TL;DR

The following deliverable represents the culmination of Phase II of a multi-phase research project for Lido DAO, with the goal of designing a mechanism for decentralized maintenance of Lido’s operator set. The project is one of the steps toward enabling Lido to onboard new operators in a permissionless manner.

Phase I involved a systematization of knowledge of decentralized identity and verifiable credentials and was delivered in late 2022. Phase II was approved in March 2023 and the corresponding research proposal can be found here.

In Phase II, we explored the research and design considerations behind a decentralized dispute resolution mechanism for the Lido protocol, created to punish misbehaving operators.

To design a dispute resolution mechanism, we first identified a wide variety of protocols that could be used to rule over a white-labeling dispute. Among these, we went over decentralized oracles, prediction markets, and decentralized justice.

We provide our recommendation on selecting an appropriate arbiter protocol for the problem at hand and the parties that should be involved in providing a resolution. Next, we scoped out the architecture and design required to use an arbiter protocol to punish white-label operators. Notably, our mechanism should introduce the correct financial incentives, so that the following conditions are satisfied:

• Operators using white-labeling services should be punished such that the expected financial return of using these services is negative.
• Honest operators should have a positive expected return from their services, even in light of potential misaccusations.
• External parties should be able to make a profit from acting as accusers against white labels—that is, gathering appropriate evidence against these malicious operators and presenting a case in the dispute resolution mechanism.

We have also described various safeguards around our mechanism, such as:

• An experimental testnet phase to initialize the mechanism’s parameters
• A failsafe mechanism for the DAO to be able to overrule any malicious verdicts
• A web-of-trust approach, starting from a trusted seed, to vet the juror set.

References

Phase 1 Proposal & Phase 1 Delivery

Phase 2 Proposal & Phase 2 Delivery

Terminology

Throughout our research, we employ the following definitions:

• Operator: A party that runs—or participates in running—one or many Ethereum validators. Operators, solely or jointly, have access to the signing keys of one or more validators but do not necessarily have control of the corresponding withdrawal credentials. Operators can control multiple nodes.

• Node: A virtual sub-party (a piece of hardware and software) controlled by an operator that performs the operator’s jobs w.r.t. a concrete validator. When an operator is a party that may control multiple validators, a node is a representation of a concrete validator.

• White-label operators: If a party, who was onboarded as an operator, delegates the operation of a node to another party, we call the latter a white-label operator.

• Sybil operator: We call a party Sybil if it controls two or more operators behind the scenes. A Sybil-protection mechanism is a set of countermeasures that makes it difficult for a party to have two (or more) operators onboarded such that the protocol is unaware they are colluding.

• Arbiter protocol: We call a protocol “arbiter protocol” if it is either a decentralized oracle, prediction market, or decentralized justice protocol.

Results

Here, we deliver the results of our Phase II research, in accordance with the scope and tasks established in the proposal.

Task 1: White-labeling resistance SoK

The purpose of this task was “supplementing the SoK from Phase 1 with an SoK for white-labeling resistance. We will look for such mechanisms used not only in Web3 but also in Web2 and, if necessary, real life.”

Unfortunately, we found no relevant matches in the literature pointing to problems similar to white labeling that could inspire an approach. If anything, the existing body of research aims to facilitate the prospect of delegating computations to remote servers that have a larger computational power—a goal that is pretty much the opposite of having node operators run their own infrastructure.

Thus, we turned our attention to understanding the current potential of white-labeling services to be used by prospective Lido permissionless operators, from the perspective of costs and logistics. We surveyed the market of staking providers and have shared our findings below.

Market analysis of staking providers (1)

Note that the cost analysis will be important when analyzing the economic profitability of using white-labeling services in Task 3.

Task 2: Systematization of knowledge on arbiter protocols

In this task, we systematically studied the set of arbiter protocols defined before—namely, decentralized oracles, prediction markets, and decentralized justice. This definition of arbiter protocols highlights building blocks that are seen as candidates for dispute resolution in a decentralized manner.

For reference, a full database of the studied papers and protocols is shared below:

Arbiter protocols SoK: paper database (1)

Next, we synthesize our findings from these sources in the following write-up:

Arbiter protocols SoK: a summary (1)

From this foundation, we turn our attention to the mechanism’s design.

Task 3: Dispute resolution mechanism proposal

Our systematic review above has pointed to Kleros’ mechanism as the most suitable for the task at hand. We will now describe a modular architecture that employs Kleros (or a homologous decentralized justice protocol) to create a mechanism for white-labeling resistance.

