1. a majoritarian voting system, which creates
2. an economic penalty on minority opinion, which creates
3. a self-reinforcing incentive to side with the majority

Keynes intended his contest as an analogy for the stock market, but it equally describes Nakamoto Consensus, where consensus around the longest-chain also emerges through a voting mechanism that punishes anyone who disagrees with majority opinion.

Despite the obvious parallels, few academics working on “cryptoeconomics” have read Keynes, or other economists like Mancur Olson who focus explicitly on incentivizing collective action. Instead, computer scientists focus overwhelmingly on building distributed voting mechanisms.

This intellectual bias has led computer science to approach consensus as a problem that requires voting. The blindness to other approaches starts with the way academics conceptualize the problems – consider the way the Byzantine Generals Problem is invariably described with the assumption that participants must honestly or dishonestly signal their preferred courses of action. They vote and only then do they act.

This drift away from incentives towards voting mechanisms is a major intellectual hurdle in distributed systems development, because as soon as we create voting mechanisms we automatically create majoritarian attacks on them. But isn’t our goal is to avoid incentivizing collusion? Deciding how to distribute money based on majority opinion is not a workable approach.

And this is why understanding the Keynesian Beauty Contest matters. Because knowing that Satoshi designed Bitcoin as a beauty contest mechanism allows us to ask a simple question: why bother with the first step at all? Why add a voting mechanism? Why not look for a way to impose a cost-of-attack guarantee on malicious nodes that punishes attackers regardless of whether they control majority opinion?

Few people in distributed systems conceptualize the challenge this way, not trivially because many consider it an impossible problem, but there are already formally-proven methods of accomplishing exactly this. In our case, Saito Consensus does it by using “routing work” to increase the cost of producing blocks that orphan honest blocks, while also decreasing the amount of revenue attackers can earn from producing those blocks. Because of the way the payout mechanism works, attacking a routing work mechanism always costs money. Incentives impose a cost-of-attack directly of indirectly via a gameable voting mechanism.

By delivering what actually matters (the penalty and its results) without the need for a voting mechanism, routing work gives us all the benefits of the incentive structure in the Keynesian beauty contest (a self-reinforcing emergent consensus and natural incentive to cooperate) without adding the crippling majoritarian attacks. It gives us the properties that matter for distributed consensus without the technical vulnerabilities that come from adding majoritarian voting.

It will be interesting to see how long it takes computer science as a discipline to throw off its intellectual shackles. Until that happens governance will continue to add attack vectors into distributed systems. And the solution to those problems will doubtless be yet more governance. This circularity is a problem with using voting mechanisms, but not a fundamental feature of consensus design. We can do better. And in order to solve the fundamental problems we have to.

The post Nakamoto Consensus is a Keynesian Beauty Contest appeared first on Saito.

The advance is possible in mechanisms where attackers must expend a costly resource (“work”) to participate in consensus. Under these conditions, a malicious majority can be tolerated if the consensus mechanism can asymmetrically strip attackers of “work” over time and restore honest participants to majority status.

Asymmetrically punishing attackers is accomplished by taxing the only activity attackers perform which honest nodes do not: the orphaning of work from other participants. There is a precedent for this type of tax in Bitcoin, but the penalty fails under majoritarian assault. Securing a consensus mechanism beyond that requires making work-orphaning expensive even in situations where attackers produce all of the blocks on the longest-chain.

Framing the problem this way makes it clear why proof-of-work and proof-of-stake blockchains cannot solve it. In those mechanisms, the cost of orphaning work is identical to the cost of proposing blocks once attackers can propose a majority of blocks. When attackers spend resources to push the chain into stasis, the honest network is forced to spend an equivalent amount to resolve the deadlock. Honest nodes face symmetrical losses which prevents their recovering majority status.

