First-principles thinking means breaking things into their basic elements and then reassembling them from the ground up. By going into basics you can really deduct what is true and what is not, and question conventional thinking. Cryptoindustry would have benefited from it a lot during its ten-year period. There are so many misconceptions still floating around from classics like “cryptocurrencies will make banking industry obsolete”, to ideas that “smart contracts should be based on level 1.” This blog post is written to challenge conventional thinking about trust in permissioned and permissionless DLT systems. I wanted to make the read more enjoyable, so I borrowed the linguistic style from one of the most well known vernacular verbalist Mr. Donald Trump.
Imagine that you are arranging a business meeting for different industry players. They meet each other for the first time to find new ways to collaborate. How would you organize the event and build trust between participants?
You would probably ask them to make a brief introduction about who they are and do a background check about those facts before the meeting. Something along those lines. What you definitely would not do, is to ask everyone to come there with carnival masks on their faces and only tell other participants their net worth.
Yet that’s exactly what most of the modern cryptos are doing with their permissionless settings.
Permissionless fantasy was made famous by crypto hackers and Bitcoin about ten years ago as an alternative to permissioned solutions run by big data centers. Those hackers are not bad people. They invented many things. But serious projects have pretty much discarded PoW, because it won’t scale. Many people are also getting skeptical towards blockchain, because it won’t scale. And today we are going to talk about permissionless fantasy and guess what? That’s right, it won’t scale either. Not when we go beyond today's few thousand tps (transactions per second) and towards infinite scalability and sharding. Of course classical data center solution doesn’t work either, that’s for sure. But there is a third option.
Well get there, but first, what’s the problem?
When you increase tps, you hit the limit where nodes send as many transactions to each other as they can. To go further you need to divide the network into multiple parts. That’s called sharding. When you do that, network security goes down no matter what. You can try to tie those shards together like Ethereum does with its Serenity project, but that increases message overhead, and you are faced with the same problem that you originally tried to solve. When Serenity will be ready, it will have less tps with sharding than many other projects have without sharding.
If you take a system with huge amount of users, let’s say US dollar, is the power evenly distributed in the system? Of course not! Few people own almost everything. That happens in every permissionless system. And that’s why the system becomes too weak if you do sharding too much. By owning a small percentage of total power, you can do a double spend. So simple. No math can solve it. Cryptoprojects should give their mathematicians some other tasks, because math won’t help them here.
Permissionless solutions live in a vacuum. They only get their trust inside the system. In PoS or reputation based models the source of trust is token value (and node behavior in the latter). That will do in slightly sharded networks, but if you want real scalability, you simply need more trust. Much more, you need shitload of trust actually.
When you look around, you can see that trust is everywhere. You trust McDonald’s that they don’t spit into your burger. You trust to buss companies and hospitals. In some countries you might even trust the government.
These companies and institutions are going to use DLT, and would love to offer their name and reputation to secure the network, but modern DLT solutions neglect them. “Go away, or buy tokens if you want to help!” they say.
Try to imagine a layer of trust that combines most of the worlds financial and institutional trust into a single ledger in a decentralized manner. Well, I bet you can’t imagine it, but how about a huge barbecue party? Not some fancy pants' whiskey event where only 25 years old single malts are accepted, but a huge barbecue night where everyone is welcomed. Everyone can bring what they have, sit wherever they want and share their stuff with fellow people nearby. You can wear a carnival mask if you like, or come as you are. Your aunt brings carrots, Elon Musk or Dell bring something else to share. That’s the only way to accumulate enough to share for everyone.
Q: But we already can have up to (X) tps solutions that are permissionless?
A: No listen, I’m not talking about tps increase of some fold. I’m talking about infinite scalability. A layer of trust that covers every inch of the planet and secures all data and value needed for ever.
Q: Sound good but isn’t that a really hard thing to build?
A: It’s very simple. Let me show you:
You divide participants of the network into permissionless (A) and permissioned (B) groups. Group A have PoS or reputation based consensus and Group B has a consensus model that is based on trustworthiness score.
The score is determined when a company wants to join to the list of permissioned users and is determined by many factors (company size, age, type of participation, etc). Trustworthiness score determines users voting power in relation to other permissioned users in the shard the user is currently voting at (and has its node). Permissioned users can also be tied to do their job also by a legal contract.
After the company is on the list, it can put its nodes wherever on the network and use as many nodes it wants. Even if the company would put thousands nodes into a single shard it’s voting power in that shard would remain the same.
Let’s take a look at the chessboard. That’s a network sharded in one way. It doesn’t really matter for this example how you do it. We are the Royal King at D5 and every square is a shard. When I send a transaction, users of the shard confirm and store it. To get confirmed transaction needs to be accepted by a majority of both groups (A and B). If both groups have an honest majority they will accept it. Or, if by some reason groups end up to confirm different sides of a conflict, they can negotiate and settle the situation with preset rules.
If one of the groups is controlled by an attacker, it can halt transactions but not double spend. In this case an honest group can blow a whistle, and ask help from his neighboring regions.
“Phwwhht” “Hey, guys! We need a little backup here!”
When more regions join to solve the situation, the attacker has now a minority of voting power and the situation can be solved. In some settings it might even be possible to punish the attacker, which makes an attack even more costly for an attacker.
“You failed at your job. You’re fired!”
There should also be a safety limit. If some shard has too few participants in one group it should not be able to confirm transactions.
Very simple, right? Something like this is most likely doable, but it works only with permissioned group onboard. Who’s going to blow the whistle in permissionless setting? That’s why so many have failed to solve the sharding.
Look at this graph:
Red line shows how trust of a shard goes down in a permissionless network when the network is sharded
Yellow line shows how sharding in real life increases the amount of possible users, which increases token value and overall security. That partially compensates trust that a shard loses when sharding increases.
Green line is the system above. More sharding, more token value, but also more permissioned companies. Trust of a shard never goes down. It just scales!
Btw, some specialist say that trilemma will ultimately be solved by decentralized identifiers (DID). That may be the case or not, but DID is permissioned. Scalability won’t work otherwise. Everybody knows that. Those that are smart know that. Stupid people may not know that.
Why not accept that fact and start building on top of it. We need a layer of trust that combines most of the institutional and financial trust of the world into a single ledger. That’s what we are really looking for.
Q: Mr. Iodald, what if a company is not complying with the obligations they promised to do when joining the network?
A: We sue them! Next one.
Q: But trust is valuable. Companies won’t give it away for free?
A: In order to do business using the DLT companies will most likely have their own nodes, which means they will have to follow transactions of the region they operate in and participate in a voting at least permissionlessly. How do you think they will respond if you go to them and ask: “Would you like to get more voting power so that you can (with other companies) secure those parts of the network where you are doing business?” The answer is obvious. Also, we don’t need everyone to join, just enough participants to make it safe. It’s so cheap to run a node these days in modern DLT, that a single big company can easily run thousands of them. Billions and billions, and billions..
Q: How do you think this fits into Iotas vision?
A: With Iota the situation is ridiculously absurd. With Wasp nodes soon populating the network, they have the answer to scalability literally right in front of them. Permissioned nodes in the network, just not participating in the consensus. The answer could not be any closer.
Q: Any final words?
A: If Iota Foundation’s Board of directors needs some new faces, I might comply for a candidate. I’m not asking, just saying this if they need help. Let’s make Iota great again!
