Blockchain Learning, Proof of Stake

Celo’s Approach to Decentralization

By Connor Smith

Note: This is the final installment of a series exploring different approaches that blockchain networks have taken to achieve decentralization. Part 1 introduced decentralization and the inter-play it has with certain aspects of crypto networks like governance, incentives, and network architecture. If you missed that article I highly recommend going back and reading it here. The remaining articles have been examinations of the decentralization on Bitcoin, Factom, Cosmos, Terra, and Polkadot/Kusama. If you missed those and would like to go back and read them before we dive into Celo, you may do so, here, here, here, here, & here respectively.

Hey everyone, thank you for joining me again as our thoroughfare through varying approaches to decentralization comes to a conclusion. From the first crypto network, Bitcoin, to the new generation of ‘meta-networks’ like Polkadot and Cosmos, we have seen quite a few different ways networks have attempted to decentralize and how that has influenced their design. We have seen how factors like application design criteria and consensus architecture (i.e proof-of-work vs. proof-of-stake) influence the decentralization of a networks’ resources and participants. Moreover, by taking a chronological approach in the networks examined throughout this series, we have seen the evolution of the crypto industry over the better part of a decade and will be ending with the youngest protocol we have seen thus far, Celo. Aiming to overcome price-volatility and ease of use problems associated with many cryptocurrencies, Celo seeks to bring financial infrastructure and tools to anyone with a smartphone. 

To reach this goal, Celo is taking a full-stack approach and introducing innovations at the networking and application layers with technologies like a lightweight address-based encryption scheme, an ecosystem of stable-value tokens, and novel system architectures. The project is backed by some of the most prolific crypto investment partners and Silicon Valley tech titans like a16z, Polychain Capital, Coinbase, Reid Hoffman, and Jack Dorsey to name a few. The protocol has been making waves over the last few months due to its rigorous incentivized testnet competition, known as the Great Celo Stake Off, the rigor of which was recounted two weeks ago by our CEO Nate Miller. The Stake Off is entering into its third and final phase and the mainnet is slated to launch later this year, making 2020 a big year for the protocol. So without further ado, let’s dive into Celo!

So What is Celo and How Does it Work?

Celo was launched with the mission of building a financial system capable of bringing conditions of prosperity to everyone with a smartphone. To create such an environment, Celo has proposed a theory of change to satisfy the following three verticals: satisfying people’s basic needs like access to food & healthcare, the ability to enable an individual’s growth potential, and increasing people’s social support for one another. All aspects of the protocol, from its architectural decisions, to development efforts, and even all technical and community projects support activities tied to enabling these three conditions and ensuring such a system is created. Work on the project began in the summer of 2018 when entrepreneurs turned GoDaddy executives Rene Reinsberg and Marek Olszewski raised their initial seed round of $6.5 MM from some of the Valley’s top Venture Capitalists. The pair had exited their prior company, Locu, to GoDaddy in 2014 for $70 MM, and had since been serving as vice presidents in the restaurant and small business division of the firm. Armed with little more than a white paper at the time, the team got to work and in less than a year the first public testnet was released. Celo aims to achieve its mission of bringing conditions of prosperity to everyone and being a mobile-only payments platform through the following two features: mapping users public phone numbers to an alphanumeric string (public key) needed to transact on the network, and using a network of stablecoins pegged to a basket of different cryptocurrencies to minimize price volatility.

The team believes that creating a price-stable, more user-friendly transaction experience is the only way that a cryptocurrency payments solution will see success, and thus has sought to redefine the entire blockchain networking stack to optimize for these characteristics. Hence, Celo is a mobile-first solution operating as a proof-of-stake smart contract platform based on Ethereum and composed of the following three components: lightweight identity for a better user experience, stability mechanism for stable-value currencies, and systems for incentives and governance to ensure platform stability. An image of the Celo stack may be viewed below.