The theoretical solution that improves security involves migrating the “work” used to produce blocks into the transactions that constitute them. Attackers may still produce blocks that route around those proposed by honest nodes, but the newly-orphaned transactions can be shifted costlessly into a new block and deposited at the tip of the attacker’s chain to resolve the deadlock. Preventing this requires a more aggressive form of work-orphaning: attackers must move the work-bearing transactions into their own chain. This form of orphaning-by-inclusion is profitable in proof-of-work and proof-of-stake designs but can be made quantifiably costly in others.

Routing work — the addition of cryptographic routing signatures to transactions — is the first known strategy that accomplishes it, modulating down the value of transactions for producing blocks as well as the expected payout from their inclusion. With a sufficiently high per-hop decay (50% or greater) attackers who orphan-by-inclusion face an expected loss from doing so, even if they produce all of the blocks in the blockchain. A properly designed mechanism not only exposes attackers to this cost, but forces them to pay it in a way that reduces their ability to generate work and participate in consensus.

The post Tolerating Malicious Majorities – Advances in Distributed Consensus appeared first on Saito.

We start with two straightforward claims:

proposition #1
nodes that use public routing work to produce blocks are disincentivized from delaying the production of those blocks, as that strictly reduces expected income.

proposition #2:
all participants are incentivized to share transactions publicly to induce direct competition between peers under proposition #1 and thereby secure the fastest confirmations for the lowest fee.

These claims can be formally proven but should be self-evident to anyone familiar with Saito Consensus. Under them, adding unnecessary routing hops to transactions is a strictly inferior strategy unless attackers compensate for the fall in the final-hop value of their transactions by adding their own fee-bearing transactions.

On The Irrationality of Self-Generated Routing Work

All sybil-attacks necessarily involve transactions where the attacker does not occupy the first-hop in the transaction path. This is trivially true: attackers cannot increase their payout by adding hops to transactions where they already have 100% of the claims on payout.

The irrationality of sybilling second-hop transactions can be proven by examining what happens when an attacker sybils a block with only one transaction, such as the following block produced by NODE B that contains 50 units of final-hop routing work.

With 100 SAITO in total fees and fifty-percent of those burned in the costly lottery, only 50 SAITO are available for the routing payout in this block. As transaction #1 is the only transaction that exists it has a 100% chance of selection in the payment lottery and NODE A has 2/3 and NODE B has 1/3 of the expected routing payout. We can easily calculate their expected income as 33.3 SAITO and 16.6 SAITO respectively.

The sybil attack we are concerned with involves NODE B adding an additional hop (“self-cloning”) to transaction #1 to increase its share of that transaction’s overall routing payout, while simultaneously creating the smallest fee-paying transaction needed to keep its final-hop routing work constant at 50 SAITO as per proposition #1.

This gives us the following attack block:

With 125 SAITO in total fees there are now 62.5 SAITO available for the routing payout. Our golden ticket mechanism will select the first transaction with ( 100 / 125 ) probability and the second with (25 / 125 ) probability. NODE A has ( 100 / 175 ) chance of winning if the first transaction is selected and ( 0 / 25 ) if the second transaction is selected.  NODE B has ( 75 / 175 ) chance of winning if the first transaction is selected and ( 25 / 25 ) if the second transaction is selected.  NODE B must finally deduct the 25 SAITO it has contributed to the block (that it spent to sybil) from its profits. Its expected income is now:

NODE A = 62.5 * (( 100 / 175 ) * 0.8 ) + ( 62.5 * (( 0 / 25 ) * 0.2 )) = 28.57 SAITO
NODE B = 62.5 * (( 75 / 175 ) * 0.8 )) + ( 62.5 * (( 25 / 25 ) * 0.2 )) – 25 = 8.92 SAITO

The attacker has decreased their expected income from 16.6 SAITO to 8.92 SAITO. It is easy to demonstrate that losses accelerate as the attacker adds more routing hops to transaction #1.