The mechanism involves the following actors:

• Lido operators: the parties we want to dissuade from white-labeling and general misbehavior—especially in the case of permissionless staking modules. Let n denote the number of validators registered under a given Lido operator. These operators will be required to post a bond B(n) to a Lido smart contract when initializing their validators, which increases as a function of n and is subject to be lost if the operator is found guilty of white labeling. In the interest of capital efficiency, the mechanism aims to minimize B(n) without compromising on its economic soundness.

• Accusers (or evidence providers): This denotes any external party that can gather evidence of white-labeling on Lido operators and issue a challenge through the dispute resolution mechanism. In this challenge, the accuser submits evidence of misbehavior involving m validators—a measure of the severity of the offense. In doing so, the accusers stand to gain a reward R(m) from the operator’s bond if the mechanism finds the operator guilty. This reward creates open-market incentives to attract accusers and promote innovation in white-labeling detection.

  To dissuade accusers from frivolous accusations, they are also required to post a bond A(m), which will be larger for more severe accusations. If the operator is absolved by the mechanism, the accuser’s bond will be forfeited, to compensate the operator for damages and the opportunity cost of having his validators and bond locked up in a dispute.

• Jurors: These are the parties chosen by the decentralized justice mechanism to arbitrate a dispute. Since the evidence submitted in disputes can be highly technical, these parties should be knowledgeable in several aspects of the Ethereum protocol—notably, on the underpinnings of running validators and Ethereum’s networking layer for consensus. With every dispute, jurors split among themselves a reward C which represents the court fees.

The interactions between these parties are mediated by Lido smart contracts (which manage the operators’ bonds and validator registry) as well as the decentralized justice protocol.

Figure 1: Proposed architecture for the dispute-resolution mechanism. In this diagram, the Kleros court 2.0 is directly used as an arbitrator. Note that the modularity in the design allows for substituting the arbitrator if needed.

We will now systematically describe the design considerations around this mechanism.

Economic analysis

First, we analyze the economic soundness of the dispute resolution mechanism. We explore the constraints required to prevent any of the parties from financially exploiting the others:

Bonding requirements for operating the courts (1)

Notably, we want operators to expect a profit when they are acting honestly, and to expect financial loss when using white-labeling mechanisms. We explore the required conditions to achieve this goal here:

Analysis of operators’ economic incentives (1)

These analyses yield results depending on various parameters, which could change as the markets or the technology evolve. Therefore, we have created a simulation tool to quickly update the conclusions of our economic analysis if needed.

Dispute Resolution Mechanism (Numerical Simulation, Interactive Version)

Testnet phase

The economic analyses above point to some parameters and probabilities that ought to be estimated to ensure the mechanism’s soundness. To this end, we propose a testnet phase where we can measure these. Moreover, the testnet can be used to provide economic incentives for parties to ramp up their white-labeling detection capabilities and bring general awareness to the white-labeling problem.

Estimating probability parameters for economic analyses (1)

Expected evidence types

We pinpoint potential evidence types to be encountered in a dispute. The goal is to gain clarity on how a typical case may look like.

White-labeling evidence types (1)

Court creation

Next, we explore the steps needed to create a new decentralized justice court and integrate it with Lido. This refers both to architecture and approaching the problem of determining court fees C quantitatively as a function of the effort required to rule in cases.

Design of a dedicated court for Lido (1)

(Here, we take advantage of the ERC-792: Arbitration Standard, which ensures a modular integration where the decentralized justice mechanism can be readily substituted in the case of malfunction or if a better alternative appears.)

In the case of a dispute resolution that is deemed unsatisfactory by the Lido DAO, we would like to introduce a recourse for DAO members to amend the dispute. Our construction is described below:

DAO as a failsafe mechanism (1)

Juror selection

Finally, we analyze strategies for juror selection:

Mechanism for curation of jurors (1)

Task 4: Using heuristics to identify white-labels

In Task 3, we described heuristic approaches as a possible source of evidence in detecting white labeling. We have pointed out that these approaches are likely to lead to a “cat and mouse” game between white labels and the heuristic models, with the former parties constantly aiming to avoid detection while the latter progressively improve their methods. The state-of-the-art in white-labeling detection will likely evolve significantly over the years to come, especially in light of the financial incentives offered by the dispute resolution mechanism we have designed and the kick-off initiatives promoted by the Testnet phase.

Figure 2: Graphic representation of the significance of heuristic models for white-labeling detection.

Notwithstanding the above, we have reviewed the literature and the currently-known ecosystem insights on validator profiling and correlation analyses. Our review has also unearthed various research directions. We provide this survey as a starting point for technical parties interested in the white-labeling problem, both for the testnet phase and beyond.

Heuristic approaches related to white-labeling detection (1)

Task 5: Do you trust your white label?

