On The Origin of DFINITY

This article is part of the ongoing “Origin” series that tracks the emergence and evolution of projects in the cryptocurrency-based smart contract ecosystem. Today we’ll look at DFINITY and how it could threaten to supplant Ethereum as the dominant smart contracts platform.

DFINITY is an Ethereum-compatible smart contract platform that is implementing some revolutionary ideas to address blockchain performance, scaling, and governance. Whereas DFINITY could pose a credible threat to Ethereum’s extinction, the project is pursuing a coevolutionary strategy by contributing funding and effort to Ethereum projects and freely offering their technology to Ethereum for adoption. DFINITY has labeled itself Ethereum’s “crazy sister” to express it’s close genetic resemblance to Ethereum, differentiated by its obsession with performance and neuron-inspired governance model.

With these differentiators DFINITY appears to be broadening and strengthening the EVM ecosystem by giving applications a choice of platforms with different characteristics. However, if DFINITY succeeds in delivering a fully EVM-compatible smart contract platform with higher transaction throughput, faster confirmation times, and governance mechanisms that can resolve public disputes without causing community splits, then it will represent a clearly superior choice for deploying new applications and, as its network effects grow, an attractive place to bring existing ones. Of course the challenge for DFINITY will be to deliver on these promises while meeting the security demands of a public chain with significant value at risk.

The DFINITY project is currently somewhere between prototype and production; there is no public blockchain on which to deploy smart contracts at the time of writing. The official white paper has not been published, but DFINITY has released enough technical information to give us some insight into how the project compares and contrasts to Ethereum. So let’s take a deeper look at some of the technologies that could challenge Ethereum’s incumbency.

Performance

Low transaction throughput is a well-known issue with present-day Ethereum, and proof of work (PoW) blockchains in general. Although Ethereum plans to eventually replace PoW with a pure proof of stake (PoS) solution, it’s first phase PoS rollout will merely add PoS checkpoints on top of PoW mined blocks, and thus provide no improvement in transaction throughput. DFINITY, having the advantage of starting from scratch, will roll out a pure PoS system that promises 50x increase in transactions per second by combining faster block production times (i.e. more blocks/minute) with higher gas limits (i.e. more transactions/block).

DFINITY achieves fast block production with its threshold relay technology, which uses threshold signatures to quickly reach consensus among a selected set of miners over a peer to peer network. A threshold signature is a group signature that can only be constructed from the combined signatures of some threshold number of members, and thus represents cryptographic proof of agreement by at least that many members. An extremely important property of the BLS group signature used in DFINITY is that the signature bits are always the same regardless of which subset of members contributed to it. This allows the network to quickly and independently reach consensus on a random number (i.e. the signature) that is key to producing blocks in fast, regular intervals (e.g. every 5 seconds), and significantly increasing transaction throughput.

DFINITY claims a 25x increase (over Ethereum) in transactions per block is possible using a Probabilistic Slot Protocol. The protocol divides each block time into prioritized slots that identify a specific block producer for that slot. The higher priority slot the higher the block’s weight, so in the event multiple blocks are produced for a given block time, the network chooses the block that makes the highest cumulative weight valid chain. The random value produced in the previous block time allows all honest nodes to independently agree on the slot priorities and block weights, and thus the heaviest valid chain. A chain is only valid when built on blocks that have been notarized by group threshold signatures. Notarization in each block time quickly kills off lighter chains, enabling transaction confirmation times to be as low as 2 blocks (roughly 7.5 seconds).

In the world of smart contracts, high performance without high security only means an attacker can drain your funds faster. Attacking the threshold relay consensus protocol is expensive because the members of the signing group change with each block and are selected randomly, so the attacker must make sufficient deposits/bribes to control a large enough fraction of all signers to influence consensus. The larger the group size, the harder and expensive it becomes to prevent the honest members from reaching consensus. Security hinges on the fact that signing groups are selected using a purely deterministic, non-predictable, tamper-proof source of randomness. This is provided by what DFINITY calls a “random beacon,” which is implemented using the bits from threshold group BLS signatures. The random beacon from block time h is used to select a random group for block time h+1, and is then signed by that group, creating the random beacon used to for block h+2, and so on.

The secure generation of the group signing keys is thus critical to both block notarization and the randomness that secures the threshold relay consensus process. DFINITY uses a secure distributed key generation (DKG) protocol, which enables group members to interactively generate the group signing key without any centralized authority. Although this protocol has been proven secure (i.e. safe and live) in a network with 100% reliable broadcast, that assumption does not hold in relay networks with adversaries and keys can be compromised by an attacker with sufficient resources to control a large enough contingent of a single group. DFINITY claims the threshold relay consensus process can tolerate a high failure rate of the DKG protocol and still function, and hopefully will publish specifics on the max tolerable failure rate as well as how many non-failures producing compromised group keys could be tolerated. The computation and communication costs of the DKG algorithm are significant at the group sizes needed to effectively thwart attacks on threshold relay consensus (~400 members), so DFINITY will likely face some major challenges in optimizing and engineering a key generation protocol that works well enough on a relay network with adversarial nodes.

The features that boost DFINITY’s performance could in theory be adopted by Ethereum, and might be if it’s demonstrated that they can improve performance while reliably securing billions of dollars in value. However, at present it appears that Ethereum will continue on its current path to improving performance with its homegrown, availability-focused PoS protocol (Casper) and other scaling techniques.

Scalability

DFINITY promises to scale “almost infinitely” with an architecture that separates consensus, validation, and storage into separate layers. There are no blocks of transactions at the consensus layer. Instead, the storage layer is sharded into multiple chains, each of which is responsible for processing transactions that update the state of the shard. The validation layer is responsible for combining hashes of all the shard states into a Merkle tree-like structure that results in a global state hash being stored in blocks on the top level chain. While this architecture lays a solid theoretical foundation for scaling, in practice there will still be some major problems to address, such as transactions that affect state on multiple shards.

Ethereum also includes state sharding in its scalability roadmap, but it could be years before a working system is deployed on the main network. Ethereum will have to migrate from a fully replicated global state to a sharded one, while DFINITY has the opportunity to build in sharding from inception. Having the first successful state sharding implementation could give DFINITY an important scaling advantage. However, DFINITY’s latest development roadmap has the first state sharding implementation slated to appear in the 3rd (Tungsten) major release, which could also be years away.

Governance

DFINITY describes its governance mechanism as “AI is law” in contrast to the “code is law” philosophy that it ascribes to Ethereum. However, these catch phrases are too high level to draw any kind of useful comparison; what DFINITY calls “AI” is essentially a Liquid Democracy based governance mechanism¹, and “code is law” was most certainly not the philosophy behind the Ethereum hard fork response to the DAO hack.

The real difference lies not so much in philosophy, but in mechanism to carry out such philosophy as the recent Parity wallet hack illustrates. The Ethereum community was philosophically opposed to the hacker, but lacked any formalized mechanism or automated tools to halt or undo the exploit, and could only rely on white hat hackers to make some but not all affected parties whole. DFINITY, also philosophically against the hacker, is planning to introduce a more formalized and automated on-chain governance mechanism that could make all parties whole in these and other situations.

DFINITY’s Blockchain Nervous System (BNS) is given extensive power to perform administrative functions such as managing protocol and software upgrades, modifying economic parameters, freezing “rogue” smart contracts, fixing bugs in contracts, and even redistributing DFINITY Network tokens. Whether and when these actions should be undertaken is subjective and often contentious, so BNS only acts when proposals to take action are agreed upon by the community through a peer-to-peer liquid democracy voting process. For any given proposal the users, who have obtained voting rights by depositing tokens and operating “neurons” on the network, may vote directly or (after some time window) delegate their votes to other neurons they’ve chosen to represent them. Software automates all of this and allows users to choose different delegates for different types of proposals and update those choices dynamically. The intent is that all proposals will be carefully vetted by the collective intelligence of the community and enacted only when in the best interests of the community (“CI is law”).

If the voting process reliably captures a true community consensus and the community isn’t fractured when BNS exercises its powers, then DFINTY’s automated governance may represent an attractive alternative for certain types of applications. Although the BNS has powerful tools to address a wide range of governance issues, applications still have no guarantees that the tools will be applied to their specific matters; proposals must be passed. Still, there is great advantage to having an agreed upon mechanism for fixing things when community consensus is established, so long as the mechanism cannot be abused.

Ethereum, given the frequency and magnitude of exploits it experiences, is likely to adopt some more formalized and automated governance mechanisms. Whereas having a large amount of value already at risk makes the need more urgent, it also means real economic pain from actions that result in a contentious community split. So Ethereum will probably proceed with caution while platforms with less at stake experiment with very powerful, highly automated mechanisms.

Conclusion

DFINITY is unique among the field of projects that threaten Ethereum’s extinction in that it’s not an entirely different platform, but an EVM-compatible flavor of Ethereum. This allows DFINITY to leverage all advances and innovation coming from the massive Ethereum community, while DFINITY’s contributions to those projects also benefit Ethereum. Whereas providing more choices for Ethereum users and DApp developers seems great for the whole community, one must consider whether some kind of unintentional “Embrace, Extend, and Extinguish” strategy will ultimately play out.

DFINITY’s security depends on an honest majority assumption, which is certainly reasonable for permissioned (private) blockchains, where the threshold relay and BNS features should provide a clear advantage. DFINITY’s emphasis on streamlining private to public chain interoperability could drive expansion into the permissionless (public) blockchain space. However, the design of permissionless chains involves different engineering tradeoffs and it doesn’t follow that one architecture should dominate both. It may turn out that Ethereum’s economic incentives, aimed at providing safety in a wider range of situations than honest majority, are essential for permissionless chains. In the end, it’s quite possible that the two platforms will end up coexisting as interoperable sisters, with DFINITY evolving toward and dominating the private chain space, and Ethereum keeping its design focus on public chains and retaining its dominance there.

Dominance threat levels are explained in the introduction to the series. Below is a brief legend.

[1] with theoretically possible AI extensions https://medium.com/dfinity-network-blog/future-governance-integrating-traditional-ai-technology-into-the-blockchain-nervous-system-825ababf9d9AI

Thanks to Derek Chiang, Robert Lauko, and Timo Hanke for their input on early drafts.

If you’d like to support this series with an ETH donation, please send it to 0x7e83982eb92502ad5d38c400ba2af7b135469ac9

Your support allows and encourages me to devote more time to these articles and is greatly appreciated.