An Intuitive Understanding of Sybil-Proofing

Something fascinating happens when an attacker sybils a routing-work blockchain. Whereas all the fees in the block were previously potential income to the attacker, the lottery is now taxing their wallet directly.

For a routing work mechanism to be sybil-proof, it is sufficient to show that the tax on self-generated routing-work is greater than the total income a node 1-hop deeper in the network can expect from an equivalent amount of final-hop routing work. In the Saito Classic mechanism the tax is 50% of all fees put into the block, and first-hop nodes earn at minimum 50% of routing payout. Since any additional fees in the block by definition come from the attacker, it is theoretically impossible to generate positive expected income.

As long as the lottery tax remains provably costly regardless of the amount of routing work that the attacker has in the block, any network that has the same work-decay and payout-decay functions as Saito Classic by definition inherits the same sybil-proof properties.

In practice, our goal is to force cost-of-attack significantly above 100% of fee-throughput, so that in a best-case scenario the attacker is hemorrhaging money rather than merely breaking even. This requires the introduction of a staking payout and the increase in cost-of-attack that can come from the added difficulty of finding combinatorial lottery solutions that simultaneously issue the routing payments from multiple blocks to the attacker .

In the paper referenced above, we show very clearly that cost-of-attack is a minimum of 137 percent in a network with such a structure. This means an attacker must spend ~137% of network fee-throughput to earn 100% of the fees in that block which do not come from their own wallet.

With full control of the staking table, the attacker can eke out profits at approximately 75% control of the staking table.  This can easily be addressed in the paper as mentioned – by the imposition of an income cap that limits payouts to 125% of a smoothed average. Under these situations cost-of-attack rises much higher than 137% to start, and remains above 100% even if attackers gain full control of the staking payout.

The post A Simple Proof of Sybil Proof appeared first on Saito.

https://timroughgarden.github.io/fob21/l/l9.pdf

From the Saito perspective there are some problems though. The most significant is that it is incorrect to view public blockchains as sybil-resistance mechanisms wrapped around consensus algorithms. We understand why many researchers like this dichotomy. The distinction is easy to teach and feels productive.

But the dichotomy is incorrect. Once any network offers an outbound payment for performing a work function that function no longer constitutes a sybil-resistance mechanism: you cannot refund payments and still count purchases as expensive. Under these conditions what imposes cost-of-attack is the consensus layer, which decides which nodes receive spendable tokens in exchange for their work.

Computer scientists typically deal with this problem by axiomatically assuming that a majority of miners/stakers are honest. Under these conditions there *must* be a cost-of-attack, and if there is a cost-of-attack surely we should attribute it to the hashing or staking function where the money is spent? This feels like a harmless exercise – no shortage of papers start by making assumptions about node honesty and then derive formal proofs of security from these and other axioms. The problem is that we are doing this to maintain the illusion that the sybil-resistance layer is operating independent of the consensus layer.

Once you break this illusion you are pulled towards a more powerful reality – the realization that consensus mechanisms impose cost-of-attack by asymmetrically taxing attackers. Nakamoto Consensus achieves this by keeping hashing costs constant for all nodes, but decreasing the expected return for attackers, who must build multiple blocks in the same time their honest peers need produce only one.

It is true that in Bitcoin this asymmetrical tax collapses in the face of a Byzantine majority. And while there is no theoretical reason to believe this problem is unsolvable (do all forms of asymmetrical taxation have this weakness?), the coincidence will likely stir critics to ask why we should favor any particular framework over another if both end up predicting failure in the face of majoritarian assault?

And the answer here is that both approaches are not equally vulnerable. If you believe that your sybil-resistance and consensus functions are distinct in the way Tim and others posit, you do end up trapped: it is pointless to strengthen your consensus mechanism against malicious majorities if their existence undermines a fundamental axiom you need to keep your network secure. The framework you adopt essentially defines majoritarian attacks as an unsolvable problem.

