Proof of Stake and Regulatory Laws: A Matter of Technology— Part 1
Disclaimer: The content of this series of articles is for informational purposes only and it is solely based on personal opinions. It is not intended to provide any legal or investment advice. Readers should do their research and engage with professionals before making legal or investment decisions.
In this series of two posts, I will discuss regulation and blockchain, with a focus on Proof of Stake protocols. This series is intended to outline the importance of technical aspects when it comes to regulation. In this post, I will discuss the principal regulatory challenges faced so far by authorities, and why it is important to consider different shades of technical designs before making hasty decisions on governing rules.
Introduction
The Proof-of-Stake (PoS) protocol allows large-scale, public, blockchains to achieve consensus in a permissionless fashion. It is an alternative to the energy-wasting and low-efficient Proof-of-Work (PoW) adopted by first-generation blockchains like Bitcoin. PoS has been conceived to be more accessible, inclusive, and efficient than PoW. It does not require high computation and thus does not involve costly hardware or high energy consumption. This makes PoS more economically viable than PoW and, consequently, enables lower transaction costs.
The PoS is `de-facto’ the consensus protocol adopted by the majority of blockchain platforms today. Indeed, the crypto tokens governing those networks are among the most capitalized and traded cryptocurrencies on the digital assets market.
The market of digital assets today counts $1T+ of capitalization value with trading volumes over $30B per day.
Regulation in the crypto assets industry
In response to recent scandals in the digital assets sector — e.g., the collapse of the FTX crypto exchange in 2022 — regulatory bodies worldwide have started taking significant actions against the crypto industry, with the aim of improving investor protection and market integrity.
In this context, PoS tokens received special attention given the rising of related investment services like `staking’ — a form of deposit of crypto that generates profits — that might lead PoS tokens to fall into the category of investment contracts, and thus securities.
On May 2023 the European Union approved the first EU regulatory framework for Markets in Crypto-Assets (MiCA) which formalizes three classes of digital assets: (i) utility tokens, (ii) asset-referenced tokens, and (iii) electronic money tokens. In PoS, the underlying tokens are used to secure the network and cover the operational costs (as we will see later in this article). This type of token seems to lie in the first category, which by MiCA’s definition, does not represent securities.
“MiCA will support innovation while protecting consumers and the integrity of cryptocurrency exchanges.”
While the EU is moving fast toward the definition of precise rules clarifying the differences between categories of digital assets, the regulatory situation overseas does not look so clear.
In recent months, the U.S. Securities and Exchange Commission (SEC) has embarked on an `enforcement-first’ campaign targeting crypto asset trading platforms, imposing penalties on them for offering several trading services with unregistered security tokens.
The SEC tends to classify almost all crypto assets as securities under the
Howey Test framework.
The SEC’s chairman Gary Gensler stated that most PoS protocols that generate profits in the form of newly minted tokens could be considered investment contracts. For example, in the case of staking providers running and managing computer infrastructure that investors can use to join the staking protocol and earn rewards (e.g. a $30 million fine has been imposed on the crypto exchange Kraken for such activities).
The Howey Test is a framework based on four tests adopted by the SEC to determine whether a financial instrument can be classified as a security. In particular, a financial asset is considered security the following tests are verified:
(a) an investment of money;
(b) in a common enterprise;
(c) with a reasonable expectation of profits;
(d) derived from the efforts of others.
Staking is not the only parameter used by SEC to classify a crypto asset as a security. In particular, the Howey Test (d) has been also applied to other cases. For example, in a recent lawsuit against the crypto exchange Bittrex, the SEC identified some PoS tokens in which well-known entities demonstrably supported the development of the protocol. The SEC claim was that the work done by those entities influenced the market price of tokens. Thus, they considered those tokens a security — people would have invested with the aim of taking profit from the actions embarked on by those entities.
However, such a claim seems to neglect (or ignore) some of the foundational principles of blockchain systems: remove intermediaries and centralized control. Having someone in control of the system itself seems contradictory in blockchains. Decentralized systems have revolutionized traditional infrastructures, and thus applying a test used for traditional financial services, like the Howey Test, might turn into a big mistake.
The “effort of others” and blockchain
A blockchain is a decentralized infrastructure in which no central authority or group of authorities has control. From this argument, it arises the first discrepancy with the Hoewy Test (d) — who has the power of controlling, and thus influence the price of crypto tokens?
