sunnya97.com

Mesh Security: Why we don't need L2s

July 20, 2023 • EthCC

Mesh security in the Cosmos ecosystem enables economic interdependence among sovereign blockchains through bilateral restaking, fostering a decentralized network that contrasts with hierarchical blockchain models.

Summary

In this talk, I explored the concept of Mesh Security within the Cosmos ecosystem, emphasizing its departure from traditional hierarchical blockchain structures towards a more decentralized and interconnected model. We discussed how Cosmos operates as a network of sovereign chains, leveraging a standardized protocol called IBC, which allows for seamless interaction between different blockchains. I delved into political theory, drawing parallels between blockchain network topologies and governance systems, highlighting the importance of distributed architecture. We examined current consensus protocols and the challenges they face in scaling, ultimately positing a vision for a mesh security framework where chains could engage in bilateral restaking agreements, enhancing their economic security by pooling resources without losing their sovereignty. I also touched on the potential for integrating various types of assets and staking mechanisms across networks, ensuring that the economic interdependence of chains could foster a cooperative security environment, akin to a modern alliance like NATO.

Key Takeaways

  • Cosmos aims to create a decentralized ecosystem of interoperable blockchains, emphasizing the importance of sovereignty and point-to-point connections rather than a centralized settlement layer.
  • The concept of mesh security is introduced, where chains can mutually restake their tokens to enhance economic security, allowing for a network of bilateral agreements rather than a hierarchical structure.
  • Restaking allows validators to opt into additional slashing conditions, which can be applied across different blockchains, enhancing security while giving chains autonomy over how they manage their economic security.
  • Economic interdependence between chains can foster mutual security, similar to international alliances like NATO, where individual chains can benefit from collective security arrangements while maintaining their sovereignty.
  • Governance systems on each chain will determine how to value restaked assets, enabling flexibility in managing economic security without relying on a centralized approach.

Detailed Analysis

In my recent exploration of the Cosmos ecosystem through a talk on mesh security, I was struck by the innovative approach to blockchain interoperability and security being developed within this framework. The key theme revolved around the concept of shared security among blockchain networks, contrasting sharply with the more centralized models often seen in traditional blockchain ecosystems. Cosmos's architecture promotes a mesh network of sovereign chains, where each chain operates independently yet communicates and collaborates with others through the Inter-Blockchain Communication (IBC) protocol. This decentralized model not only enhances security but also fosters a more equitable distribution of power across the network.

This idea of mesh security reflects broader trends in the tech landscape, where decentralization is increasingly viewed as a necessary antidote to the vulnerabilities inherent in centralized systems. As we witness rising concerns over data privacy, security breaches, and monopolistic practices in the tech industry, the push for decentralized alternatives is gaining momentum. Mesh security stands at the forefront of this movement, offering a solution that allows chains to leverage each other's security without succumbing to hierarchical dependencies. It’s a compelling vision that aligns well with the ethos of the internet itself, which champions open and distributed systems.

The implications of adopting a mesh security model are profound. By enabling bilateral restaking agreements between chains, Cosmos not only enhances economic security but also fosters deeper economic interdependence among networks. This could lead to a more resilient ecosystem where the failure of one chain may not necessarily jeopardize others. However, the talk also highlighted potential limitations, such as the complex governance required to manage these interdependencies and the economic motivations driving these agreements. The reliance on the governance systems of individual chains to establish value for restaked assets could introduce inconsistencies and governance challenges, potentially undermining the very decentralization that mesh security aims to achieve.

One of the strengths of this approach is its flexibility; it can accommodate various protocols and adapt to emerging technologies. Yet, I couldn’t help but wonder about the scalability of such a system. As the number of chains increases, so too does the complexity of maintaining and managing these bilateral agreements. If not carefully designed, it could lead to what I call a “complexity bottleneck,” where the overhead of managing inter-chain security outweighs the benefits. This brings to light a crucial aspect of the discussion: while mesh security is promising, its practical implementation will require robust frameworks for governance and economic modeling.

This video is most useful for developers, blockchain enthusiasts, and policymakers interested in the future of decentralized systems. It provides a compelling vision of how blockchain networks can evolve to be more secure and interconnected while emphasizing the importance of designing systems that prioritize decentralization. For those looking to navigate the complexities of blockchain interoperability, the insights shared here offer valuable guidance on both the potential and challenges of building a truly decentralized network of chains.

