♣️

[2023Q3] Cost of Consensus Security: Pledge

Authors

Irene

Creator

Irene

Created

Aug 11, 2023 1:43 PM

Project

Protocol Security

Stage

Graduated from Notebook

@Irene, August 2023

➡️

TLDR: Today (Aug 2023) controlling the 33% of consensus power (ie, NetworkQAP) requires controlling a number of sectors whose cumulative pledge is at least 34.2 M-FIL. If FILPrice = 4$, this means controlling ~$137M. In the future, especially if baseline becomes larger than NetworkQAP, this value becomes at least 10x smaller. See ♠️[2023Q3] Cost of Consensus Security: Hardware.

Quality Adjusted Power (QAP) Pricing
Consensus Pledge
Consensus Security
Lower bound by considering min CP value in the last 1.5 years:
Comments and Extras

Quality Adjusted Power (QAP) Pricing

During the PoRep Protocol, when adding new sectors, an SP needs to lock down the InitialPledge (IP). IP has two parts: InitialPledge = StoragePledge + ConsensusPledge.

By the original design, StoragePledge (SP) aims to cover for possible future storage fault fees (see ), it depends only on ExpectedDailyBlockReward for the sector (SP ≈ 20*BR) and does not provide sufficient guarantees for consensus security. On the other hand, ConsensusPledge(CP) was introduced to make consensus takeovers expensive attacks.

Since the goal of this doc is to review consensus security, for the rest of it we focus on ConsensusPledge. Moreover, currently SP is only 5% of IP and CP represents the large majority of IP. In other words, we consider “CP per 1GiB of QAP power” as the “price” of consensus power in Filecoin.

Consensus Pledge

We have the following formula for CP for a sector: CP = 30% * SectorNormalizedCirculatingSupply https://github.com/filecoin-project/specs-actors/blob/master/actors/builtin/miner/monies.go#L167

That is:

CP = 0.3 \cdot \frac{FILCirculatingSupply}{\max(baseline, NetworkQAP)}\cdot SectorQAP

Note that CP per QAP unity value changes over time since the fraction FILCirculatingSupply / max (baseline, NetworkQAP) is not constant. So CP depends on the time when a sector is added.

From March 2021 to now, $\max( baseline, NetworkQAP ) = NetworkQAP$

Source: https://dashboard.starboard.ventures/capacity-services#network-storage-capacity

So in the rest of this doc we consider the formula without the baseline value. That is

CP = 0.3 \cdot \frac{FILCirculatingSupply}{NetworkQAP}\cdot SectorQAP

⚠️ Warning: Ignoring baseline in the formula for CP is fine for studying the consensus security in the present or close future (eg, 6 months from now). See next section for this. However during next year (2024) baseline may become larger than NetworkQAP. Soon (ie, few months) after this happens, the analysis in this doc will no longer hold and we might have much lower consensus security. See the CE doc:

https://docs.google.com/document/d/1V3Hm1uKemnuVBmdW3KJYqeecA5-A_qf2eQana-9NuUA/edit#heading=h.qa12l2lw9n0

and this analysis about Consensus Security when IP = 0.

Consensus Security

🎯 We consider running the 33% attack today (ie, acquiring the 33% of current NetworkQAP) and we estimate how many tokens are needed to cover the ConsensusPledge (CP) for it.

Let call the number of tokens needed to cover CP for the 33% of the power , “Target”. The formula for it is:

Target = \sum_{i\in A}CP_i \\ \text{ with }A = \{ i | \sum_i Sector_iQAP = 0.33\cdot CurrentNetworkQAP\}

Basically, we sum ConsensusPledge values ( $CP_i$ ) for a set of sectors (the set A) that gives the 33% of the current value of NetworkQAP.

Note that since the sector needs to be active today to be considered in the formula, we only look at CP values from now (July 2023) to back in past until January 2022 (current max sector duration is 1.5 years).

Lower bound by considering min CP value in the last 1.5 years:

Using Starboard values for $FILCirculatingSupply$ and $NetworkQAP$ , we compute the daily value of “CP per 1GiB of QAP power” from January 2022 to July 2023.

Source: https://docs.google.com/spreadsheets/d/14XoRqCM7oqC9w9AwB4jBznIneVAUdQ2JZnTjA3XFTpY/edit#gid=1220999094

We get that the minimum over that period is 0.0042 FIL (corresponding to ~0.13FIL per 32GiB of QAP, that is for a CC sector). Therefore

Target = \sum_{i\in A} CP^{perQAP}_i\cdot Sector_iQAP\\ \geq 0.0042 \text{ FIL} \cdot \sum_{i\in A} Sector_iQAP\\ = 0.0042 \text{ FIL} \cdot 0.33 \cdot CurrentNetworkQAP

Since CurrentNetworkQAP ~23EiB, we get Target ≥ 0.0042 *0.33 * 23 * 1073741824 ~34.2 M-FIL. If the FILPrice is 4$, the target lower bound above corresponds to ~$137M

📌

ConsensusPledge (CP) is currently decreasing. If CP per 32GiB of QAP goes significantly below the minimum considered above (ie, 0.13FIL), then waiting and adding new sectors a cheaper strategy (ie, requires less tokens) than acquiring existing sectors.

Comments and Extras

From @Tom Mellan: what if the FIL is borrowed for 24h? “They borrow $200M, for 24hr, at say 1%/day, then pay the $200M back after the attack. So the cost of 24hr control is $2M? “

📊Heterogenous sector pledges

Values for CP and SP from Cryptoecon: “So the smallest consensus pledge was right at the start. But if we exclude the first handful of days as atypical, and select the minimum value for consensus pledge that occurs around Oct 2021, the minimum value is 0.1371 per 32GiB of qap)