Wanchain Galaxy Consensus Proof of Stake Technical Deep Dive: Pt. 1

The first in a series of explorations of Wanchain’s new Proof of Stake Galaxy Consensus

By Wanchain’s Research Team — Demmon Guo, Chris Shi and Yu Chen
Translation by Noah Maizels

This is Part 1 of the Technical Deep dive series, see Part 2 and Part 3 to learn more.

Overall Architecture and Process

Galaxy Consensus is an efficient, secure, and practical Proof of Stake consensus protocol recently proposed in a paper published by Wanchain’s Research & Development team. It was designed to replace the original high-energy PPoW (permissioned proof-of-work) consensus mechanism and to officially open up Wanchain’s consensus mechanism to the wider community as a key step towards complete decentralization. The search for a secure and efficient consensus model has become a major research trend for many blockchain systems. Various models such as PoS, PoA, PoI, etc. have been proposed and debated by the research community. After careful evaluation, Wanchain has developed Galaxy Consensus as a Proof of Stake protocol since we believe that stake should form the basis for on-chain governance and development.

1. General Background

There are two core problems which must be solved by any consensus protocol:

One — deciding who gets to be the block producer (leader selection)
Two — deciding which chain is the valid chain (chain selection)

We can broadly classify different consensus models by how they deal with each of these problems. For example, in traditional PoW such as Bitcoin, leader selection is determined through mining. Since the PoW algorithm requires solving problems based on random hash functions, the only way to find the answer is through brute force computation (in other words, just guessing an innumerable amount of times until the answer is found). Since the answer to the problem is random, no miner can get an advantage over any other in their search for the answer. The probability of winning is only related to how much computing power is thrown at the problem, and is not able to be influenced in some other way, which ensures no one has an unfair advantage.

Chain selection is determined by the longest chain rule. This rule states that whichever chain is longest is considered the valid main chain. In other words, whichever chain has the most computation power dedicated to it is the valid chain. Models which follow this rule are referred to as using “chain based” chain selection. Bitcoin can therefore be described as having a mining (leader selection) + chain based (chain selection) consensus protocol.

A framework such as this one based on mining and the longest chain rule leads to a large amount of wasted energy. This waste is one of the root causes for the introduction of other consensus protocols. So how do today’s mainstream PoS protocol’s attempt to solve this problem?

We will now briefly introduce the PoS consensus mechanisms from three well known public protocols:

Cardano’s Ouroboros academic paper was published at the IACR International Cryptology Conference and is recognized industry wide for its important contributions. Its most outstanding contribution is its introduction of a provably secure consensus model. Amongst the various releases in a series of Ouroboros papers, a number of different ways to choose block producers have been put forth. From initially using random number based selection to anonymous selection using VRFs (verifiable random functions), Ouroboros gradually improved the security and privacy of the leader selection process. As for chain selection, Ouroboros consistently follows the longest chain rule to guarantee the security of the chain. So the overall framework of Ouroboros is VRF leader selection + chain based.

Algorand is a PoS consensus protocol proposed by Turing Award winner and MIT Professor Silvio Micali. Its most prominent contribution its upgraded BFT (Byzantine Fault Tolerant) protocol — BA★, which uses voting to solve the issue of choosing valid blocks. For choosing block producers and validators Algorand also uses the VRFs to ensure randomness and anonymity. Through the operation of the BA★ protocol, every block of height is confirmed by voting, even if it is empty block, it will still go through the voting process. So Algorand’s overall framework is VRF + BA★ voting.

Casper is a PoS consensus protocol developed for Ethereum. Casper’s advantages lie in its practical betting-style consensus. Validators who have pledged a security deposit can bet on the block that he or she believes will be confirmed. Under the betting rules it is guaranteed that there will only be one unique winning block, and the winning validators will receive a reward. Casper will help Ethereum transition from PoW to PoS, and is a consensus protocol that widely anticipated by the crypto community. In summary Casper’s overall framework is Validator + Betting.

After a brief introduction to several mainstream PoS consensus protocols, we return to Galaxy Consensus. Galaxy Consensus follows a rigorous academic development path, drawing from Ouroboros’ provably safe model. Wanchain’s development team has made a number of improvements to the Ouroboros model, such as an all new efficient and secure random number generation algorithm, as well as an innovative replacement for the VRF algorithm used for leader selection: the Unique Leader Selection (ULS) algorithm. Galaxy Consensus’ ULS algorithm ensures that there is only one unique valid block producer, and greatly reduces the probability of natural forks. Therefore, the overall framework of Galaxy Consensus is ULS + chain based.

2. Two Types of Nodes

When staking with Wanchain, Validator nodes are divided into two types: Validators who can receive delegations and Validator nodes which cannot receive delegations. In order to allow for holders of smaller amounts of WAN to participate in consensus, the Wanchain team has designed a delegation mechanism based on triple Elliptic Curve Digital Signature Algorithm (ECDSA). Through the delegation mechanism, users holding a small amount of WAN can delegate their rights to Validators, and the Validators participate in consensus on their behalf. Due to the limitation of the signature message space in the ECDSA scheme, Validators can only produce blocks and cannot perform other operations, which ensures the security of users.

With this basic understanding of the delegation mechanism, we can now introduce the difference between the two types of nodes. Each Validator node holds a certain amount of stake, whose value in turn affects the upper limit of the amount of delegations they can receive based on a ratio we will release soon. Non-delegating Validator nodes, on the other hand, are consensus nodes which cannot accept delegation. There is no difference in how the two types of nodes participate in consensus, only in their ability to receive delegations. In order to become a Validator node, a larger amount of WAN must be staked by the node operator than the Non-Delegating node. This mechanism will be described in more detail in later posts.