Transcript

Speakers: A
**A** (0:15): Hello everyone. Thank you guys for coming. My name is Sunny Agrawal. I will be giving a talk today called Mesh Security. A little bit about me for anyone who doesn't know. I work on a project called Osmosis, which is a interchange Dex built primarily using the Cosmos stack. And in the Cosmos ecosystem. Today I'm going to be talking a little bit less about Osmosis, more about the Cosmos ecosystem as a whole and this idea of how we are bringing shared security into Cosmos and how it differs from the models that you see in most of the other blockchain ecosystems today. So, you know, so what is Cosmos? Cosmos is this network of many interoperating chains. Each of them have their own sovereignty, they have their own validator set. And then there's a standardized protocol called IBC that allows tokens to tokens, data, smart contract calls, anything to go between them. But the most important thing to note about the Cosmos ecosystem, as you can tell from that diagram, is there is no center to the ecosystem. Right. It is very much this Mesh style system of like, you know, there's point to point connections between every chain. There's no such thing as a single settlement layer in our system. Rather, every chain is the settlement for its own native tokens in its own native state, which we will come back to. So before we get continue talking about blockchains, I want to take a little bit of a detour and talk a little bit about political theory. I'm sure everyone has probably seen some version of this meme before, like the authoritarian, the political compass system. And I saw this like meme on Twitter like three years ago. That's always stuck with me for a really long time, which is it was basically taking network topologies and overlaying it onto the political compass. And so you have, you have your authoritarian versus libertarian axis depending on how hierarchical the system is. And then you have the left right axis being sort of how equal different nodes are or whether you have more power laws taking place in the right based systems. And so this begs the question, okay, how do we want our network topologies in blockchains to be organized? And so in Cosmos, we call ourselves. The tagline of Cosmos is we call ourselves the Internet of blockchains. And part of it is we actually did take a lot of inspiration from the architecture design of the Internet as it was developed. And one of my favorite quotes from David Clark, one of the early, early Internet pioneers, we reject kings, presidents and voting. We believe in rough consensus and running code. If you're rejecting kings and presidents, what we're trying to build is we can't be building these hierarchical systems. We want to be building network topologies that are fundamentally distributed in nature. And so these green systems seem very nice and enticing. We've, you know, built and we have systems. How do you make these green systems work? You need these things called consensus protocols. And we've built many different types of consensus protocols. You know, we have BFT consensus protocols like, you know, Tendermint or Casper and stuff, right? You also have political green consensus protocols like democracy. The thing with these consensus protocols, while great, they don't scale infinitely, right? Like you need point to point connection to make these things work. That's why Tendermint is a relatively complex protocol. It doesn't scale to tens of thousands, hundreds of thousands, millions of nodes, but it scales to thousands of nodes pretty well. Democracy, right? This is a picture from Oppenhollern, one of the Swiss cantons where they do real live like open air democracy. But that's like true direct democracy because you do have a synchronous communication medium for N squared communication. And that synchronous communication medium is line of sight. But obviously this doesn't scale as systems grow, right? And so what we've done so far in blockchains today is we've built many, many green systems. Each of these are called blockchains. They all have their own internal consensus systems. And now the question that like faces us or is how, what is the meta topology of these systems going to look like, right? How are these systems going to interact with each other? So one option that is where I see most of the rest of the blockchain ecosystems going towards is building these very hub and spoke style systems where you have a single chain that acts as the settlement layer, the source of security for the entire system. And then everything else is These rollups or L2s or subnets or parachains or whatever word you want to call them. You fundamentally have this system where there's all security emanates from one place. And I don't know, I just personally see this as fundamentally creating a very top down hierarchical system at this meta topology layer. This is not how the Internet was designed and I don't think this is how the interchange should be designed either. Now you have people going for these L3s like, okay, bringing in even more hierarchy. My take is, you know, we very much have to be building, even at the meta topology level, we need to be building these either green or yellow systems, right? Green systems, maybe they'll work. We've had ideas of how can you run meta consensus protocols, like you can run a consensus protocol between blockchains themselves. So I think that is a direction that is possible. But I think what is most natural, what is probably going to end up happening is, is we're going to move towards this world of a yellow style system. And as I mentioned, this is basically what we've done in Cosmos today. We have this yellowish network of all these chains are talking to each other in their own mesh system. Not all chains are connected to every other chain. Some chains are far more connected than others, the ones that have more economic activity and stuff, but you let the power laws of the system naturally decide how, how these connections form. But okay, so now coming back we have this question again of how is the security in the system going to work? Because today every single one of these Cosmos chains has its own validator set, its own proof of stake system