It is true that almost all PoS-based systems (but in general any blockchain) are supported by companies promoting their adoption, however, any of those have as a main goal of reaching full decentralization. This transition from centralized to decentralized governance requires time and does not come for free. Indeed, most blockchains attract participants with tokens.
Why people should participate in one blockchain rather than another? And why would they be incentivized to do that, at all?
At the beginning of each PoS protocol, a bunch of tokens gets distributed to people, either via private or public sales. These people can then use them to participate in the protocol, validate transactions, and keep the network secure and decentralized. But.. not all tokens get distributed at genesis!
Usually, no-profit Foundations manage the remaining tokens. Foundations are community organizations focused on protocols governance, open-source development, advertising events, and more. They provide (usually on websites) clear token dynamics explaining the distribution program of all minted tokens. Once all tokens get distributed, the Foundations will eventually disappear, handing over the whole protocol governance to a fully decentralized community.
We could claim that Foundations recall Howey Test (d), being entities in charge of doing some work to promote a PoS token, and thus influence their value on the market. But not so fast! What will happen to rules once Foundations will disappear? Would PoS tokens get classified as securities once those entities won’t exist anymore?
Once the path to decentralization will be completed, a fully autonomous infrastructure (like the Internet today) will be available. Applying the Howey Test to define regulatory laws in that context is challenging. To evaluate the regulatory aspects it is crucial relying on the technological principles of these systems. In the specific case of PoS tokens, any regulation should be supported with foundational technical analysis on the main scopes and characteristics of the underlying blockchain adopting them.
What are the mechanics of PoS protocols? Are all PoS designs the same? Does PoS always provide monetary returns?
Proof of Stake
The PoS protocol was first introduced by King et al.¹ with PPCoin — an energy and cost-effective peer-to-peer cash system proposed as an alternative to Bitcoin. The security model of PoS replaces the assumption on the majority of honest computational power used in PoW, with the number of tokens held by participants, i.e. stake deposits. Block proposers get selected according to the amount of stake they own. Stakeholders willing to become validators have to provide a monetary commitment within the protocol; sometimes a minimum amount of tokens is also required to join the protocol. Transactions validation and block production are dictated by periodically elected validators, called leaders. The probability of being elected as a leader is proportional to the stake committed.
Validators, being financially engaged with the protocol, are incentivized to behave honestly; harming the system would affect their own investment³.
Some PoS designs embrace a reward mechanism to incentivize more validators’ participation. Rewards usually come from transaction fees, but some systems also include other remuneration mechanisms dictated by block rewards (e.g. validators tips and priority fees). With more staked tokens it becomes harder for an attacker to corrupt the network — taking control of the network would require purchasing a prohibitive amount of tokens. This assumption is even stronger in PoS designs where malicious activities get punished with a forfeit of validators’ locked stake. This approach is called slashing and has been introduced to prevent cyber attacks like the Nothing at Stake.
The PoS Centralization Dilemma
Some PoS protocols adopt the concept of staking pools. Like Bitcoin’s mining pools, stakeholders can aggregate their stake to increase the probability of being elected as leaders and maximize their revenues. Staking pools enable non-technical users to join the protocol without managing complex computer systems. Despite better accessibility, pooled staking suffers from centralization having few staking pool providers in control of the whole network⁵.
It is crucial for the PoS protocol to ensure decentralization in a way that the committed stake is distributed across many autonomous entities.
Despite the foundational idea of PoS algorithms, nowadays there exist several implementations based on different technical aspects. Most likely, different implementations may have different regulatory requirements.
In this article, I will present four well-established PoS designs, namely the Nominated PoS, Bonded Pos, Delegated PoS, and Pure PoS. The main goal is to better understand the differences and similarities between those PoS designs and their underlying tokens.
Nominated Proof of Stake
Nominated Proof of Stake (NPoS) is a PoS design based on stake delegation with staking pools. NPoS has been introduced by the Polkadot blockchain, however, several solutions (like Solana) are based on similar principles. In NPoS, validators run a blockchain node under a secure and reliable infrastructure. The protocol requires highly available validators that guarantee the best connectivity for transaction validation and block production. There are no limitations to the number of validators; as soon as a user is able to provide an adequate infrastructure, he has the chance of being a validator for the network.
Stakeholders, also called nominators, are users not interested in running a blockchain node. Nominators `delegate’ their tokens to one or more validators, through a staking pool.
In NPoS, stakeholders do not have to take care of node deployment and maintenance, while still earning protocol rewards. On the other hand, pool providers can make a profit by charging operational fees.
The amount of stake in a staking pool is the validator’s voting power. The more stake gets stored, the higher the probability of producing a new block and earning rewards. Validators are randomly selected from a dynamic list — the validators’ active set and block proposers elected through pseudo-random leader election approaches.
The NPoS incentivizes validators’ honest behavior via a rewards mechanism. Rewards include both fees and block rewards and are distributed to the validator (and its nominators) — the distribution is proportional to the amount of delegated stake. In case of unhealthy or malicious behaviors (e.g. going offline or attacking the protocol), validators get slashed. For this reason, it is crucial for nominators to accurately choose reliable and honest validators, and for validators to offer the best service possible, in order to build a strong reputation and attract more stakeholders.
NPoS protocols mitigate the centralization dilemma by providing a capped amount of stake that can be delegated to a single validator. This process incentivizes stakeholders to distribute their tokens over various pools and thus favors decentralization. The more stake is delegated to validators, the more decentralized and secure the network is.
Bonded Proof of Stake
Bonded Proof of Stake (BPoS) is a PoS design that aims at minimizing the risk of a Nothing at Stake attack via staking penalties. In a BPoS, stakeholders willing to become a validator have to deposit a certain amount of stake (usually a fixed and quite relevant amount). Such a deposit is locked (through a smart contract) and cannot be touched throughout the validation period. In return, validators get the chance to be part of the validators’ active set, propose new blocks, and earn rewards. The locked stake can be seen as a security deposit that validators provide to demonstrate their willingness to comply with the protocol rules. To unlock and withdraw their funds, validators have to wait for a predefined time window, funds are said bonded within the protocol⁷. Like in NPoS, malicious (or faulty) validators get slashed.
In Ethereum’s PoS, called Casper FFG⁸, participants have to commit a minimum amount of tokens (32 ETH) to become validators and earn rewards. Active validators get selected periodically through a pseudo-random procedure and, if they don’t accomplish their duties, they lose rewards. In case of malicious activity, their staked tokens get destroyed.
The BPoS design allows staking pools. Pool providers have the duty of running healthy and efficient nodes, and can take a fee for their job. Stakeholders can use pooled staking to earn rewards minimizing the slashing risk. For that reason, BPoS protocols tend to be centralized, having stakeholders converging across a few node providers.
Delegated Proof of Stake
The Delegated Proof of Stake (DPoS) is a PoS design that aims at maximizing consensus speed and reducing communication overheads. This is achieved by keeping a fixed number of validators that periodically elect one block proposer in a round-robin fashion⁹. The members of the validators set are called delegates and join this particular list through a delegation process. In such a process, stakeholders engage in a voting mechanism in which their stake is used to propose weighted votes on a single, or multiple delegates. The delegates with the majority of votes get elected — this is usually measured as the top N delegates. Stakeholders entrust delegated validators to keep the network efficient and secure. In case of underperforming or detected malicious behavior, stakeholders may decide to change their vote by supporting new delegates.
The EOS blockchain optimizes performance by setting the number of validators equal to N=21.
By maintaining N small enough, DPoS ensures higher performance than other PoS designs with much faster transaction confirmation and finality. However, DPoS trades performance for decentralization and security. Delegates might be corrupted or malicious, and there is no guarantee that they will be incentivized to behave honestly forever. Moreover, they could be targeted by cyber attack campaigns like DDoS or similar.
Pure Proof of Stake
The Pure Proof of Stake (PPoS) is an alternative PoS protocol first introduced as the underlying consensus of the Algorand blockchain. It ensures high performance without trading security or decentralization. This is achieved by leveraging a cryptographic primitive known as VRF (Verifiable Random Functions), extremely efficient in computation. The VRF is used both for block production and block finality steps.
Differently from other PoS designs, there is no given set of validators competing for block production, and there are no staking deposit requirements. Instead, any user holding tokens has the chance of becoming a leader and proposing new blocks. This makes the protocol extremely inclusive, decentralized, and secure.
