Disclosure: Multicoin Capital owns EOS tokens.
Spencer Bogart from Blockchain Capital wrote an excellent piece earlier this week titled “The Long Game in Crypto: Why Decentralization Matters” as a response to our EOS report. We appreciate Spencer exploring the crux of the debate on DPoS versus other, more decentralized consensus algorithms. We think this is an important public discussion with massive ramifications that should be heavily debated, as there are billions of dollars at stake.
Spencer’s core argument is that platform-grade censorship resistance, while nice in theory, will not hold up in practice, and that the only viable long-term path is hyper-decentralization. We will argue here that DPoS (and EOS) will be sovereign-grade censorship resistant in practice, they just take a different path than Bitcoin to get there.
Sovereign-grade and Platform-grade Censorship Resistance
We think that the sovereign-grade and platform-grade censorship resistance ideas are somewhat misunderstood. This terminology was first proposed by Larry Sukernik to describe the differences between Bitcoin and Ethereum. When we think about this distinction, we don’t think about it in terms of what the goals of the network are but rather what the priorities of the network are.
If a network prioritizes decentralization above all else, it must make certain tradeoffs. As Nic Carter notes, Bitcoin prioritizes decentralization at all costs. This results in cheap nodes, extremely conservative development, off-chain governance that often devolves into gridlock, low throughput, high latency, and more. These tradeoffs make sense if the goal is untouchable digital gold. If the goal is to create a platform for decentralized applications that actually get used — a world computer — these tradeoffs will never work.
If a network prioritizes performance, then it’ll only strive for as much decentralization as is necessary to give the platform the useful properties that it needs — openness, permissionless-ness, and lack of a single point of failure. Anything beyond that which achieves those goals is overkill. The goal of a platform like EOS isn’t to offer untouchable digital gold. The goal is to support dApps at scale. It must prioritize differently than Bitcoin. EOS still values decentralization, but only wants “enough” decentralization at the lowest cost in order to get the properties of the system that it needs.
Platform-grade censorship resistance mostly refers to the appeal of building on a platform that’s global, open, flexible, and isn’t controlled by one entity. It is not orthogonal to sovereign-grade censorship resistance. And ultimately sovereign-grade censorship resistance may be needed to make these systems useful.
How Much Decentralization Do We Need?
How decentralized is decentralized enough to make a neutral, but scalable and fast database for dApps that isn’t controlled by one party and can’t be shut down by state-level actors? That’s a trillion-dollar question. And we think we’ll find out the answer, in practice, over the next 12–18 months. We expect developers to deploy applications that test the limits of EOS’s censorship resistance quickly, because no one can tell them otherwise. Fiat-challenging stablecoins, gambling, and prediction markets are early candidates that will displease governments.
Although Block.one doesn’t state this explicitly, one of their primary aims is to empirically try to answer the question “how much decentralization is enough?” Decentralization is extremely costly, both economically and computationally.
EOS will launch with 21 core validators (plus ~100 more backup producers that are also compensated). 21 is not a magic number, and that number may change over time. But it is informed empirically based on Dan Larimer’s past experiences building DPoS systems like BitShares and Steem. BitShares, Larimer’s first blockchain, launched with 101 block producers. Larimer has since learned that, due to the natural cartelization of all open systems including Bitcoin and Ethereum, that in practice open systems don’t support more than about 20 independent actors. The choice of 21 validators attempts to balance decentralization, performance, and governance based on prior experiences.
Projects can be decentralized across many dimensions. In fact, there are so many different centralization vectors in distributed systems that we as a crypto community have not even agreed on a canonical definition of decentralization and probably never will. Some say Ethereum is centralized because 3 entities control >50% of the mining power. Some say it’s centralized because Vitalik clearly holds outsized influence over the direction that the community takes or because the Ethereum Foundation had such a big role in ushering in the DAO fork. Others says it’s meaningfully decentralized because there are multiple implementations of the protocol maintained by independent teams (Parity and the Ethereum Foundation). The number of network validators is just one possible way of quantifying decentralization, and even then it’s not a great one. It is obvious that having 1,000 validators all located in China is a lot more centralized than having 21 validators located in various jurisdictions throughout the globe.
If humans were purely rational economic agents — the ideal of homo economicus — then perhaps blockchains systems could be perfected through crypto-economic design. But humans are messy and political. Decentralization cannot be achieved through crypto-economic design alone. Blockchain networks require community upkeep to maintain decentralization. These networks are dynamic, evolving entities, and their levels of centralization may fluctuate as time goes on. The recent drama in the Monero and Sia communities about ASIC mining illustrates this point well. These communities faced significant centralization risks based on the introduction of ASIC mining machines into their respective networks. The Monero community enacted a hard fork to get rid of those machines. That was active community network upkeep, and we expect to see this trend continue. There are even movements within the Bitcoin community to change the mining algorithm to reduce the centralized power that Bitmain has on Bitcoin.
Even Bitcoin, which many consider the holy grail of decentralization, relies heavily on a small number of core developers who have outsized influence on the development of the protocol. Bitcoin’s mining power is also heavily concentrated.
In EOS, active community network upkeep takes a different form — monitoring block producers both for malicious behavior and centralization vectors. Much of the robustness of DPoS will come from having block producers located in many different jurisdictions around the globe. Looking at the current list of block producer candidates, this seems entirely possible. There are upwards of 50 candidates from countries including the US, China, Japan, Singapore, Argentina, Brazil, Poland, Kenya, British Virgin Islands, and more.