and our security is much more fragmented. So how are we going to solve this? So let's look at like we're going to think here mostly about economic security. We'll talk about like, you know, fraud proof, validity proof stuff later down the road. But when we come to economic security, I'm going to use this sort of diagram as a key. Basically, you know, we have, if you have this hexagon that means a blockchain, a circle inside of it is the validator set. And the line is that means that validator set validates that blockchain. So today what do we have? We have these sovereign blockchains. Let's say you have a chain like Osmosis, you have another chain called Axelar, they both have their own token. Osmosis has Osmo as its staking token, Axelar has Axel as its staking token. Cool. Then we can move towards a world where, I'm going to skip this one, where you can get this sharded replicated security where what you can say is hey, a subset of a larger validator set can be validating another chain. That chain doesn't need its own validator set. Right. And so this is sort of what Eigenlayer is building right now on Ethereum, right? It's saying like, hey, we're going to use this restaking system and say a subset of the ETH validators can choose to restake and help secure this other another system. Whether it's a roll up or ADA system or some Oracle protocol or whatever it is, right? You have this subset system which is cool. Inevitably I think this is not going to the incentives of this aren't going to fully work out. And really what's going to end up happening is all these projects are going to want to have their own tokens as well, because incentives. And so really you can imagine something like osmosis still tapping into something like eigenlayer. So while we have our own OSMO token used for proof of stake, we can augment our security with ETH restaking. So now basically you can come in and you can either stake OSMO directly or you could restake ETH to help secure the osmosis chain. And so I do imagine that this is in the current trajectory, this is how we're going to start to see a lot of the economic security in the Ethereum ecosystem playing out, where you're going to have projects, chains that have their own native token plus E3 staking to help secure it. If anyone follows the avalanche ecosystem, this is kind of very similar to the direction that they're going as well. But at the end of the day I still see this as a fundamentally red system where you still have most of the security emanating from one place. There's like centralized points of failure here. And it's this very, I call it the empire model of blockchains, where everyone is subservient to the 1. You have the empire, the core and then you have the periphery, right? And everything else is this periphery. What we want to build towards is this world of that we live in today of nation states and city states, right? Where it's like, okay, so as you can probably tell, I really like my political analogy. So when I look at this, it's like, okay, how does security work in the real world today between countries? The greatest security alliance in the world today is probably the NATO alliance, right? And the NATO alliance is interesting because it is not this empire and colony system. Rather it is an alliance between mutual like you know, 30 countries or I don't know the exact number, but like 20, 30 countries where it's an equal alliance where they all basically agree that hey, if any one of us is attacked, the others rush to each other's defense. But what's important is they all still maintain their own sovereignty. They all have their own militaries, they all have their own like governance systems, their own. And what they're getting by joining this alliance is they're getting the sum of, of all of their military capacities to help defend any one of them, right? And so it's basically this network of similar such alliances that have been built up throughout the world that have Basically kept the relative peace over the last 180 years. On a relative scale of humanity, we've been in a pretty good peaceful time. And one of the things that I think, think is really interesting is how the relationship between economic interdependence and like, military security dependence, right, where like, out of, I think only four EU countries are not part of NATO. And that shows that, like, okay, look, there's like a lot of, within the European Union, the amount of economic interdependence leads people to want to have this sort of military or security interdependence, right? Where these things are very tight. And so this goes very well with something in blockchains as well, right? Like, let's say you take two chains that today are very sovereign, Osmosis and Axelar. Osmosis is a dex. We use Axelar as our primary bridge for bridging assets from the EVM ecosystems onto osmosis. And, you know, today osmosis makes up, I think, like, 70% of Axelar's, like, usage. So we're obviously one of their biggest customers. Meanwhile, this is a little bit outdated. Like, four out of the top five pools on osmosis are via bridged assets from Axelar. There's clearly high levels of economic interdependence between these two chains, and it would suck really bad for either of us if the other got attacked. Right? And so this is why the natural model that I imagine arising is this idea of mesh security where you're gonna have bilateral restaking between blockchains. So the osmosis chain will say, hey, you can use osmo to stake on osmosis, but we'll also allow restaked axle to help secure the osmosis chain. Meanwhile, the same will happen with the Axelar chain. Axel our chain will allow axle to secure it, but it'll also allow restaked osmo. And when the incentives play out, basically, you're going to end up in a world where almost all staked osmosis going to be restaking on Axelar and all Axel is going to be restaking on osmosis. And you basically get a system where both chains have the sum of their economic securities together. Let's say you add in a third chain into the mix. Mars is a lending app chain being built on Cosmos. And so, okay, now you're going to have the sum of all three chains security system. Then keep in mind what's interesting