Delegation Markets

Please bear with as I provide some background to motivate this.

Nomadic is planning on introducing shielded transactions through a contract that will compute zk-SNARKs from Merkle trees. The major weakness of this approach is that transactions can be analyzed based on values and timing coming in and out of this contract. There are two issues here. One places the onus on individual users to have good operational security, i.e. using delays and splitting the values of outputs similar to when using mixes in Bitcoin. This seems okay to me.

The second issue is that the anonymity set in the shielded contract is only as strong as how many users choose to store value in it. If few users do so, then it becomes easy for an entity to own the anonymity set and create a false sense of privacy. This is a huge problem, among others, in Monero. It’s also arguably a problem with Zcash due its anonymity set being so small, although to my knowledge no one has so far provided an analysis of this.

However, the major difference between this contract and Zcash’s division of transparent and shielded addresses is that in Tezos we’d be financially disincentivizing users from storing value in this contract through inflation. My idea to solve this involves another use of zero knowledge proofs that’s been proposed for Tezos: anonymous delegation. The entire pool of tez stored in the shielded transaction contract could be delegated anonymously, thus killing two birds with one stone as far as features. In addition to the benefits of anonymous delegation, users would now actually be incentivized to increase the anonymity set for shielded transactions even if they themselves don’t want to use them.

So who would be the delegates for the shielded pool? Ideally they would be determined by a market. Bakers could set bids for a certain number of tez that would be automatically fulfilled in order of highest rewards.

This also incentivizes users to leave tez in the shielded pool for longer periods in order to prevent large delegates from being able to analyze the output based on the reward value and determine who was delegated to them, although large blocks may end up being split between multiple delegates.

Another possibility to increase anonymity is to provide the option of locking up the shielded tez for longer intervals with longer maturities commanding a premium in rewards payouts. Something like anonymous T-bills.

Thoughts? Criticism? Has anything similar been floated in other contexts?

12 Likes

Hey @sophia interesting questions you’ve raised, and I’m glad you brought up the topic. I think another implementation that could resolve some of these concerns could be through bakepools, have you looked into it? It’s a not-for-profit ecosystem project that I’ve been working on.

For one thing delegates can delegate to a bakepool instead of to an individual baker. The bakers who bake on the pool can be whatever criteria, respectively, that the bakepool manager for that pool sees fit.

    • Perhaps some bakepools focus on marketing to delegates want to have full KYC/AML/(whatever-else)–compliant data on each bake in the pool to which they are delegating. (and would probably charge their delegates the higher-end of fees because of the cost of that service, as well as pay their bakers the most)
    • Perhaps other bakepools target-markets delegates who are okay with not having info on each baker, and such a bakepool competes on their own reputability and their delegate market honors that (and would probably charge mid-range fees, and pay bakers well, but less than if their data were fully disclosed )
    • Perhaps some other bakepools are fully anonymous for themselves and their bakers, and although this would be arguably more risky, that in exchange for that higher risk incurred by the delegate, that bakepool charges the lowest fees— that being the tradeoff. likewise, those bakers would earn the least in exchange for full anonymity that’s tiered not only by a shield but a bakepool as well.

Also keep in mind bakepools would differentiate themselves in other ways as well. This is an example of just one dimension of tradeoffs that the bakepool mechanism will enable, with respect to the topic you’re raising :slight_smile:

1 Like

Thanks for bringing this to my attention. These ideas do seem naturally related.

I just tried looking into bakepools, but can’t find anything more specific about how they’d actually work. Do you have anything you can link me to? I’m specifically wondering whether they can be implemented, at least for the time being, without programmatic staking? The big implementation problem with what I suggested above is that the shielded transaction contract can’t split its delegation rights.

Wrt KYC, I view the lack of it here as a feature. By giving an advantage to small independent delegates we increase censorship resistance. It’s great that Tezos is attracting institutional bakers because they offset the political risk of having fully anonymous transactions. However, it’s easy to imagine a future in which custodians like Coinbase dominate delegation, making the network more centralized. The advantage of an anonymous pool is that institutional bakers could not participate. So in addition to allowing unpopular token holders to avoid censorship in delegation, the competitive fees resulting from a more liquid and efficient delegation market (whether through a matching engine or a syndicalist approach) would both give small independent bakers access to a large pool of delegated funds and prevent price fixing by their institutional counterparts.

Finally, @cwgoes pointed out a major flaw in the design I laid out above: bakers could set fees to zero in order to essentially purchase voting rights. I have no problem with buying votes, but they need to be fairly priced. It doesn’t make sense that someone who owns 8.25% of the shielded pool should be able to capture all its voting rights simply by offering free baking for a short time. Ideally, pricing of fees would be decoupled from pricing of voting rights. Again, not sure about your implementation, but I would think a bakepool might be able to accomplish this.

2 Likes

Hi Sophia! Yes, this can all be done without any protocol upgrades. We’ve confirmed this. You are correct in that the interactive ‘feel’ of how you’ll be operating with a bakepool is something that should be explained a bit more. I’ll be pumping out some articles on this over time.

Bakepools will help prevent large bakers from dominating delegation. Right now baking delegation services are dominated by a few large fiefdoms that retain dominance through slotting mechanisms (being pre-loaded selections in wallets) and other anti-competitive norms we’ve fallen into. Bakepools will tier the supply chain so that the marketers can focus on marketing and bakers can focus on baking, etc.

Even if you are a big organization like Coinbase, it would probably even be better for you to go with a Bakepool. Bakepools don’t just make things more fair, they also diversify risk ipso facto by diversifying vendors. It’s perhaps even more critical for an insured and regulated organization with many institutional investors and many institutional, clients consider using an external bakepool instead of doing it in-house. Or at the very least, to operate a bakepool in-house.

Within a bakepool delegation is distributed equitably to a standardized rate for all bakers in that pool. The bakepool manager sets the rate. The individual baker canNot get a larger share by expressing willingness to take a smaller fee.

Bakepools will compete with each other based on how they tinker with their own variables like degree of KYC vetting (or no vetting), and amount % in fees given.

How are bakepool managers determined?

Anyone can be a bakepool manager (BPM) and curate a network of bakers and client delegates. They can range from open-to-exclusive on either end of the market. The BPM sets reward distribution rates as distributed to the different parties participating in the bakepool.

The keys that originate the smart-contract of a ‘bakepool’ are that of the BPM. Even with multi-sig elements, the BPM is the ‘owner’ with the ultimate authority.

That’s the plain mechanics of it. But the real “color” to this process will come via the entrepreneurial efforts to be made as people start their own bakepools or convert their current bakers into bakepools.

Sorry, missed your response for some reason.

To be honest, I don’t love the structurelessness of this.

Sure please be honest. What do you mean by ‘structurelessness’ of it?