But if you focus on the way consensus mechanisms asymmetrically tax attackers you have an open road ahead. Because you are suddenly looking for additional behavioral differences between honest nodes and attackers that can be (1) observed in distributed systems, and (2) leveraged to make proposing changes-of-state more costly for attackers than honest nodes.

This more accurate worldview encourages us to manipulate the same economic levers that Nakamoto Consensus does. It teaches us to improve on Satoshi’s solution not only by decreasing the payouts we offer attackers, but even doing things that no proof-of-stake or proof-of-work network can accomplish: asymmetrically increasing the cost that attackers pay to propose blocks. The routing work mechanism that Saito Consensus introduces simultaneously accomplishes both of these objectives.

At the end of the day, definitional frameworks matter. With an inaccurate worldview, partisans are forced into axiomatic frameworks that make progress a theoretical impossibility and steer them away from viable solutions. Shifting to a more accurate framework easily doubles the size of our solution space, and permits the development of mechanisms like Saito that can continue to impose cost-of-attack on attackers even in the face of malicious majority coalitions.

The post An Open Comment on Tim Roughgarden’s Lecture Notes on Blockchain appeared first on Saito.

French Whitepaper – Whitepaper en Français

As a personal aside, it’s particularly nice to have a French version of the Saito whitepaper given that some of the more radical ideas in our advanced section are quietly indebted to the great French philosopher Alexis de Toqueville, one of the first political theorists to suggest that self-balancing coalitions are the best way to create stable and open governance mechanisms. Saito’s idea of having routers, miners and users engage in a tripartite battle over the network PAYSPLIT harkens back to him in an obvious way.

Although many English-speakers will have read snippets of his Democracy in America, not many tackle his second and arguably greater work The Old Regime and the Revolution, in which Alexis returned to the French Revolution to ask why it failed and why France descended back into authoritarian control. His answer: with the contending minority interests of French society effectively decimated by the willful centralization of pre-Revolutionary royal rule, French society lacked the complex domestic forces needed to prevent its democratic experiment from descending into tyranny and mob rule.

There should be much more awareness of these ideas — and much less naiveté about on-chain voting generally — in the blockchain space. One of the questions Saito asks — and one to which we are not sure of the answer — is whether we can modify our current mechanism and balance participants off against each other in ways that allow us to do things like spend more on scale when needed and increase cost-of-attack when appropriate. We hope that as more people come to understand Saito we will get more assistance thinking through these questions as a community.

In the meantime, we hope that this translation will help some of these “radical ideas” reach receptive ears on their native soil. Thank you again, Maxime!

The post Saito Whitepaper – French Translation appeared first on Saito.

On the off-chance you haven’t heard of Friedrich Hayek, he was one of the mid-20th century economists who witnessed the ascent of the Soviet economic model and fought a rear-guard action in defense of capitalism. Whereas his fellow Austrian emigre Joseph Schumpeter saw free markets as superior because of their ability to drive innovation (“creative destruction”), Hayek argued they were necessary to set prices at levels which are “not given to anyone in [their] totality” and thus cannot be optimized by central planners.

Hayek’s seminal essay The Use of Knowledge in Society outlines this most succinctly, asking how state planners can ever know how to allocate resources? What Hayek saw that many others missed is that prices do more than incentivize people to produce things: they value all goods and services in relation to each other at rates Hayek called their “marginal rates of substitution.” Letting these rates self-adjust in response to the floating preferences of consumers and producers is how free markets allocate resources efficiently, incentivizing more of X and less of Y if doing so provides greater social value.

The subtlety of Hayek’s emphasis on relative-prices is usually missed by crypto-libertarians, who see tokens incentivizing arbitrary forms of work and imagine they have a free market at work. Ask exactly how the market is pricing work and most will get confused: isn’t the free market providing hashpower to Bitcoin? Aren’t users paying fees? Yet the problem has never been creating incentive structures or charging fees: state planners do both of those very well.