here. It is like a bilateral treaty. So this is one thing that makes it slightly different than NATO, because NATO is NATO is more of like a green system where it is like a multilateral thing, while this is a network of bilateral treaties and you let the mesh play out and see how security systems grow. What's really cool about this mesh security framework that we're building is it can be plugged in into other things can be plugged in into it as well. So something like eigenlayer can be plugged in to the mesh security system. So we're working with a team called Union to basically build this connection where you can use restaked eth to help secure Cosmos chains as well, in the same way that you can use Cosmos restaked assets as well. And then there's a project called Babylon, which is building restaking for Bitcoin. So, okay, great. Now we're going to allow rest. Well, I guess it's not restaked because Bitcoin is not staked in the first place, but you'll allow staked Bitcoin, restaked eth, and restaked Cosmos assets to all secure all of these cosmos chains. So restaking itself. I think most people here, if you're familiar with eigenlayer, it's a pretty familiar concept, but I'm just going to go through it really quick. It's basically this idea that when you stake Amelia, when she stakes her OSMO shell, what is she doing? She's basically opting herself into a slashing condition. She's saying, hey, I'm delegating these tokens to the figment validator. And if the figment validator does anything malicious, I want my tokens to be slashed. With restaking, all it means is you are basically opting yourself into additional slashing conditions. So it actually works a little bit differently than eigenlayer, where eigenlayer, they're very much dependent on these staking derivatives. And you stake the staking derivatives. We think that kind of adds unnecessary risk, like kind of forcing people into using staking derivatives. We've actually built this as a core primitive into our staking module, where you can basically take any staked asset and opt yourself into more slashing conditions. So Amelia can basically say, hey, on the Cosmos Hub blockchain, I also want to be slashed if the figment validator does anything malicious. And you can also. But you don't even have to be for the same validator, right? You can say, hey, I want to be slashed if the notional. Sorry, I don't know why that's. There must be a bug. I want to be like, slashed if the notional validator does anything malicious as well. And so basically let's say anyone does something malicious on a different chain, her OSMO will get slashed. One of the important things about building these systems core into the protocol is you can have your chain actually be smarter. There's all these concerns right now about how much are we over leveraging the stake that's being used with eigenlayer. Right. By building this into the protocol, you can have your chain make decisions such as, let's say I'm getting where let's say something like osmosis is allowing atoms to be restaked on the osmosis chain. We can say, hey, we never want more than 10% of our chain's voting power to come from restaked atoms. So what will happen is atoms will keep getting staked, the voting power made up by atoms will keep going up, but at some point it hits some cap and even as more atoms gets restaked, that's fine, but it's not going to let the, the consensus voting power of that restaked atoms ever increased past 10%. You can also have this happen from the consumer side as well where you can say, hey, our chain is going to be able to detect, you know, OSMO is being restaked. We're going to decrease your voting power for your OSMO on our chain slightly because we know that you're restaked OSMO is not worth as much to our chain security as non restaked osmo because there's not additional liens on this. So basically by building these restaking protocols core into blockchains rather than externally, you can allow the blockchains to have more opinions on how to weigh the value of restaking and how it affect its own native security. Okay, so versus roll ups, this is kind of going in a slightly different direction. So far we've talked mostly about economic security. This is more talking about like, all right, let's go into it. So what is an L1 and L2, right? So what is a blockchain as a whole? It's basically these three levels, right? You have execution, settlement and data availability. And I think it's actually slightly wrong. I think their order, that's the typical order you see it in. I think it really should go execution, data availability, settlement, because that's the order that things happen. You have to, you execute something that you've proved data availability and then you settle once you prove data availability to the settlement system. So today the model of the world is very much this idea of L1s and L2s where you have settlement on the L1 execution on the L2, you have an asset like ETH, you flow it onto L2, you do things on it. However, you have this issue of what about assets that originate on the L2, what does it mean for them to settle on an L1? Because without the environment of the execution environment, the assets themselves are not meaningful. Imagine you had an LP share for a token for uniswap on optimism. That LP share is meaningless to you on the settlement chain because without the rest of the execution system, it doesn't really do anything. Right. And so really this world we're actually going towards is this idea that every chain is an L1 for its internal state and an L2 to its foreign state. So I think I'm running out of time. So what I recommend for this stuff is go check out this blog post from DBA. It's basically about this idea that all L2s are actually just bridging protocols with fraud proofs. And you know, this is kind of the world that Cosmos kind of sees as well. So I'm going to leave it there. Does anyone have any questions? Yes. Yeah, I was wondering, with all this restaking stuff, where do you see staking rewards going? Because obviously what mostly drives crypto is economic motivation. So why do people restake its price? To increase their yield? Yeah, I sort of see that as potentially causing some problems. Yeah. So