Celo’s lightweight identity system utilizes a variant of identity-based encryption known as address-based encryption to overcome traditional user experience issues associated with transacting cryptocurrencies. Instead of the canonical having to download a wallet, generate a public/private key pair, and provide whoever is sending you crypto with a long hexadecimal address, Celo’s address-based encryption ties a user’s phone number directly to a Celo wallet. This allows the phone number to be used when a payment is initiated instead of the actual Celo address when a payment is initiated, simplifying the payment process. Additionally, only a cryptographic hash of the phone number is stored on the blockchain to preserve privacy. Celo also allows a user to link multiple phone numbers to his or her wallet address to protect against losing a phone or changing numbers. Celo also utilizes a social reputation mapping algorithm on top of this infrastructure known as EigenTrust. While the technical underpinnings of the algorithm are fairly complex, it functions similarly to Google’s Page Rank algorithm but is designed for decentralized systems. In short, this algorithm defines a given phone number’s relative reputation score based on the number of phone numbers who are connected with and trust that phone number, coupled with the weighted reputation of those connections.

Similar to Terra’s approach to creating a stablecoin network, Celo is also a network of stablecoins pegged to real-world fiat currencies and uses a seigniorage based approach to maintain stability. For the sake of brevity, I am going to gloss over what stablecoins and seigniorage are, as I discussed them at length in my post on Terra, and instead, dive into how they work in the context of Celo. Celo is designed to support an ecosystem of pegged stable currencies alongside the native token of the protocol, Celo Gold (cGold). The first, and currently only, stablecoin on the network is the Celo Dollar (cUSD), which is pegged to the price of the U.S dollar. cGold has a fixed supply and is held in a reserve contract where it is used to expand or contract the supply of cUSD to maintain a stable price through seigniorage. The network relies on a number of external oracles to provide feeds of the cGold price in USD and then allows users to exchange a dollars worth of cGold for cUSD and vice versa. When the market price rises above the $1 peg, arbitrageurs may profit by purchasing a dollar’s worth of cGold and then selling cUSD for market price. Conversely, if the price of cUSD falls under the peg, arbitrageurs can profit by purchasing a cUSD for market price and exchanging it with the protocol for a dollar’s worth of cGold and then sell the cGold on the market. Thus, network participants are able to profit in nearly any market condition. A more thorough examination of how Celo’s stability mechanism works may be found here.

Celo also goes a step further to ensure stability and has implemented a constant-product market-maker model to prevent against the cGold reserve from becoming overly depleted when the price of cGOld supplied by the oracles does not match the market price. The mechanism dynamically adjusts the offered exchange rate in response to the exchange activity and will update a new constant-product market maker to trade cGold and cUSD whenever the oracle price of cGold is updated. Hence, if the oracle price is correct, the exchange rate determined by the constant-product market-maker will be equivalent to that of the market and no arbitrage opportunity will exist. However, if the oracle price data is incorrect, the rates will differ and an arbitrage opportunity will exist until exploited enough by users to dynamically adjust the quoted exchange rate and erase the opportunity. 

Celo’s Network Architecture

Image adapted from celo-org medium here

Consistent with their full-stack approach to creating a mobile-first financial system,  Celo implements a novel tiered network architecture to optimize the end-user experience and maximizing physical decentralization. Similar to other Byzantine Fault Tolerant (BFT) proof-of-stake networks we have seen so far, like Cosmos, the core network participants responsible for producing blocks and verifying transactions is the validator. Unlike other proof-of-stake networks that encourage anyone who is willing to run a validator, Celo encourages only professional node operators to run a validator on the network. For example, Celo strongly encourages running validators in a secure data center and has been auditing validators participating in the Stake Off to see if this is the case. In maintaining a secure set of globally distributed validators, the network hopes to maximize security, performance, and stability. Celo has also attempted to implement safeguards against any single validator or organization from gathering a disproportionate amount of the network’s resources by introducing validator groups. Instead of electing individual validators to participate in consensus, validator groups comprised of a collection of individual validators are elected and then internally compete to solve blocks. The actual election process and underlying mechanisms are far more involved and complex, so if you are interested in learning more, as I said earlier, check out this blog post from our CEO, Nate Miller, which explains the process in more detail. Validator groups have their own unique identity and a fixed size to make it difficult for a single organization to manage multiple groups and consolidate disproportionate influence, thus improving decentralization.

