WIP: WIP-0027 Layer: Consensus (hard fork) Title: Increase the age requirement for using transaction outputs as collateral Authors: Adán SDPC Discussions-To: `#dev-lounge` channel on Witnet Community's Discord server Status: Final Type: Standards Track Created: 2022-10-26 License: BSD-2-Clause
This proposes an increase to the age requirement for using transaction outputs as collateral. The new required age will be 13440 protocol epochs, i.e. 1 week. This improvement aims at strengthening the protocol's security and economics.
Collateralization in Witnet means that nodes that become eligible to take part in resolving a oracle request need to lock a certain amount of Wit coins upon publishing their commitment transaction. If their committed values pass the filters in the eventual tally of the request, they get the collateralized coins back. If they do not pass the filters (aka liars), they lose the collateralized coins.
To use a transaction output (UTXO) as collateral, it must have existed for more than 1,000 epochs (12.5 hours). We often call this the UTXO age requirement.
Its current value was set in the Witnet testnet times (2019) and was never adjusted to the mainnet reality.
Collateralized coins are refunded to their owners in the tally transaction, with a new UTXO age of 0 epochs.
The point of collateralization is twofold: (1) deterring bribery attacks and (2) sybil resistance.
Bribery attacks on oracles like Witnet, and the role of collateralization for deterring them, have been discussed at length in this Medium post.
Collateralization provide sybil resistance because it creates exclusion of resources. The same coins cannot be collateralized on multiple identities at the same time, and you can only move the coins from one identity to another just as fast as the minimum UTXO age requirement allows.
Thus, the amount of identities that an actor can operate in parallel is bounded by the amount of Wit coins they own, divided by the amount of coins that they could need to collateralize in each of them, over a period equal to the UTXO age requirement.
A minimum collateral requirement for each oracle request is currently enforced by the protocol, and set to 1 Wit. Requesters can freely decide to increase that requirement for any specific request.
Some ballpark estimations suggested that, at sub-cent values for a Wit coin, the balance requirement for running a node is around 8,000 Wits. A further analysis with an ARS simulator tool yielded even lower figures, ranging from 3,000 to 5,000 Wits per identity.
Those numbers do not look specially good for credible resistance to bribery and Sybil attacks. As Witnet starts to secure more TVL on its dozens of supported chains, we need to improve the economics of the protocol, and grow the amount of value that node operators put into securing the network. In a decentralized oracle protocol like Witnet, any economic improvement is also a security improvement.
Arguably, we could advocate for raising the minimum collateral amount. In theory, if we make it 100 Wit instead of 1 Wit, we could increase the total staked amount of Wit tokens (our own TVL, let's say) by the same factor. However, as it is on the requester to choose the right collateral requirement for their use case, increasing the minimum would only hinder the flexibility of posting cheap requests, may we adopt a collateral-to-reward ratio.
The main point in increasing the minimum collateral would be to force requesters to adjust this parameter instead of defaulting to the minimum. However, increasing any consensus constant denominated in Wit can always have unexpected side-effects if the price of the Wit coin goes up significantly.
Increasing the UTXO age requirement however has zero compromises to oracle queries. This change would be transparent to end users, and would not affect the cost of the queries may we adopt a collateral-to-reward ratio. The only impact of this change would be on node operators, who would be urged to deposit more Wits into their identities in fear of missing a chance to witness because they lacked old-enough UTXOs.
An extension to the UTXO age requirement should help multiply the total collateralized value proportionally. Therefore, a proposal like this that extends this parameter, clearly aims to grow the total collateralized value as much as possible to mitigate the undercollateralization of the protocol. That is, the more we grow the share of the circulating supply that is locked into collaterals, the more the security of the protocol.
The main downside to a longer UTXO age requirement is that new identities will not be able to witness for a longer initial period, that is, it would extend the bootstrapping time of new nodes. Hence why the new proposed value for this requirement is only 1 week, which is significantly greater than the current 25 hours, but still a reasonable wait for a node operator.
Another consideration when increasing the UTXO age requirement is the potential disruption to the the oracle quality
of service of the network that could happen right after activation of the increased requirement. If not enough nodes
in the network happen to meet the new requirements at that time, a number of oracle requests may go unresolved and just
get an InsufficientCommit error in their tally transactions.
Although mechanisms for smoothly transitioning into a longer UTXO age requirement were taken into consideration, they were ruled out for being overly complex, and a further analysis on the composition of the UTXO set proved that such measures would be useless in practice, given the enormous headroom in terms of available old-enough collateralizable value that rests in UTXOs controlled by frequent ARS members with non-zero reputation.
(1) The UTXO age consensus constant MUST be increased to 13_440 epochs. That is, for an unspent transaction
output to be accepted as a collateral input in a commitment transaction, it MUST exist for at least 1 week prior to
acceptance of such commitment transaction into a block in the chain.
Upon entry into force of the proposed improvements:
- Blocks and transactions that were considered valid by former versions of the protocol MUST continue to be considered valid.
- Blocks and transactions produced by non-implementers MUST be validated by implementers using the same rules as with those coming from implementers, that is, the new rules.
- Implementers MUST apply the proposed logic when evaluating transactions or computing their own data request eligibility.
As a result:
- Non-implementers MAY NOT get their blocks and transactions accepted by implementers.
- Implementers MAY NOT get their valid blocks accepted by non-implementers.
- Non-implementers MAY consolidate different blocks and superblocks than implementers.
Due to this last point, this MUST be considered a consensus-critical protocol improvement. An adoption plan MUST be proposed, setting an activation date that gives miners enough time in advance to upgrade their existing clients.
The protocol improvements proposed herein will affect any library or client implementing the core Witnet block chain protocol, especially the commitment transaction validation rules.
Libraries, clients, interfaces, APIs, or any other software or hardware that do not implement or apply commitment transactions and block validation will remain unaffected.
A reference implementation for the proposed protocol improvement can be found in the pull request #2347 of the [witnet-rust] repository.
An activation date is proposed for March 9 2023 at 9am UTC, that is, protocol epoch #1682000.
From the perspective of TAPI, the signaling bit is 8 (0b00000000000000000000000100000000) and the
first_signaling_epoch is set to #1655120 (February 23 at 9am UTC).
This proposal has been cooperatively discussed and devised by many individuals from the Witnet development community.