what will happen is that it will be up to a chain to say, hey, okay, something like osmosis. We're going to say, oh, we want to allow axle to be restaked on our chain and then we have to provide some mechanism of like we would have to divert a portion of osmosis staking rewards or revenues or whatever to that restaked axle. Right. So there's some claim that we're making that, oh, there's some, you know, we're getting a certain amount of benefit from allowing that axle to be restaked. But what's going to happen is like at the same time the axel, our chain is also going to divert a portion of its revenues and staking rewards to restaked osmo. So it's basically going to be these like bilateral agreements where at the end of the day I actually think the actual aprs for people is not actually going to change because whatever slightly decreased OSMO rewards you're getting, you're going to be get, you're going to get made up for by rest staking of axle. But this incentive system is going to push everyone to restaking everywhere. And that's how we get this. Like basically both chains are going to be secured by the sum of the 2 market caps. So if I understand correct, people who would not restake would be sort of slack. They would be getting slightly lower rewards. Yeah. Yes. So if that's, if that's the conclusion, if it, if, if everybody has to restake on every protocol and we're increasing the computational overhead of all the validators, are we just recreating Solana? No, because, so, okay, that's, so that's kind of what I was trying to get across here. So what we actually do is staking is not actually restaking is not done at the validator level. It's done at the staker level. It's up to a staker. So in Cosmos we have this notion of delegation very natively into the protocol where you have validators and you have delegators and the delegators choose validators to delegate stake to. The key here is you don't have to delegate, you don't have to restake to the same validator on every chain. If you had to do that, then yes, that would not be cool. Because now it's going to benefit only the few validators that have the capacity to stake on. To find validators for hundreds of chains, they're going to get all the delegation. But instead here we can be like, oh, I want to delegate to figment here, but they're not running on this other chain. I'm not incentivized to read remove from figment on my first chain. I can just choose. I'm going to restake my current stake to a different validator that I do like on this other chain. So you have to remove. We remove validators from the equation. The restaking decisions are done by stakers. Another thing to note is it doesn't have to only be for consensus protocols and for blockchains themselves. You can build restaking for all sorts of things like Oracle protocols, DA systems or fraud proof style systems, anything you want. The way we've implemented mesh security, it's just like interface that you can plug in arbitrary. We call them slasher contracts. So the first contract we've written is a tendermint fraud proof system. But we can write further slasher contracts where you can say like, oh, if I restaked on this Oracle provider and their Oracle price is this much divergent from all these other Oracle providers, like, okay, they're going to get slashed as well. So you can use this restaking for all sorts of things. So let's talk about economics for a second because I noticed you went on that a little bit. How do we value another chain stake on a different chain? So if the value of a stake decreases dramatically or increases dramatically, the voting power that stakeholds should change. So how do you actually value that? Because I feel like on every different chain the price of Ethereum or the price of wrapped Bitcoin is different. Yeah. So this we've left as a decision up to the chain that's implemented. So we call this, so we call these like provider and consumers. So in this case we'd call the osmosis the consumer chain and Ethereum the provider chain because it's a restaking of ETH on osmosis. How to value restaked ETH relative to native OSMO stake is a decision up to the governance system of the osmosis chain. So the way that we would do it on osmosis is we're a dex, we're just going to use the T wop prices from our dex. Right. So one thing is we actually do have something very similar to this whole system already in osmosis today. It's called mesh security and what it's called superfluid staking. And, and what that does is we allow you to use LP shares from our DEX in our proof of stake protocol. So we can say like we actually today you can say, hey, I'm going to take my OSMO ETH LP share and stake it. And what we have to do is we do have to make certain risk assumptions about ETH and so we provide a discount factor on it. We say that, oh, we're only going to use 50% of the economic value of this OSMO ETH LP share in the proof of stake system. And so you usually will provide a significant discount on the, on the economic value. So let's say it's a 50% discount and then you can choose like how it's okay, you don't need to be like perfect on like what the economic value is. It's not like that's why taking like a really slow twop, that's like a one week long T wop or something as long as you're making this assumption that like hey, the price of this asset is not going to change more than 50% relative to your native token in whatever your twop period is. And then we also have all those other security systems in place as well. Be like, oh, this asset cannot make up more than 20% of our economic security or anything like that. If your chain doesn't have a dex on it, doesn't have your own twops, you can do things like one osmosis provides twops over IBC to all the other Cosmos chains today. But the other thing you can do is you can use things like validator provided price oracles, which is another module we wrote where you can basically have the validators of your chain provide on chain price oracles that you can use as the weighting system. Okay, thank you. We need to finish now to have time for another talk. If you have more question to the speaker, you can grab him afterwards. So thank you so much. Thank you. Sam.