In fact, the active monitoring of block producers may actually produce better behavior than in more decentralized block production systems. In Bitcoin, if a mining pool censors a user’s transactions, the community has no on-chain recourse. In EOS, that block producer can be voted out with minimal disruption to the network. Because EOS compensates backup block producers, there will always be nodes waiting in line to become one of the core validators. And because the core validators are compensated better than the backup validators, the backup validators have a strong incentive to watch for misbehavior on the part of the core validators and publicize it when they see it so that they can be voted in to replace the misbehaving validator.
Rather than trying to resolve human disagreements by forcing participants to optimize their behavior to within the rigid rules of code, EOS embraces the fact that these systems are built for humans by humans, and instead offers a structure that allows humans to engage one another.
State-Level Malicious Actors
When thinking about sovereign-grade censorship resistance, we find it useful to think through how a state would attack a network. We wouldn’t be interested in these networks if we felt like they could easily be shut down by state actors. Let’s think about how a state actor would go about shutting down or censoring EOS. States can:
- Shut down all block producers in their respective jurisdiction.
- Force block producers in their respective jurisdictions to censor certain transactions.
- Coordinate with multiple governments to enforce #1 and #2 above.
The first two options would be exercises in futility. If the Chinese government shut down all block producers located in China, then those nodes would simply drop off the network and would be quickly replaced by some of the other backup block producers. So long as it is profitable to be a block producer, incentives dictate that entrepreneurs will set up block-producing nodes.
If nation-states choose to go after block producers, then these nodes will be set up in more free jurisdictions. This cat and mouse game is is economically inevitable. Binance’s recent move to Malta is a great case study demonstrating how state-level actors struggle to censor digital economic activity across borders. Sovereign entities are not structured to easily cooperate with one another, even if they share the same goals.
The same thing would happen if a government tried to force block producers to censor certain transactions. If a US block producer were forced to censor transactions from a gambling dApp, those transactions would still be processed by the next block producer which happens to reside in a jurisdiction with more permissive gambling laws. It would take a majority of block producers — who are globally distributed — to simultaneously collude to effectively nullify that illegal gambling transaction. If block producers are sufficiently distributed across jurisdiction, this seems unlikely. Further, any block producer that consistently censors transactions will likely be voted out by the community and replaced by another that adopts a policy of non-censorship.
Then there’s the final option — a multi-state attack on the network. We think this type of attack is both unlikely and one that threatens all blockchain networks. In a worst-case scenario, a multi-government coalition would assume control of the majority of block producers on the network and refuse to validate any transactions that attempted to vote them out. In this case, the community would have to mobilize to hard fork those block producers out of the network and replace them with others. This is analogous to Monero or Bitcoin hard forking to change its PoW algorithm if a 51% attack were mounted. It’s a bad option in an emergency worst-case scenario, but it’s an option nonetheless. There isn’t a meaningful difference between the threat of this type of attack on EOS as compared to other networks, especially if block production is sufficiently distributed globally. It’s not clear that a coordinated cross-sovereign attack on EOS would be meaningfully easier than one on Bitcoin. Proponents on both sides can make reasonable arguments as to why the cost of attacking their respective styles of networks are more difficult.
Two Types of Censorship
Spencer states, “If the platform censors these activities then it has failed to deliver strong assurances and it is neither ‘permissionless’ nor ‘censorship resistant’.” We think we have to clarify here that “the platform” itself cannot censor anything. Only the validators and the community can enact censorship. If individual validators censor, they’re unlikely to be effective and run the risk of being voted out. On the other hand, if the community collectively agrees to censor something, that’s a different story.
If systems are created that allow people to deploy dApps, it is inevitable that bad people will build bad things. Every system, whether it’s EOS, Ethereum, or a layer-2 platform built on Bitcoin, will have to grapple with ethical dilemmas regarding what those platforms are used for. If someone built an assassination market on Ethereum tomorrow, how do you think the community would react? In EOS, users can vote out bad-behaving individual block producers. But if a dApp is deployed that is widely considered dangerous and unethical, then block producers that don’t censor that dApp might actually be voted out. This would be a form of community censorship, and that should be allowed.
Community disagreement over what is permissible on the network is inevitable, and if the philosophical split is deep enough, the network may fork. If one community chooses to adopt a certain set of rules and another community disagrees, then either should be free to fork off and operate under their own set of principles. Bitcoin Cash is a perfect example of this. The liberty to fork off is part of what makes blockchain networks so beautiful. Opt-out governance will be a part of EOS, just as it is in Bitcoin Cash, Ethereum Classic, and the countless other forks out there.
No system (yet) can offer perfect censorship resistance. Platform-grade censorship resistance means the platform’s content can’t be controlled by individual entities. Sovereign-grade censorship resistance means that the platform’s content can’t be controlled by state-level actors. At the end of the day they go hand in hand. However, if we think of these networks in terms of their communities, then the content can be controlled by the community, and different communities may adopt different policies around what is considered acceptable. This is not possible in sovereign-grade censorship resistant platforms that eschew any form of on-chain governance. It is important to know that if what the communities decide to allow is different from what state-level actors would decide to allow, then those state-level actors cannot shut down the project. We think EOS presents a credible case on how to eventually get there, after lots of public experimentation.
We recognize that the EOS/DPoS approach is novel and has never been tried at scale before. We recognize that in many ways it is still an experiment. But we think it is a pragmatic and practical approach that is worth pursuing, and we’re willing to put our money where our mouth is.