While the ability to run a validator is fairly restricted to only professional node operators, there are two other tiers of nodes that anyone can run on the Celo Network: a full node and a light client. The Celo application/wallet has a light client embedded within it that is optimized for mobile devices, so anyone running the software on their phone is running the light client. The requests exchanged across these light clients (i.e sending & receiving transactions on the network) must be processed by full nodes, which receive a transaction fee facilitating the transaction. People running full nodes can set a minimum service fee for processing transactions from light clients and refuse to perform service if the fee they collect will be insufficient. The eventual goal of the protocol is to have these components operate such that light clients will automatically choose full nodes to peer with based on cost, latency, and reliability. However, much fundamental network infrastructure must be laid down first before this is achievable. An eventual flow of what this will look like, including validators, may be viewed below.

Image adapted from celo-org medium here

So How Does Governance Work on Celo?

At a high level, Celo has a governance model similar to many other proof-of-stake networks, where the respective weight of a particular user’s vote in the governance process is proportional to the amount of cGold they have staked and the duration of their stake. Similarly, Celo also supports on-chain governance to manage and upgrade all aspects of the protocol including upgrading smart contracts, adding new currencies, or modifying the reserve target asset allocation. Changes are currently made through a governance specific smart contract that acts as the overseer for making modifications to other smart contracts throughout the network. The eventual goal of the protocol is to transition from this smart contract structure for on-chain governance to a Distributed Autonomous Organization, or DAO, owned and managed by cGold holders. This could function in a form similar to how MakerDAO operates, however, it is far too early to speculate on how the Celo DAO would actually function. For more information on what a DAO is or how they work, click here.

Any network participant is eligible to submit a proposal to the governance smart contract, so long as he or she is willing to lock a portion of his or her cGold along with it. A proposal consists of a timestamp and the information needed to execute the operation code should it be accepted by the network. Submitted proposals are then added to a proposal queue for a duration of up to one week where they will be voted upon by cGold holders in hopes of passing to the next approval phase. Every cGold holder with a locked cGold account may vote for one proposal per day. The top three proposals for each day then advance to the approval phase, the original proposers may reclaim their locked gold commitment, and they then enter the referendum phase where they are voted upon by users. Any user may vote ‘yes’, ‘no’, or ‘abstain’ to the proposal and the weight of their vote is tied to their locked gold commitment. While yet to be implemented, Celo also intends on incorporating an adaptive quorum biasing component like we observed in Polkadot to accurately account for voter participation. 

So How Decentralized is Celo?

Image adapted from celo medium account here

As I mentioned earlier, Celo has yet to launch their mainnet so this discussion will be framed through the context of what has transpired throughout their ongoing incentivized testnet, Baklava. As of the time of writing this article, there are currently 75 different validator operations participating in the third phase of the Great Stake Off, but 152 Validators in total and 88 validator groups. Moreover, Celo is debating expanding the active set of validators on the network upon the conclusion of the Stake Off. The active set is currently set at 100 Validators, and the original plan was to wind down the number of possible validator slots to 80 before mainnet launch. However, Celo recently announced that they now plan to expand the active set to 120 so long as scale testing shows this permissible given the active engagement that validators have shown throughout the Stake Off. Considering that Celo intends on only allowing Validator nodes to be run by professional service providers, this is a major step in decentralizing their network and ensuring a globally dispersed, resilient network.

When examining the allocation of resources across the Celo network, there is somewhat of a disparity between the highest-ranked participants and those at the bottom. For example, the top elected validator group has nearly 1.1 MM votes, whereas the lowest elected validator group has only slightly over 200K. Additionally, the top elected group has 5 different participants with the largest, whereas the bottom elected group only has one. This illustrates the importance of the validator group, not the individual validator on Celo. The largest cGold holder within the largest elected validator group only has 194k locked cGold, meaning that all members of the group have fewer locked cGold than the one participant in the bottom group. Yet, the group collectively is the highest voted group so its participants are more likely to participate in consensus and gather rewards. Metrics relating to the decentralization of full nodes and light clients on Celo are not readily available since the network is still in the very early development stages. Consequently, it is difficult to attempt to quantify the degree of decentralization of these layers of the network. The Celo Wallet Application is available for the Alfajores testnet on both the Apple App Store and the Google Play Store, with over 100 downloads for the latter. This suggests that there are at least 100+ light nodes on the non-incentivized testnet Alfajores. 