The last task in our research project intends to complicate the relationship of trust and delegation with white-label operators. Intuitively, the goal is to “tie” access to funds belonging to the node operator (such as operator rewards or bonds) with the validator key, in a way such that a party that holds the latter can have control over the former and steal the funds. To this end, we initially attempted to adapt a proof-of-custody construction for the white labeling problem. This approach was too complex and ended up being unfruitful.

Instead, we devised an alternative approach (which only involves the verification of BLS signatures) below:

Do you trust your white-label? (1)

Conclusions and takeaways

After finalizing this second phase of research, we can summarize as follows:

• We recognize that white-labeling resistance is a unique and challenging problem, and were unable to find solutions that could be readily applied from similar contexts in the literature. Therefore, we set out to construct an independent solution utilizing a dispute resolution mechanism.
• We analyzed a variety of protocols that could be employed as building blocks for this dispute resolution mechanism, such as decentralized oracles, prediction markets, and decentralized justice protocols. After a literature review, we conclude that decentralized justice protocols are the best fit for the task at hand among the analyzed options. In turn, among these, we see the Kleros protocol as the more mature solution that is currently active. We have suggested utilizing Kleros (or a fork of equivalent functionality, if deemed necessary) as a building block for our mechanism.
• We have suggested a mechanism between accusers, operators, and jurors, where accusers can challenge operators by providing evidence of their misbehavior, which is then analyzed by the jurors. This mechanism leads to both parties having capital at stake to support their positions. We have provided economic analyses asserting the conditions such that parties involved in this mechanism can expect positive returns if and only if they participate as honest actors in the system. Among other factors, these conditions involve:
  • An appropriate balance between the accuser’s bond A and the reward R they stand to gain.
  • Applying a penalty of adequate magnitude to a guilty operator upon detection and conviction.
  • Redistributing the accuser’s bond to innocent operators after a frivolous or unsuccessful accusation.
• In the examples that were analyzed and simulated, we found the mechanism’s capital efficiency and scaling capabilities to be adequate, requiring bonds that grow in the order of 0.05 ETH per additional validator (after the first few validators) if reasonable parameters are assumed. Such a bond is much smaller than the bond required to protect from slashing risks, for example. Note that we still recommend validating the parameters that led to this result in a testnet phase.
• In light of the solution’s novelty, we proposed key mechanisms to maximize security, such as an experimental testnet phase, a failsafe mechanism for the DAO to be able to overrule any malicious verdicts, and a web-of-trust approach starting from a trusted seed to grow the juror set.
• We described the currently known heuristic approaches to validator profiling and deanonymization, to utilize them to generate evidence for our mechanism. Although some feasible techniques are known, their implementation has only scratched the surface of possibility. We believe that the correct economic incentives will lead to rapid growth and improvement in the state-of-the-art of these methods. (Note that the resolution mechanism by itself already provides economic incentives as accuser’s rewards)
• Finally, we suggested an additional mechanism with which we intend to complicate the relationship of trust with white-label operators. Note that this mechanism relies on BLS signature verification and aggregation—currently unavailable on-chain—and so it is likely to rely on validity proofs.

Future work

Our work has also unearthed some important research directions:

Sybil resistance

This research focused on white-labeling protection. However, there are still open questions related to Sybil resistance which remain a threat to Lido’s permissionless module. Among others, we can mention:

• What conditions (arising from an economic analysis) are required for our dispute resolution mechanism to also disincentivize Sybil attacks against the permissionless operator set?
• Are there other approaches, besides the dispute resolution mechanism, to achieve Sybil resistance in the operator set?
• How can we protect our curated juror set from Sybil attacks?
• What state-of-the-art approaches to Sybil resistance can be applied against the above?

Reputation systems

Reputation systems have been previously identified (under the name of Node Operator Scores) as one of the two key improvements (along with DVT) that will allow the Lido DAO to efficiently scale and decentralize. The relevance of reputation systems became apparent during this work as well. Here, we can mention:

• How can we use reputation systems to incentivize (financially or otherwise) the correct behavior of our juror set? In particular, how to set these financial incentives in a way that promotes the juror set’s growth over time?
• Reputation systems will likely be useful for the permissionless operator set as well. How can we employ reputation systems to increase the capital efficiency of the Lido protocol?
• Can we safely amend the dispute resolution mechanism to act more favorably when operators with high reputations are involved?
• What state-of-the-art approaches to reputation systems can be applied to solve the above?

Whether related to the research directions above, to the implementation of the proposed solutions, or other challenges being faced by the Lido DAO, we look forward to continuing our work for the DAO in upcoming projects.