3. Ongoing Block Producer Selection Process

In Wanchain Proof of Stake, participating nodes are divided into two groups based on their different tasks: the RNP (Random Number Proposer) group and the EL (Epoch Leader) group. These groups work together to address the two key problems of consensus mentioned above, leader selection and chain selection.

The members of the RNP group are selected according to the proportion of their Staking Power (referred to as Wanstake within the Galaxy yellowpaper) compared to all other nodes. The RNP group is responsible for generating the random numbers to be used by the protocol. The nodes in the RNP group complete the random number generation through the three distributed key generation (DKG) stages: DKG1, DKG2, and the SIGN stage, ensuring the security of the random number on chain. The secure generation of random numbers is one of the top considerations for maintaining the security of the network. The RNP group is responsible for this critical work, and the random number generated in each round will be used as an important seed for selecting which nodes make up the groups, selecting block producers, and other aspects where random numbers are important to the protocol.

Like the RNP group nodes, the Epoch Leader nodes are selected according to the proportion of each node’s Staking Power compared to all other nodes. The EL group is responsible for collecting transactions and packaging them into blocks through two cycles of work. The first cycle consists of secret message array (SMA) generation through two stages of SMA1 and SMA2, and the sharing of secret data inside the Epoch Leader group. In the second cycle the secret message array is used together with the on chain random number supplied by the RNP group to determine who has the right to propose a block and the time period in which they are responsible for broadcasting the block to the network. The EL group forms the foundation for the secure operation of the protocol.

4. Operating Process

After introducing two kinds of Validators and the two groups selected for each cycle, we describe the operating process of Galaxy Consensus from a higher perspective to give you a better understanding. First we introduce two concepts of time: slot and epoch. Readers familiar with Ouroboros should be familiar with these two concepts. The slot is the generation time of a block, that is, a new block is generated in each slot, and an epoch is a time period composed of many consecutive slots. The protocol can be described as a continuously running loop. The following four steps describe the process:

I. Validators Join the Network

This is the preparation phase of the protocol. At this stage, all nodes that want to participate in consensus will pledge a certain amount of WAN and select a lock time through a smart contract. The lock time will affect the node’s Staking Power: the longer the total locking time, and the more time has passed during the locking period, the correspondingly higher Staking Power. This design simulates the concept of coin age and guarantees the fairness and rationality of stake design and node participation. Once this stage is concluded, many nodes will be eligible to start participating in Wanchain’s network.

II. Forming the Random Number Proposer and Epoch Leader Groups

At the beginning of each protocol cycle (epoch), two groups, the RNP group and the EL group, are selected from all validators. The choice of these two groups is based on each node’s Staking Power proportion compared to all other nodes. The random selection process carried out using random numbers on chain in a process similar to follow-the-satoshi. Here we use follow-the-stake-ratio to ensure the fairness of the nodes participating in the formation of the group. The higher the proportion of stake, the greater the chance of being selected to join a group, participating in consensus, and gaining revenue.

III. RNP group process

After the RNP group is selected, the nodes in the group complete the three decentralized key generation (DKG) phases of DKG1, DKG2 and the SIGN phase. In the DKG1 phase, each node proposes its own commitment for random number fragment selection, ensuring the immutability of the fragment selection. In the DKG2 phase, each node shares the random number fragments selected by itself to other nodes in the group through threshold secret sharing. Finally, in the SIGN phase, each node publishes its random number fragment data, completing the generation of random numbers and updating the random number data on the chain. The whole process is guaranteed by threshold secret sharing, as long as the number of online nodes exceeds the threshold, the random number update will be completed smoothly, ensuring the reliability of random number generation. The purpose of this random number is to select the Epoch Leader for each slot.

IV. EL group process

After the EL group is selected, it will participate in two cycles of work for each epoch. In the first cycle, the EL group nodes participate in two secret message array (SMA) phases of SMA1 and SMA2. In the SMA1 phase, each node proposes its own secret message’s commitment data, which guarantees the immutability of the secret message. In the SMA2 phase, each node shares their own encrypted secret message with the other nodes to complete the secret message array generation. At the beginning of the second cycle, the nodes in the EL group are sorted according to the random number generated by the RNP group, this sorting is valid throughout the cycle. The block producers are then selected using the secret message array, and the node who has the right to produce the block for each slot is determined. This process is carried out secretly within the EL group, and other nodes outside the group have no way of learning about the results of the selection process. The nodes in the EL group each complete their work of block production according to their right which was determined in the previous step. Whenever a new block is proposed, all the nodes in the EL group must add their own proof of validity. This proof is public and able to be inspected by anyone, ensuring the normal and safe operation of the chain.

In our following posts exploring Wanchain Proof of Stake, we will further introduce the design and operation details of each component of the protocol in order to give our readers a more in depth understanding of the entire protocol.

About Wanchain

Wanchain is the infrastructure connecting the decentralized financial world. Wanchain’s live cross-blockchain solution is EVM-based, includes optional private transactions, and provides a decentralized, permissionless, and secure approach for interoperability. Wanchain has employees globally with teams in Beijing (China), Austin (USA), London (UK), Kuala Lumpur (Malaysia), Paris (France), and Madrid (Spain).

You can find more information about Wanchain on our website. Additionally, you can reach us through Telegram, Discord, Medium, Twitter, and Reddit. You can also sign up for our monthly email newsletter here.