That’s all! I hope you have enjoyed this case study approach to decentralization as much as I have. With the last phase of the Baklava incentivized testnet coming to a close within the next few weeks, mainnet launch slated for later this year, and the protocol’s recent announcement of Celo Camp to incubate and assist startups building on the platform, it is certainly an exciting time to be involved with Celo. The Great Celo Stake Off has been no walk in the park, but it has certainly stress-tested the network technically and from an incentives standpoint. Excluding some economic barriers to entry for new validators attempting to enter the active set, it appears that Celo’s approach to decentralization has achieved its goal, at least physically. It will be interesting to see if this continues once true economic conditions are introduced on mainnet, but I am optimistic about the future of the network. If you are interested in seeing if Celo is the right blockchain for your application, running a Celo cluster, or how staking on Celo, contact one of our LedgerOps experts here. We have been involved with the protocol throughout the entire incentivized testnet and are currently in the second-highest voted group (Chainflow-Validator-Group), so we are highly familiar with the protocol. Thanks again and take care!

Blockchain Learning, IoT, Proof of Stake

IoT: The Problem Blockchain has Been Looking For?

By Connor R. Smith, originally published March 22, 2019

Despite blockchain having existed for over a decade now, few definitive uses have been proven outside of digital currencies. There have been many experiments to apply these technologies in areas like supply chain, healthcare, real estate, and even tipping people for their tweets or for watching online ads, but, there has yet to be one vertical that has been radically transformed from them. Many feel that this is because the technology is not mature enough yet or a general lack of understanding. Certainly, a lackluster user experience and insufficient education play a part, but others have started to argue that blockchain is a solution searching for a problem that may or may not even exist. It seems like new articles surface weekly about startups raising millions of dollars promising to solve some largely nebulous problem using “Blockchain + IoT or, AI,  or Drones, or all the above…”. At Consensus Networks, we’re focused on finding and supporting protocols that are technically sound and addressing real-world use cases. One area we have been particularly excited about lately is the ability of blockchain to secure internet of things (IoT) data.

In 2018, there were over 17 Billion connected devices around the world, 7 Billion of which were IoT enabled. These numbers are projected to double or triple over the next 6 years. IoT devices communicate with one another by gathering and exchanging data through sensors embedded in the device, enabling greater automation and efficiency. Devices that are seemingly unrelated can communicate with one another, driving the convergence of many verticals ranging from smart homes, cities, and cars to medical and industrial IoT. For example, IoT-enabled machines in a manufacturing plant could communicate information regarding system health and other mechanical data via a centralized platform. Plant operators could then take corrective action before a malfunction occurs, easily conduct more preventative and informed maintenance, and more accurately predict production rates. In fact, studies have found that over 90% of tech, media, & telecommunications executives feel that IoT is critical to nearly all of their business units and will drive the greatest business transformation over the next 3 years. 

Now you’re probably thinking, “Okay so if IoT can fix all of the world’s problems why do we need to add blockchain too?”. IoT may be a powerful emerging force, but it has some critical flaws. While IoT devices are great for communicating streams of data and supporting real-time device monitoring, they often have extremely poor endpoint security. For example, in 2017 the FDA had to recall over 500,000 internet enabled pacemakers after finding vulnerabilities that allowed hackers to gain control of the device. Beyond healthcare, IoT data privacy and security issues are an even greater concern when considering the connected future of autonomous vehicles, homes and smart cities. Another shortcoming of current IoT networks lies in their scalability. Conventional IoT network architectures are centralized with the network of devices sending data into the cloud, where it is processed and sent back to the devices. Considering the projected deluge of IoT devices projected to enter into the market, scaling this infrastructure will be highly difficult and expose  vulnerabilities to hackers to compromise the network and access your data.

Fortunately, integrating blockchain technology with IoT networks provides a path forward to overcome the scalability, privacy, and security issues facing IoT today and accelerate the adoption of both technologies. As opposed to having a centralized system with a single point of failure, a distributed system of devices could communicate in a trusted, peer-to-peer manner using blockchain technology. Structuring the network in this manner means that it would have no single point of failure, so even if a device was compromised the remaining nodes would maintain operable. Moreover, smart contracts could be integrated with the network to enable IoT devices to function securely and autonomously without the need for third party oversight. Consequently, blockchain-enabled IoT networks could exhibit greater scalability, security, and autonomy simply by modifying their current network architecture and implementing a more decentralized approach. 

However, perhaps the most important benefit blockchain provides IoT networks comes from its cryptographic security. Sharing data across a cryptographically secured network makes it far less susceptible to hackers, by helping to obfuscate where data is flowing, what is being exchanged, or what devices are transacting on the network. Whereas security in modern IoT networks was added as an afterthought, encryption and cryptographic keys are a core component of blockchain technology. Moreover, some networks are beginning to incorporate zero-knowledge proofs, which means that network security for IoT devices could be bolstered even further. 

Image adapted from Lukas Shor here

The underlying mathematics and mechanics of zero-knowledge proofs are highly complex, but essentially allow two users to prove that a piece of information is true without revealing what the information is or how they know it to be true. In the context of  IoT devices, this means that a network of IoT devices could share data in total anonymity and with complete privacy. No information regarding the transaction would be revealed other than proofs verifying that the network knows it is legitimate. Thus, the network maintains complete functionality while preserving maximum security. Regardless of if a blockchain-enabled network of IoT devices utilized zero-knowledge proofs or not, simply utilizing a shared, encrypted ledger of agreed upon data can provide many security benefits in IoT networks.

IoTeX Logo

While there have been several projects that have attempted to tackle IoT and blockchain, one that we are excited to support is IoTeX. Founded by a team of cryptography and computer science experts in 2017, IoTeX is a privacy and security centric blockchain protocol that aims to create a decentralized network designed specifically for IoT devices. IoTeX uses a network architecture consisting of blockchains within blockchains, where a root chain manages many different subchains. Designing the network in this manner allows IoT devices that share an environment or function to do so with increased privacy, with no risk to the root chain if this subchain is compromised. 

Aside from enhanced privacy and security, this design allows for greater scalability and interoperability as subchains can transact with the root chain directly or across the root chain to other subchains. IoT devices on the IoTeX network are also able to transfer data with one another in total privacy through the incorporation of lightweight stealth addresses, constant ring signatures, and bulletproofs. IoTeX also incorporates a Randomized Delegated Proof of Stake (RDPoS) mechanism for achieving consensus that they refer to as Roll-DPoS. Using this mechanism, nodes on the IoTeX network can arrive at consensus much faster with instant finality and low compute cost, making it much more friendly to IoT devices. Moreover, the IoTeX team recently released their first hardware product that leverages their blockchain network, Ucam. Ucam is a home security camera that writes data it records directly to the IoTeX blockchain, preventing it from being accessed by device manufacturers or sold to third parties like Google or Amazon. Ucam guarantees absolute privacy and provides users with secure blockchain identities which they can use to control their data.

Image adapted from Venture Beats here

Thanks for reading! More articles to come regarding use cases for IoT and Blockchain and what the marriage of these two technologies might look like for Web 3.0 and Industry 4.0. Let us know what you think and find us on twitter or discord if there are any questions or areas you’d like us to explore! If you’re interested in finding out more about IoTeX, Ucam, or how blockchain can improve your IoT solution, feel free to contact one of our LedgerOps experts here. We have supported IoTeX for nearly a year now, and have been running a delegate node on their mainnet since genesis. Needless to say, we are highly familiar with the protocol and eager to see if IoTeX or any of our other blockchain network services are a good fit for your IoT application!