To see the actual problem, try inverting Bitcoin. Imagine we paid nodes in the P2P network and asked volunteers to hash for free. Would we get an optimal amount of security? What about an optimal number of P2P nodes? If more hashing would encourage more P2P nodes and greater network usage, would volunteers be incentivized to spend more money on hashing?

The intellectual error most people make here is forgetting that when a consensus algorithm pays nothing for something, it is assigning a price (of zero) and manually defining the “marginal rates of substitution” between that and other necessary inputs. The fact that the consensus mechanism is a machine does not stop it from acting as a de facto central planner. Robots can fix prices too!

Were Hayek still alive, he would be the first to point out this abuse of free market economics. He would also never accept the what-me-worry reassurances of technocratic dilettantes that perhaps things will work out. As Hayek would point out, the fact that we have an external market controlling the flow of funds into an internal market means that our two layers are never independent, and can never be subject to a rationalizing outside force.

In this environment, the only way the free market can price inputs efficiently is by putting the cross-market allocation of resources within the firm, so that internal profit-maximization strategies minimize wasteful spending. Like this approach or not, the result will clearly look much less like a permissionless network and much more like Google or Amazon. Replacing volunteers with firms doesn’t suddenly make firms behave like volunteers.

This news is depressing for those who have eyes to see it, in part because so few people seem aware of it, and in part from the irony of watching Silicon Valley’s libertarian class repeat the same price-fixing errors their Marxist counterparts did a century ago. The machines may change, but the technocratic hubris remains the same.

So while we can get to Saito Consensus by reading public choice theory, even the Chicago School can teach us something most libertarian crypto-bros fail to see: the rise of dominant network-layer service providers like Infura and TAAL is far from a swan song of “centralization” before technical maturity delivers a golden age of radical decentralization — it is the direction the free market itself is steering POW and POS networks out of their need to induce provision of the infrastructure their consensus mechanisms cannot price and pay for, but on which they are dependent for continued survival.

The post Technocratic Hubris: what Hayek would say about Bitcoin appeared first on Saito.

David presented to a panel arguing that It’s Openness Not Decentralization That Matters in Blockchain. The Saito co-founder argues that the properties that people believe come from decentralization actually stem from openness – the inability to exclude people from the chain.  He continued that openness is not free; we need to pay for open data flows that support it and allow free competition in the network. In the original design, bitcoin, volunteers took care of this work but as these networks scale the responsibility for doing that needs to shift to for-profit firms in the private sector and as it turns out economics has a ton to say about the massive problems that computer scientists are running into doing this. This is what’s happening with the peer to peer network right now. In every scalable blockchain miners and stakers do not want to run the network. They are letting their responsibility for that be handled by other people. This is the Ethereum network where everybody is free riding on Infura.

There are three kinds of solutions in the blockchain industry. The first is the emergence of networks that return to volunteer provision and these networks can be open. Anybody can join but they cannot scale beyond the point that volunteers will provide infrastructure. The second solution is we can invite the free market to pay. But, the private sector will create barriers to data sharing to create opportunities to profit. So we will end up with these scalable networks that are permissioned networks that are dominated by monopolies in the network layer that’s what we’re seeing with Infura.

Saito replaces mining and staking with a form of work where we can route work which adds cryptographic signatures to the network layer and it basically pays people for the work that they do efficiently collecting money for the network. So it’s a non-extractive form of work otherwise the network has the same properties as POW and POS.

The post Saito Co-founder David Says Openness & Self-sufficiency Matter in Blockchain at Blockchain Research Roundtable Event appeared first on Saito.

While honest users build on the chain-tip, attackers build from a block at least one confirmation deeper into the chain. 

This difference exists because attackers who are re-organizing the chain must produce two blocks in the same amount of time that the honest network has to produce merely one. The network exploits this difference to tax attackers: the cost of producing blocks is identical for wolves and sheep, but sheep who produce at the tip of the longest-chain are far more profitable.

So blockchains do differentiate between wolves and sheep – they do it by taxing behavioral properties that any node might exhibit, but that attackers must exhibit. It does not matter if this tax occasionally penalizes an honest node with an unfortunately dim view of consensus. As long as attackers are disadvantaged relative to a subset of honest nodes, the network can maintain its cost-of-attack while incentivizing honest behavior.

But don’t majoritarian attacks put wolves back on equal footing with sheep? Some developers may make this claim (“what I meant was…”) but note the shift in logic: they have moved from asserting there are no behavioral differences between wolves and sheep to asserting that no differences exist which can be leveraged to penalize wolves in majoritarian conditions. And this claim is also false.

All we need to disprove it is a single a difference that can systematically tilt income away from all wolves and towards an unknown subset of sheep. And it turns out there is at least one behavioral difference with this property:

When an attacker puts a transaction (that will be profitable for them to collect) into a block, they must be one hop deeper into the routing network than at least one honest node or user.

If an attacker is making money producing blocks, those blocks must by definition contain fees that come from someone else. In the absence of a block reward, every wolf that is not burning their own money to produce blocks must have at least one transaction in that block that was routed to them from an honest user or sheep, either sent to them as an unconfirmed transaction or stolen by them from a previously-published block.

As with Bitcoin’s tax on re-org depth, this difference can be leveraged to suppress the profitability of wolves: simply make block production more costly for deep-hop nodes, while forcing them to compete with shallow-hop nodes for control of the longest-chain. Saito does this by halving the value that fees contribute for producing blocks with every hop a transaction takes across the network. Any node at routing depth N+1 can produce only half the blocks and/or earn half the profits as a node at position N given the same set of transactions.

Taxing fee-transfers this way puts attackers at a disadvantage in producing blocks. This solution is counterintuitive to POW and POS developers as it requires the ratio between two variables that are fixed in their networks (cost of block production and income from producing blocks) to float. It also requires something missing in both POW and POS: cryptographic signatures that track who routes fees inwards towards block producers. Saito then tightens the noose further on wolves through a cryptographically-biased lottery that makes collecting payments less statistically likely for deep-hop nodes.

To conclude: security mechanisms in blockchains do not identify bad actors by intent. In this sense, those who insist it is impossible to tell the difference between “wolves” and “sheep” in blockchains are forgetting something they used to know: blockchains have always imposed cost-of-attack by taxing behaviors which must necessarily be exhibited by wolves and simply not caring if the trap ensnares a few unlucky honest sheep in the process.

The post Wolves and Sheep appeared first on Saito.

I don’t envy your position as public enemy #1 for the cryptocurrency goldbug set, but it’s clear from your recent editorial that your ongoing feud with them over deflation is blinding you to what is exciting about blockchain. And there is much for economists to love. Let me explain.

Bitcoiners are trying to create a public good (a non-excludable and non-rival data network) that is also self-sufficient (pays for its own provision). Mancur Olson taught us this is impossible: that the free market demands enclosure as the cost of provision.

Except this isn’t impossible with blockchain, because Satoshi Nakamoto did more than invent a token: he structured it in a way that paid for the supporting network. That’s a bit like requiring the pasture in the tragedy of commons to be a clearing house for wool-futures and using the income from its trading arm to cover maintenance of the grasslands.

The fact that cryptocurrencies control how fees flow into and out of the network allows them to pay those who contribute to the commons. This can be done without the collusion or privatization Olson believed was necessary. And it opens the door to an entirely new class of solutions to collective action problems. Best of all, the hard part isn’t even the technology. The difficult problems here are economic: how to measure the value participants contribute and pay for it at market rates without compromising the security of the network.

Once you start seeing Bitcoin as a nascent kind of public good, you’ll realize that the network is even more deeply flawed than you imagine and that the people supporting it are not even libertarians at all. Satoshi quite clearly cut corners on self-sufficiency by requiring volunteers to run critical infrastructure, for instance, and his solution (“from each according to his ability, to the miners according to their hashpower”) only resembles free-market capitalism if we squint rather hard.

