StakeSure is method for understanding the level of security needed by a blockchain, a way to pay for exactly enough staked assets to provide this level of security at any given time, and a way to completely compensate anyone who loses money if this security is breached.
Much analysis of proof of stake blockchains in the past has considered double signing to be a violation of the rules of the protocol, after which security is lost and anything can happen. For this reason, it has been considered a good practice for proof of stake chains to be secured by a quantity of staked assets that is as close to their TVL (total value locked) as possible. StakeSure shows how to make blockchains completely secure, while being secured by a tiny fraction of that amount.
If one examines the anatomy of a double signing attack (also known as a reorg or double spend attack), the amount that can be lost is usually much less than the entire TVL. To perpetrate a double signing attack, the validators of a blockchain must create an “alternate reality” where they send some money to a victim, while in the generally accepted version of history, they never sent the money. It is in the creation of these two versions of history that the attacker must “double sign”, or sign two blocks at the same height.
The victim must then give the attacker something of value from outside of the blockchain because they believe the money has been sent. A transaction where some money is sent to another user of a blockchain in exchange for some value from outside of the blockchain is called a “hybrid transaction” and it is an important term to remember. Common types of hybrid transactions are deposits to exchanges, payments for real world items, and bridge transactions to other chains.
Once the attacker has received the outside value, the attack is complete. Since everyone else has been using the real version of history where the money was never sent, the attacker keeps both their money and the outside value. In practice, the attacker will probably move their money in both versions of history (hence “double spend”) but this isn’t important to the overall structure of the attack.
A double signing attack cannot break the rules of the protocol to make money out of thin air, or allow the attacker to spend someone else’s money. This is why the entire TVL is not at risk. To steal money by double signing, an attacker must first control the money, and then send it to someone who is willing to exchange it for outside value- a hybrid transaction.
One way someone can avoid becoming a victim of a double signing attack while participating in a hybrid transaction is to wait for some time before completing the transaction. This is what exchanges do when waiting for some time before allowing a user to trade after making a large deposit. Presumably, during this time, the intended victim will learn of the double signing and the existence of an alternate version of history where they did not get their money. They can then cancel the transaction. This period of time is known as the “reversion period”. If this reversion period is long enough, then no theft of funds through double signing is possible, even with normal proof of stake.
When bridges use a reversion period, it is known as “optimistic bridging”. Optimistic bridging is usually used with fraud proofs to validate correct execution of the chain’s state machine, but this is a different subject. The same principle can work for avoiding double signing attacks.
Needing to wait before completing a transaction is not a good user experience, and may even make it impossible for trading and arbitrage to happen as quickly as it needs to. The primary innovation of StakeSure is a method to allow hybrid transactions to complete in a completely secure manner before the reversion period is over.
Current PoS blockchains provide cryptoeconomic security- the knowledge that an attacker will lose more than they gain from an attack. StakeSure provides strong cryptoeconomic security- when used correctly, it is impossible to lose money from an attack. StakeSure does this while also reducing the amount of staked assets needed to secure a chain to an amount far below what is currently used on most chains, greatly reducing the cost of security.
StakeSure allows anyone to bid on the money that is taken from validators when they are slashed. At any time, it is possible to put in a bid to pay a small up front premium to receive a certain amount of the money taken from slashed validators two reversion periods in the future (why two and not another number is explained in the paper, but is not important here). Validators are paid the premium as a compensation for putting up the stake. This is the entire mechanism.
Anyone who knows that they will want to complete hybrid transactions before the reversion period is over (we’ll call them a “transactor”) can pay a premium to purchase insurance for their transactions. For example, an exchange may want to offer its users the ability to trade immediately, and they may expect to handle $1m of volume. They could then purchase insurance for $1m.
This mechanism is elegant on many levels: