Nakamoto Coefficient of Dash Platform’s Tenderdash
A Nakamoto Coefficient is a measure of a blockchain’s decentralization. It’s determined simply by counting the number of entities required to compromise a subsystem of a network, such as the number of collaborating developers required to change the code or the number of colluding miners required for a 51% attack. A higher Nakamoto Coefficient indicates higher decentralization. Some evaluations of Nakamoto Coefficients are only concerned with individual subsystems, while some will add the coefficients of the subsystems together to give a more general measure for the overall network.
In one of my previous articles, Decentralization of the Dash Masternode Network, I briefly discussed the Nakamoto Coefficient of Dash Platform as it pertains to validator consensus. I concluded that the coefficient was 34 because 34 nodes make up ⅓ of a 100-node Tenderdash quorum, and with ⅓ control of a Tenderdash quorum, an attacking entity or group would have the power to halt or censor the chain. While many evaluations go by this metric of simply counting the number of nodes, another, arguably more useful one, is to consider the number of colluding node owners required to compromise the network. In other words, what is the minimum number of colluding current masternode whales that would be required to control ⅓ of a Tenderdash quorum?
Platform Progress
Since the writing of that article, the high-performance masternode (HPMN) solution under discussion has been implemented and HPMNs have been renamed to evonodes. There are currently 73 active evonodes and the number is growing steadily. Dash Platform is on track to launch within the next few months and the number of evonodes is expected to top out soon after at around 450, due to the yield equilibrium mechanism between Core and Platform.
Community members XKCD and Demo are working to incorporate evonode tracking into mnowatch.org, with some statistics already available. On the Classifications page, which associates masternodes to single entities, if you click on an entity, you can see how many of their nodes are evonodes. None of the top 10 whales have any evonodes. The 12th largest masternode whale, Crowdnode, is the largest evonode whale with 15. The next largest evonode whale, euvo, has 5. There are two more entities, qwizzie and twotimes, who have 2 evonodes each, and the remaining 49 are mainly held by unidentified entities. “Unidentified” means they almost certainly don’t have many masternodes, and likely, for the most part, only one evonode each.
Current distribution of power amongst evonode entities. Source: mnowatch.org
Again, with ⅓ control of a Tenderdash quorum, an entity or group would have the power to halt or censor the blockchain. Since ⅓ of 73 is about 24.3, and it takes a minimum of 5 entities to control that many nodes, this brings the current, projected Nakamoto Coefficient of Dash Platform’s Tenderdash to 5. However, calculating the actual Nakamoto Coefficient won’t be so straightforward, and it will likely be a bit higher because, in reality, Tenderdash works via rotating 100-node quorums, which are randomly selected from the full set of evonodes approximately once every hour. Since there aren’t enough evonodes to form quorums, first of all, Tenderdash wouldn’t even work yet. Furthermore, assuming a total of 450 evonodes, the chances of an entity getting all their evonodes into the 100-node quorum, even if they have 34, are practically never 100%, due to the rotation factor. Bear with me…
Tenderdash Quorums
Say there are 450 total evonodes and the largest evonode whale controls exactly 34 evonodes. Technically, the Nakamoto Coefficient would be 1 in this case, going by the previous logic. However, the chance that all 34 of their nodes will be selected for any given quorum is 0.000000000000000000000038% or 3.8 E-23%. Basically, it’ll never happen, so it’s unfair to say that the Nakamoto Coefficient would be 1, when in the case of other blockchains’ consensus mechanisms (I’m not aware of any who rotate quorums like Tenderdash), the validator set is always the same, so the percent chance of an entity gaining ⅓ control of the set if they have ⅓ of the nodes is always 100%.
So the question arises: what percent chance of being included in a quorum should we consider for our determination of the Nakamoto Coefficient of Tenderdash? Well, you only need to gain ⅓ control of a quorum one time to compromise the network, so having a 100% chance of being included in any given quorum is too high. 0.0001% is too low because, in that case, there’s only about a 1% chance that the attacker(s) will gain ⅓ control of a quorum even once in any given year. I’m going to venture to say that, under the current design, having a 0.01% chance of gaining ⅓ control of any given quorum is a fair place to compare Tenderdash consensus with the others, because at that point, the entity or group would have a 65% chance of gaining ⅓ control of a quorum once per year, so we could expect it to happen about once every two years. Further context on why I think this is a good threshold is explained in the next section, but basically it’s already extremely unlikely that an entity or group would be malicious and actively looking for their chance to halt the chain, and considering that, just having the chance any less than once every two years I argue is negligible.
Percent chance of gaining ⅓ control of a Tenderdash quorum
To have a 0.01% chance of gaining ⅓ control of any given quorum, again assuming 450 total evonodes, an entity or group would need to control 90 evonodes. If the current top two masternode whales convert all 499 of their combined masternodes to evonodes, they’ll have 124, making the hypothetical Nakamoto Coefficient 2. However, it’s doubtful we’ll see them do so, mainly due to the yield equilibrium mechanism and the unlikelihood of them purposefully attempting to harm the project they have such large stakes in. A more likely scenario is if the top whales convert something like one-fourth of their current masternodes to evonodes, in which case the Nakamoto Coefficient would hypothetically become 16. Regardless, these numbers remain speculation until we actually get over 100 evonodes and Platform launches on mainnet, at which time we can revisit the topic and get a hard number.