In the last decade we’ve also learned that the security and openness of these networks is far more dependent on this volunteer-layer than previously recognized. So it is no wonder most cryptocurrencies are having trouble scaling. Making matters worse, almost no developers understand the economic foundations of what they are building: most attribute the openness and self-sustainability of Bitcoin to its decentralization rather than its volunteer-provision, which is a bit like imagining that children get free candy on Halloween because the houses are distributed in space.

But you should put aside the obvious failures in their attempts. Because mining might be broken. And staking might be broken. But the door is open to something important: a new class of public goods that can sustain themselves in the absence of an owner and help us push back against monopolistic encroachment in our digital commons. And all that is standing between us and this reality is fixing the incentive structure that Satoshi abandoned.

So have some empathy for the crypto-classes. If it’s challenging for you to see Bitcoin as a nascent kind of public good, imagine how difficult it must be for them, non-economists cosseted in an ideology that teaches them free markets can never fail. The people embracing Bitcoin do have an admirable desire for egalitarianism. Is it any wonder they read that idealism into a virtual token and defend it using an analogy to gold? Surely no more unreasonable than you — in objecting to their arguments — doing the exact same thing.

At a minimum, you should stop making objections to cryptocurrencies on the grounds that private companies like Venmo provide commensurate services. Arguing that public goods are pointless because private ones exist is no different than arguing Linux is useless because Windows is around. The properties of openness and non-excludability that characterize public goods may be abstract, but they are very real in terms of the permissionless innovation they unleash. And if you still care about net neutrality, for instance, you should also realize that the open data-layers these networks support will ultimately be as if not more important than the financial tokens that sustain them.

And if you want to help, please send the economists. The biggest problem in the blockchain industry right now is the lack of understanding developers have of the underlying economic problems they face. This is why most chains are enclosing (hello, Mancur) previously-open networks components in a bid to induce the private sector to scale them. Delivering on the promise of a genuinely public blockchain will require something harder: aligning the incentives in these systems with market-based price signals. And that is a problem that has everything to do with economics and absolutely nothing to do with gold.

Best Regards,

David Lancashire
M.A. University of California (Berkeley)

The post A Response to Paul Krugman from a Keynesian Bitcoiner appeared first on Saito.

As proposed by Vitalik Buterin, the scalability trilemma asserts that it is impossible to increase decentralization, scale or security in a blockchain without decreasing at least one of the other two.

Vitalik’s proposition is self-evident in the sense that increasing scale requires concentrating expenditure and increasing decentralization requires spreading it out. So the only way you can increase both simultaneously is by finding an external source of funds — defunding your security mechanism. But does this actually say anything meaningful about blockchain security?

Saito shows that it does not as in a Saito-class blockchain the network gets security from the division of funds across the routing network. So the routing network can reconfigure into topologies that don’t affect scalability but simultaneously increase both the cost-of-attack on the network as well as its decentralization.

For a very trivial example, picture a Saito network with two nodes. Node-A collects 80 percent of fees and produces 80 percent of blocks. Node-B collects 20 percent of fees and produces 20 percent of blocks. These nodes have a cost-of-attack on the network inverse to their share of fee-flow.

It is trivial to see that users in this network could shift 20 percent of their transaction flow away from Node-A and to a new node: Node-C. The distribution of block production is now 60-20-20. The cost-of-attack on the network has increased. The network is more decentralized. But scalability is unaffected.

Or is it? And while there may be some objections that I suppose someone might make, note that they require removing “security” from the discussion and retreating to a “scale-vs-decentralization” dilemma that has nothing to do with security and thus nothing particularly interesting or meaningful to say about it.

The post The Scalability Trilemma is either Irrelevant or Wrong: here is why appeared first on Saito.