, not sure how reliable, that countries have teams of hackers funded and sponsored by government, focused on hacking stuff including crypto. What is $7B for a country … Tom Lee has around $11B of ETH and the price of ETH is far from skyrocketing so it is feasible to accumulate these amounts. Now RWA on Solana is $2B and TVL around $6B so yes, $7B would definitely stand out immediately. But when R3 Corda $400B RWA lands on Solana then $7B will look much “smaller” and hopefully the vision is that there will be much more than that coming.
People can and do bribe banks and centralized entities and play centralized markets. But there is value for a rich attacker with billions to remain anonymous rather than try bribing people. LUNA for example (not the best example because it was not a hack): Somebody did the math and preferred to use hundreds of millions of USD to bring it down and short it anonymously rather than using 100M to bribe some exchange.
With all this on mind I was going through the mathematical proof that 20% is safe. And I was wondering the whole time what is the real practical implication if some malicious group gathered 21%. What could actually happen? What is the worst case scenario?
You mention that they could try to compromise the protocol. In what way? What is the worst they could do? If there is some document that I have missed that describes the risks of 21% attack, their potential worst case impact, and their mitigation, please feel free to refer me to it. I don´t mean to waste your time if it is already documented somewhere.
As for the double-spend scenario would it make sense for example to limit the transaction volume in one block to let´s say 50% of the safety threshold. So currently it would be aprox 3.5B. Total daily DEX volume is now 2B so it should not limit normal transactions. If attacker would create two addresses, use 21% stake (under very unlikely circumstances of the honest stake being split between two blocks) to double-spend 3.5B sending it to both addresses, he would still lose if the system can detect the double spend immediately and lock his stake, even if he managed to bridge the 3.5B from the two addresses to other network. I am sure the team have thought through all the scenarios and there are probably some better and simpler checks in place then what I have described. Is there some document in simple terms calming paranoid people like me and the decision-makers working in banks to not get scared with only 20% threshold? I can see how people will be using simplified (and I know that incorrect) arguments that Ethereum has 51% security and Solana only 20% so some simple solid calming down summary of what the 21% stake actually can and can not cause would be probably helpful from adoption perspective.
Thank you again for all your answers and all the hard work your team is doing on Alpenglow.
What could actually happen? What is the worst case scenario?
Baddie would buy tons of SOL.
This can hardly be done unnoticed.
SOL is up 100%, all other crypto stays the same.
Everybody is aware that something funny is happening.
Baddie eventually has 21%.
Baddie needs more funds for the actual attack.
SOL is up another 100%.
Baddie tries to make a huge trade in the order of $25B.
Nobody wants to trade.
The End.
Alternatively:
9. Two parties are actually willing to trade, despite all warning signs.
10. Baddie tries to double spend by having both trades in a slot for which baddie is leader.
11. Baddie must sign both blocks, we have a proof for an equivocation attack.
12. Baddie is slashed for 21% of stake because the fraud is obvious.
13. Moreover, there is a good chance that the doublespend does not even work because the baddie doesn’t manage to get 4 x 61% stake each time they need to get the certificates.
14. Baddie loses everything.
15. The End.
Now clearly, we could cap the maximum possible trade below the 21% security threshold as you suggested. I just don’t think it’s necessary at all. With so much evil money I can probably create more havoc in a centralized setting.
Note that the baddie cannot trade with themselves as you suggested since only one of the two blocks survives, since the next leader must choose a parent. So the baddie needs two gullible counterparties, and then the baddie need to funnel the money out of the system quickly enough before the second block is destroyed again (in less than 1 second). This seems impossible… but I had fun writing the Dr. Evil plot above.
It is a useful example. Just to clarify and confirm 100% my understanding, is the following correct: ?
The chain can never “fork” for more than one block (aprox 150ms). Any double-spend would have to take place within the 150ms window including sending it out of Solana network?
Any attack can only happen within the actual block that is being produced. Whatever happened in the past is immutable and untouchable and so are the account balances (subject to private key cryptography) regardless of how much stake does attacker have.
Slashing of the whole stake for double-spend behaviour is part of the Alpenglow spec and implementation?
And one more question. I don´t understand fully why in the Dr. Evil plot the Dr. needs counter-party. Could he have three accounts and send for example 30B from one account to his other two accounts in the same while spending it just once? So in theory (although I dont know how technically he would do it all within one block) he could send 30B, receive 2 x 30B and transfer it somewhere before one of the blocks gets destroyed?
A series of bad leaders can try to build two parallel chains. However, with our security assumptions, at most one such chain can actually get certified. The other chain without certificates does not matter. Would you call it a fork if somebody just builds contradictory blocks in their basement without any actual consequences?
Yes, as soon as something is certified, it’s immutable and untouchable.
Currently, Solana does not have automatic slashing. We will add it eventually.
For 1 and 2 you need to trust the 20+20 security assumptions. If an adversary had 80% of the stake, then they can do a fork and simply certify both chains just by themselves (essentially the Dr. Evil plot).
About Dr. Evil: Sure, without counterparty Dr. Evil can “clone” its money after a fork. But what’s the purpose of that? It would be clearly visible for anybody that two contradicting blocks have certificates (nodes send certificates around, so everybody would see it). At that point nobody would give Dr. Evil any goods (say, if they want to spend the money with a credit card, the credit card would likely be blocked by its provider), and likely Dr. Evil loses everything. Their only chance is to spend the 2x30B before anybody notices. And for this they need a (really dumb) counterparty.
