Celer Network Off-Chain Crypto Economics
Previously on Celer Networks….
Crypto Economics Principles
Existing off-chain solutions often get some criticisms on their crypto economics constructs. The reason for such criticisms is mainly because the tokens issued by such projects carry nothing but the medium-of-payment functionality for future possible services. The main theme of such criticisms often goes like “This token model is simply gift cards with no stable value!”, “Why do you need a payment token if we can pay with X(insert your favorite cryptocurrency here)?”, “You are just issuing a token for the sake of having a token!”. The list goes on and the opinions get harsher.
Though we take the position that there is indeed value in creating platform-specific payment token, especially for off-chain infrastructures, we also clearly see the counter-argument against it: a medium of payment can be anything such as something of stable value and high liquidity like Dai. This argument goes way beyond the scope of off-chain operating network and is applicable to many different blockchain infrastructure projects and applications. Therefore, we would like to table this debate, because this debate is less relevant in Celer Network’s economics mechanisms suite, cEconomy.
cEconomy is designed based on a more fundamental principle: a good crypto economics model (token model) should provide additional values and/or enable new game theoretical dynamics that are otherwise not available or sub-optimal. Any off-chain solution, while gaining scalability, is also making tradeoffs. We first describe what tradeoffs are made and how cEconomy can bring value and enable new dynamics to “balance out” those tradeoffs.
Off-Chain Scalability vs Liquidity
Off-chain operating network gains scalability by first trading off network liquidity. Take bi-party payment state channel as an example, the only reason the two involved parties can send each other payments with high scalability is that they have deposited liquidity to the on-chain bond contract before they even start to send each other any payment. Even though Celer’s sidechain channels can significantly reduce the level of liquidity requirement, fraud-proof bond from block proposer is still needed proportional to the level of value transfer “at stake”. All in all, significant amount of liquidity is needed to provide effective state channel service. However, large crypto assets holders may not have the business interest or technical capability to run a state channel service infrastructure, while people who have the technical capability of running a reliable and scalable state channel service often do not have the large capital required to fill the outgoing channels’ deposit or the fraud-proof bond. This mismatch creates a huge hurdle for the mass adoption and technical evolution of off-chain operating networks and eventually creates various centralization risks.
Off-Chain Scalability vs Availability
While off-chain operating network brings many intermediary application states off-chain, it also imposes impractical “always online” responsibility to the users, because the off-chain states should be always available for on-chain dispute. Take the simplest example of bi-directional payment channel again, if one party goes offline, the counterparty may get hacked or act maliciously, and tries to settle an old but more favorable state for himself. In generalized state channel applications, the states can be much more complex than just balance state and therefore simple optimizations just won’t cut it. In the sidechain channels, block proposers need to be independently monitored and validated, while the participants are offline. This is a matter of security and should be scrutinized carefully.
Unfortunately, existing solutions’ narratives on this issue are very hand-wavy: “there will be some monitoring services built in the future and people will pay for these monitoring services”. If we drive this train of thought just a little bit further, we will immediately see track-wrecking flaws.
Let’s start with this question: are these services trust-based? If the answer is yes and the “if model” to engage this service is for the users to directly pay some monitoring services, then it creates another centralized choking point, single point(s) of failure and is just not secure. Malicious counter-party can easily bribe these monitoring services to hurt benevolent end users. We can even conceive a case where the bribe can be done in a trust-free fashion.
Can we construct a trust-free monitoring service? An immediate approach comes to mind is to punish the monitoring service nodes if they fail to defend the states for the users. However, if we dive deeper, we see caveats that render this approach impractical. Let’s start with the key question of “how much should the monitoring nodes pay as the penalty if they fail to deliver?”. Ignoring the frictions, the total penalty bond for monitoring nodes should be equal to the largest potential loss for the party going offline. This effectively doubles the liquidity requirement for an operating network because whenever someone goes offline, in addition to the already locked liquidity in channel or fraud-proof bond in sidechain, monitor service providers also need to lock up liquidity themselves. Worse, the monitor service providers need to retain different assets for different monitoring tasks and things can get really complicated when the involved states are complicated and multiple assets classes are in play.
Even if there is enough liquidity to do this, the “insurance” model here is really rigid: it is basically that you get X% back at once if the monitor fails to defend your state for you. If you choose a too high X it can become really expensive due to actual liquidity locking, but if you choose a too low X, it becomes not secure. On top of these disadvantages, it is not clear how the price of state monitoring should be determined as market information is still segregated with low efficiency. This low efficiency and the per-party bond on heterogeneous assets and states will further cause complicated on-chain and off-chain interaction with monitoring services, and smash the usability of any off-chain operating networks. There are more issues, but above are already bad enough.
cEconomy: Abundant and Stable Liquidity + Secure and Flexible Availability
To “balance out” the above tradeoffs, we design cEconomy with three tightly interconnected components as follows:
Proof of Liquidity Commitment (PoLC).
Our first goal here is to lower the liquidity barrier for technically capable parties to become state channel service providers and therefore create an efficient and competitive market for good and reliable off-chain services. The gist of idea is to enable service providers to tap into large amounts of liquidity whenever they need to. But first, that large amounts of liquidity has to come from somewhere.
To maintain a prosper off-chain operating network, we need to continuously “lock in” abundant and stable liquidity in Celer Network. PoLC is the first half to incentivize this. It works like a staking protocol. To participate, one can commit (lock) their idle liquidity (think ETH for simplicity) to a “dumb box”, called Collateral Commitment Contract (CCC), for a certain period of time. CCC is really dumb that you cannot even transfer ownership. But interesting thing is that it acts as a “virtual mining machine” and the “mining power” is calculated as amount_of_liquidity * time_of_lockup. Once a CCC is constructed, it will start to receive newly generated CELR token (Celer Network’s protocol token). When there are multiple CCCs presents, the amount of CERL token each CCC “mined” will be proportional to its mining power. The receiving of CELR will incentivize an abundant and stable liquidity pool crucial for Celer Network’s function.