As long as stakeholders have some interest in validating blocks the PPoS protocol is considered secure¹⁰.
PPoS adopts a random leader election schema to limit computation and communication overheads. The protocol periodically selects a new leader alongside a set of validators, forming a committee — the committee runs a BFT protocol that validates the latest proposed block and ensures instant finality⁶. The leader and the committee are pseudo-randomly and secretly elected by running the VRF. The likelihood of being elected as a block proposer or committee member is proportional to the stake owned. The election outcome cannot be computed in advance — this is achieved via a protocol called sortitioning — and thus makes the PPoS resilient to several security threats like the DDoS attack.
The PPoS removes technical and economic barriers allowing any user to join the protocol and participate in the consensus. There is no need for staking since the PPoS does not provide rewards for validation — transaction fees are kept minimal and distributed to stakeholders via governance processes. The rationale behind this choice is that participants, to be validators, must be economically invested in the native token and thus, they are not interested in behaving against the protocol. For this reason, the PPoS does not implement slashing or any other penalty mechanism⁷.
This article introduced the principal PoS designs and their technical details. In the next article, I will introduce a systematic framework to analyze and compare them against their foundational characteristics. The framework can be used as a `roadmap’ to identify regulatory challenges pertaining to PoS systems and their underpinning tokens.
[1] King, Sunny, and Scott Nadal. “PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake.” (2012). Available at: http://people.cs.georgetown.edu/~clay/classes/fall2017/835/papers/peercoin-paper.pdf
[2] C. T. Nguyen, D. T. Hoang, D. N. Nguyen, D. Niyato, H. T. Nguyen and E. Dutkiewicz, “Proof-of-Stake Consensus Mechanisms for Future Blockchain Networks: Fundamentals, Applications and Opportunities”. in IEEE Access, vol. 7, pp. 85727–85745, 2019, doi: 10.1109/ACCESS.2019.2925010
[3] Hart, J. “Policing Proof-of-Stake Networks: Regulatory Challenges Presented by Staking-As-a-Service Providers and the Need for a Tailored Regime”. Science and Technology Law Review, vol. 23, no. 1, Mar. 2022, pp. 192–28, doi:10.52214/stlr.v23i1.9392
[4] Fanti, G., Kogan, L., Oh, S., Ruan, K., Viswanath, P., Wang, G. “Compounding of Wealth in Proof-of-Stake Cryptocurrencies”. (2019) In: Goldberg, I., Moore, T. (eds) Financial Cryptography and Data Security. FC 2019. Lecture Notes in Computer Science(), vol 11598. Springer, Cham. https://doi.org/10.1007/978-3-030-32101-7_3
[5] He, Ping and Tang, Dunzhe and Wang, Jingwen. “Staking Pool Centralization in Proof-of-Stake Blockchain Network” (May 25, 2020). Available at SSRN: https://ssrn.com/abstract=3609817 or http://dx.doi.org/10.2139/ssrn.3609817
[6] Y. Xiao, N. Zhang, W. Lou and Y. T. Hou. “A Survey of Distributed Consensus Protocols for Blockchain Networks” in IEEE Communications Surveys & Tutorials, vol. 22, no. 2, pp. 1432–1465, (2020), doi: 10.1109/COMST.2020.2969706.
[7] Schaaf, Paul, Filip Rezabek, and Holger Kinkelin. “Analysis of Proof of Stake flavors with regards to The Scalability Trilemma”. (2021) Network 63, Available at: https://www.net.in.tum.de/fileadmin/TUM/NET/NET-2022-01-1/NET-2022-01-1_13.pdf
[8] Vitalik Buterin, Virgil Griffith. “Casper the Friendly Finality Gadget”. (2019) eprint: arXiv:1710.09437
[9] S. M. S. Saad, R. Z. R. M. Radzi and S. H. Othman. “Comparative Analysis of the Blockchain Consensus Algorithm Between Proof of Stake and Delegated Proof of Stake” (2021) International Conference on Data Science and Its Applications (ICoDSA), Bandung, Indonesia, 2021, pp. 175–180, doi: 10.1109/ICoDSA53588.2021.9617549
[10] Jing Chen and Silvio Micali. “Algorand Theoretical Paper”. (2017) eprint: arXiv:1607.01341