Nakamoto Coefficients of Dash Platform (hypothetical) and other popular blockchains. Source: nakaflow.io
Attack Vectors
So, what if an entity does end up gaining control of at least ⅓ of a quorum and decides to attack the network? What exactly can they do? How bad would it be? Well, exactly how bad it would be depends on how many consecutive quorums they’d be able to control. When controlling at least ⅓ of a quorum, they would essentially have two powers:
- They can halt the Platform chain. By abstaining from voting, voting against all blocks, or simply taking their nodes offline, they can prevent progression of the chain. This issue can be resolved via a manual restart, which might take a few hours if it wasn’t anticipated. No blocks would need to be rolled back. However, if the entity controls enough nodes, they may be able to just halt the chain again upon restart, over and over again into eternity. A punishment mechanism that works to prevent them from repeatedly doing so would be useful here.
- They can censor Platform transactions. Basically, they can vote against all blocks containing transactions they wish to censor. Again, this would only last as long as they control the quorum. As soon as a quorum arises that they don’t control, the transactions will be able to pass through consensus, as they’ll most likely still be in the mempools (evonodes can set their own eviction times for transactions in their mempools). Again, a punishment mechanism would be useful here.
While it isn’t super relevant to the current Nakamoto Coefficient discussion because it would require a much higher number of nodes than a ⅓ attack, I will note it here since we’re on the topic: if an entity controlled greater than ⅔ of a Tenderdash quorum, they would have much greater powers. They could:
- Double-spend.
- Approve invalid transactions.
- Effectively rewrite the blockchain’s history.
This would be akin to a 51% attack on Bitcoin or proof-of-stake Ethereum and would likely warrant a rollback. However, it would require 207 nodes out of 450 just to get a 1% chance of gaining control once a year, as opposed to the 90 nodes required for a 65% chance of gaining ⅓ control of a quorum once per year. To be clear, in both of these cases, these powers would only apply to the Platform chain. Dash Core would remain unaffected.
Punishment Mechanism
In terms of what the punishment mechanism to help prevent repeated ⅓ attacks might look like, what first comes to mind is slashing a node’s stake if they are obviously intentionally trying to halt the chain. For example, we could take a quarter of a validator’s stake (1000 Dash) if they vote against every block proposed while they are an active validator and take an eighth of their stake (500 Dash) if they go offline while participating in an active quorum. The problem with this solution, however, is that under the current design of Dash’s proof-of-stake model, evonode owners don’t actually lock their stake into the blockchain. Their stake remains in their wallet, and rather, they prove via a special transaction that they have the collateral for running an evonode. If they spend that collateral, the network will know and their evonode will become invalid. Taking collateralized Dash out of someone’s wallet isn’t possible (or a desirable solution), so something else would need to be figured out. Two potential routes are:
- Actually requiring evonode stake to be locked into the network and slashing.
- Implementing a scoring system and suspending nodes above a score threshold.
Nevertheless, upon implementation of some punishment mechanism, we could drastically increase the threshold for the percent chance of controlling a quorum in our determination of Dash Platform Tenderdash’s Nakamoto Coefficient. For example, even if an attacker obtains enough nodes to have a 5% chance of gaining ⅓ control of any given quorum, which would allow them to halt the chain approximately once every two days, after halting the chain once, 34 of their nodes could be slashed, therefore taken offline, and their percent chance of gaining ⅓ control of a quorum would be reduced from 5% per selection to 0.007%. It would also result in a loss of at least 17,000 Dash if we slash 500 Dash per node, which is $425,000 at the current Dash price of $25. Again, this is just a rough idea of what could be done.
Conclusion
It’s important to remember that the likelihood of an entity even getting the opportunity to commit an attack, as described in this article, is very low in the first place, as it would require significant financial investment to gain enough evonodes. It’s around $9M for 90 evonodes at the current Dash price of $25. Furthermore, even if some entity does get the opportunity, there are no direct financial incentives to attack. Rather, there is a significant financial disincentive since they have such a large stake in the network, which would likely be at least partially lost due to the price of Dash potentially going down upon a successful attack on the network. There is, therefore, really no need for concern at this time, especially considering the current distribution of power amongst masternode entities, which is sufficiently decentralized. Still, development of a punishment mechanism for misbehaving evonodes, such as some form of slashing, might be a reasonable feature to implement as an extra safeguard sometime in the future.
Anyway, I look forward to revisiting the topic and getting a hard number for the Nakamoto Coefficient of Dash Platform’s Tenderdash in a few months after more evonodes are up and running, hopefully along with Platform and a much higher price of Dash.