But why is CELR valuable so that it can act as such an incentive? Please read on to Liquidity Backing Auction and State Guardian Networks.
Liquidity Backing Auction (LiBA).
LiBA is the second half of the liquidity puzzle. LiBA enables state channel service providers to solicit liquidity through “crowd lending”. In essence, a state channel service provider starts a LiBA on Celer Network to “borrow’’ certain amount of liquidity for a certain amount of time. An interested liquidity backer can submit a bid that contains the interest rate ask, amount of liquidity and the amount of CELR that she is willing to stake (or spend, depending on the stage of the system) for the said period of time. The amount of liquidity can be submitted via a CCC. That is CCC has the functionality to act as a liquidity backing asset.
LiBA is a generalized multi-attribute Vickrey–Clarke–Groves (“sealed-bid second-score”) auction. In a nutshell, LiBA ranks bids by a “happiness score” that is calculated based on all attributes of the bid. Let’s say there are three bids, b1, b2, and b3. If we rank them by their score, we got s(b3) > s(b1) > s(b2). Now if b1 and b3 can already fulfill the LiBA’s request, b2 get “kicked out” and does not get the chance to earn interests from the LiBA. In that score, the amount of CELR token stake per unit liquidity is one of determining factors. Use the simplest example, say two bids have the same interests rate ask and amount of liquidity pledged. If one bid’s CELR staking is higher than the other, this bid will take priority in LiBA. In analogy, CELR in LiBA acts like airline frequent flyer miles: it rewards people who got their CELR through providing stable liquidity pool in PoLC.
The borrowed liquidity will be used as a fraud-proof bond or outgoing channel deposit, but the exact mechanism to do that we omit due to space limit. The borrowed liquidity’s safety model varies by choosing different tradeoffs between trust level and protocol overhead, but we want to highlight that the end users never take any security risk as the required liquidity is 100% “insured” by the LiBA contract. PoLC and LiBA together incentivize an abundant liquidity pool, lower the barrier of becoming a state channel service provider, reduce centralization risk, and accelerate network adoption.
State Guardian Network (SGN).
Another important value added by CELR token is to enable highly liquidity-efficient and secure decentralized availability monitoring with novel insurance model and simple interactions. State Guardian Network is a special compact sidechain to “guard the states” when users are offline. CELR token holders can stake their CELR into SGN and become state guardians. A user can submit her state to SGN at any time with a certain fee to ask guardians to guard the state for a certain period of time in case she goes offline. A number of guardians are randomly selected to be responsible for this state based on state hash and the “responsibility score”. Responsibility score is calculated as fee_paid/time_to_guard and is essentially income per unit time for the SGN. The number of responsible guardians (actually, responsible CELR stakes) is proportional to the ratio between this request’s responsibility score to the sum of all outstanding states’ responsibility scores.
From the view of state guardians, the more CELR one stakes, the statistically more likely she gets assigned to guard a state and earn more fees. That renders CELR significant value as a membership to the guardian network.
SGN mechanism brings the following values.
- It is much more secure and collusion resistant. Each guardian will be assigned a dispute slot based on the settlement timeout. If a guardian fails to dispute at his slot when a malicious counterparty appears, the subsequent guardian can report and get the failed guardian’s(s’) CELR stake.
- It does not require significant liquidity lock up for guardians. Guardians are only staking their CELR and one uniformed CELR can be used to guard arbitrary state regardless of the type or amount of underlying value or token.
- It provides a unified interface for arbitrary states monitoring. Regardless of whether the state is related to ETH, any ERC 20 tokens or complicated states, the users would just attach a fee and send it to SGN. SGN does not care the underlying states and involved value, but simply allocate the amount of CELR proportionally to the fee paid to be responsible for the state.
- It enables simple interactions. Users of Celer Network do not need to contact individual guardians and they only need to submit states to this side chain. We omit some details due to space limit.
- Most importantly, it enables an entirely new and flexible state guarding economic dynamics. Instead of forcing the rigid and opaque “get X% back” model, SGN brings users a novel mechanism to “get my money back in X period of time” and an efficient pricing mechanism for that fluid insurance model. If all guardians at stake fail to dispute for a user, she will get CELR stake from these guardians as compensation. At stable state, a CELR staked at SGN represents an income flow (e.g., earning x Dai/second). Ignoring the cost of state monitoring and other frictions, when a user submits the state to SGN, she can choose explicitly how much CELR is “covering” for her state by choosing fees paid per second (responsibility score).
Thinking systematically, cEconomy covers the full life-cycle of off-chain operating networks. LiBA and PoLC mining is about how to bring intermediary transactions off-chain in a low-barrier fashion. SGN is about how to secure the capability to bring most up-to-date states back on-chain whenever needed. As such, we believe cEconomy is the first comprehensive off-chain operating network crypto economics that brings new value and enables otherwise impossible dynamics. Finally, we also support using CELR token as liquidity lending fraud-proof bond collaterals, a medium of payment for channel subscription fee, transaction fee, and other possible service fees. A lot of important components are omitted due to the space please refer to our white paper for more details.
Please stay tuned for our cOS alpha release and more detailed ELI5 and technical blogs on each technical and crypto economics aspect in the coming weeks. Please subscribe to the following channels to stay tuned: