Thanks to @nashqueue for discussions that led into this.

In this post we will discuss how Proof-of-Governance (PoG) is the natural conclusion of staking derivatives. By separating security from REV, PoG would allow the protocol to reduce issuance by a factor of 20, from ~5% to ~0.25%, without reducing security.

Background

Required Reading (for real)

• Endgame: Proof of Governance
  • Video: Endgame: Proof of Governance - Jon Charbonneau
• Defending Against LST Monopolies

Optional Reading

• Moving toward safer and more aligned TIA liquid staking
• Principal–agent problem
• Slashing is Not Required to Solve Nothing-at-Stake
• Competitive Equilibria Between Staking and On-chain Lending

Preamble

Expanding on Charbonneau’s analysis of Proof-of-Governance (PoG), we will see in this post how PoG is one natural conclusion of Liquid Staking Tokens (LSTs), i.e. staking derivatives.

Intuition #1

Speedrunning:

1. Staking yield competes with DeFi yield.
2. LSTs will inevitably arise, even in protocols that don’t support in-protocol delegated staking, so that token holders can capture DeFi and staking yields simultaneously. LSTs by construction provide the ability to delegate stake, even if the underlying blockchain doesn’t support this.
3. In a sufficiently mature system, we should expect the bonding rate to approach 100%. This is especially the case if stake delegating and LSTs do not come with smart contract risk—for example if these features were natively provided by the protocol.
4. If bonding rate is 100%, then the staking APY isn’t actually the issuance rate; it’s actually zero, since new issuance is paid to all stake proportionally!
5. While net issuance to token-holders is zero, validators are paid real issuance from their commission on delegations.

Intuition: net issuance vs on-paper issuance tends towards zero in the limit of 100% bonding rate. And since LSTs will inevitably exist, bonding rate is expected to tend towards that limit.

Intuition #2

The second intuition we need is that economic security from staking is a meme.

B11XISQEgl1290×643 95.9 KB

Source

Stake delegation inevitably will exist (whether in-protocol or out of protocol), and by the power law, the supermajority of stake will be delegated rather than self-staked. Indeed, even in Ethereum today, approximately a dozen entities have delegated stake that exceeds 2/3 of the voting power.

Therefore, security is not derived from the ability to slashing stake, but rather from the ability to deny future fees paid to validator operators (short: validators). Similarly, the cost to attack is derived from those fees, not the stake delegated to the validators. This is consistent with the position that slashing is not actually required for PoS. The idea that slashing stake is required is a misconception from a blog post that is now more than a decade old—a decade outdated, perhaps.

Importantly, this is how PoS blockchains actually work today. This is not a suggested change. PoS blockchains today are secured by the fees paid to validators, and the threat of denying future fees, not by stake and not by slashing stake.

Intuition: slashing stake is not needed; denying fees paid to the validators is sufficient.

Intuition #3

The last intuition needed is that PoS is actually permissioned, not permissionless. A common critique by PoW maximalists is that PoS is not permissionless since you need intrinsic permission from existing validators to become a validator. This is actually correct! Proof-of-Stake is simply Proof-of-Authority, where the authority set assents to changing itself on some on-chain actions (staking/unstaking). However, since off-chain governance can always supersede anything that happens on-chain, off-chain governance can always replace an authority even in a strictly PoA protocol.

Intuition: PoS is actually PoA.

Dual Governance and Proof-of-Governance

As described by Charbonneau, the two endgame paths are Dual Governance (DG), and PoG.

In DG, validators are selected through token voting. While Charbonneau vaguely prescribes that this must involve a second token, we contend this doesn’t have to be the case. On-chain voting with the single token is sufficient, so long as validators aren’t censoring. But if validator are censoring then we have other problems that must be solved separately. Regardless of the specifics, DG involves voting by the holders of the tokens to select the validator set.

In PoG, governance decides on the validator set. This can be on-chain token-voting governance (which is actually DG above), or an off-chain governance mechanism.

Proposal for Proof-of-Governance

We will now propose how PoG would look like in the context of LSTs.

Since net issuance would tend to zero for stakers but not validators, we simply need to separate these two concepts, so that changes can be made to one without affecting the other. Coupling them was always an incorrect abstraction in a delegated-PoS system.

Concretely, this means skipping redundant steps, and reducing the issuance to stakers to zero. Issuance would then only and solely go to validators, for the service they provide to the network. An analysis of the economics of this change is provided in the next section.

With issuance to stakers at zero, staking is then used for two things: selecting the validator set, and collecting REV. Again, these two are coupled, but they don’t have to be! We can replace staking to select the validator set with PoG, analyzed in a later section. Collecting REV can be replaced with burning all transaction fees. In the case of 100% bonding, distributing fees or burning all fees provides identical value accrued to identical participants.

Now that we’ve removed issuance to stakers (but retained issuance to validators), removed validator selection from stakers, and removed direct REV collection from stakers, we land on the question: “what’s the point of staking.” And the answer is: nothing.

We can actually remove the notion of staking entirely from the protocol! Moreover, in the absence of staking, we also don’t need LSTs; the token itself is isomorphic to an LST in terms of value capture, since fee burning accrues to all tokens all the same.

Economics

We also propose concrete economic numbers on the issuance to validators.

With CIP-29, the issuance rate is being reduced to ~5%. With a commission rate of 5% (the lowest and most common commission rate currently) and 100% of tokens staked, this would give a payout to validators of 5% of the issuance rate (or 1/20th). Under PoG, this means that issuance could be reduced by a factor of 20—from ~5% to ~0.25%—while still providing validators the same payout.

Governance

We propose here a concrete governance mechanisms, which could be used to instantiate the protocol.

Why Not On-chain Governance?

With on-chain governance, token-holders would vote on-chain for the validator set. However, since Celestia does not support execution in its state machine, it is expected that the vast majority of LST tokens would be exported to off-chain DeFi, and likely owned by users would may not even own the underlying staking TIA.

Therefore it would be challenging to construct a protocol for voting that actually involves end-user voting vs large validator operators—the very entities we don’t want capturing all votes since they would simply vote for themselves.

Thus, off-chain governance is preferred.

Note: an alternative would be actual dual-governance, as proposed by Charbonneau originally, with a second token. But this is undesirable for other reasons.

Off-chain Governance

Celestia’s governance is backstopped by off-chain governance. In other words, off-chain governance trumps on-chain governance.

A simple method of applying off-chain governance to selecting the validator set for PoG is fixing the validator set in the node software. Then the validator set could be changed through CIPs.

Conclusion

We propose Proof-of-Governance as a way to drastically reduce issuance by a factor of 20 while maintaining security, and supplant the need for complicated LSTs.

Implementing this change will place Celestia on the path to more directly prioritizing REV and value accrual for TIA token holders.

Fully support this, especially as it maintains the same payout to validators. Celestia is vastly over-paying for its security currently.

I’m generally super supportive of innovation in staking designs. Celestia’s core useful property is that if provides abundant data dissemination in a way that doesn’t rely on the cloud account of a single provider and I think Celestia should start figuring out how to charge for the service rather than having emissions.

I think that all current staking designs of major assets which are basically all derivatives of the Cosmos hot tub in Mexico design which was all created via thought experiments.

We should start with empirical reasoning about these systems based on what we have.

1. Empirically there is a substantial limit on users willingness to hold LSTs. Market making on LSTs is underserved especially because the main venues are defi. Incorporation of LSTs in DeFI has under performed expectations.

2. Incremental yields do seem to matter to some marginal buyers. Evidence from SIMD-228, ATOM etc. Staking yields are very well distributed and widely perceived as low risk. There have been few slashing events in the last 5 years. Defi yields are more complex to access and reason about.

3. Short term censorship resistance. We have some examples. SUI Cetus exploit, Thorchain validator rotations during periods of increased DPRK activity. Solana sandwhich attacks. I generally feel like we pay way to much for short term CR properties that could be achieved with a wider pool of nodes with FOCIL type designs.

all proof of stake systems are under pressure from co-located/ single sequencer systems.

While I don’t disagree, I wouldn’t over-index on this. Indeed, in the OP I said that in a sufficiently mature system we should expect bonding and LST rates to tend towards 100%. Current systems are far from that level of maturity.

Possible explanations are things like smart contract risk and dual-governance risk, and general friction when dealing with LSTs, as you mentioned. The nice thing about the proposed change here is that…there’s no friction or smart contract risk. There’s just one token, and its ticker is $TIA.

Agreed, and all this paying has shown to not actually guarantee short-term censorship resistance, for some definition of “short.” MCP is the way to get censorship resistance, and that can be built on top of this proposal separately.

Quite a mindblowing post. It’s an elegant solution to so many token-economic problems simultaneously that seems obvious once you see it:

• eliminates the need to overpay for security with high inflation
• establishes a clear mechanism to distribute protocol revenue
• eliminates the complexities and risks of LSTs, including competition with DeFi yield and LST monopolization

The one part I’m least sure of is the PoG mechanism. Offchain governance to establish the validator set sounds like it could be extremely messy. At the same time I see all the problems with trying to do this via an onchain process or with a second token. Maybe it’s simply that we need to better define what this offchain governance process should be. Any more concrete ideas here?

Another thing I worry about eliminating staking altogether is the perception that there’s no “economic security” securing assets on bridges that rely on Blobstream. I totally get the point that slashing the value staked is not actually what deters validators from colluding, but nonetheless the industry seems to place a lot of weight on this model of security. Perhaps developing models to quantify the future value of validator revenue would solve this problem, but even then I think the numbers would be a lot smaller than the seeming billions at stake securing the network today.

We lack empirical evidence of economic security based attacks so I think we really have no idea what the staked amounts are really doing for security.

This is a very interesting post. I just created my account to ask a question that came to mind after reading it.

Isn’t there a risk of on/off-chain bribery to become part of the validator set? This would lead to exactly the same outcome as LSTs. It would be somewhat similar to the veToken model in DeFi.

Sorry if this is a stupid question.

probably just midcurving this, but in socially slashing / blacklisting delegators seems like a valid punishment for picking a validator set. This was actually my understanding of why we DAS. In the case of hidden data, we can quickly find and slash the delegates that enabled a malicious valset. If that’s true, then it seems like PoS chains are also secured by that and not only future fees.

[ unrelated to above comment]

generally am a fan of only directly inflating to validators and not to delegators. Even if there is social slashing of delegators, I still think all token holders should be forced to pick an honest validator.

Don’t think the proposal itself is a bad mechanic, but one thing I’d consider when evaluating this is Celestia’s credibility as a platform to build on.

There are a handful of teams that invested considerable resources into building LST platforms on Celestia (similarly with bridging and sequencing). And Celestia seems to be slowly internalizing more and more functionality. This is not the most platform friendly signal.

Oh sorry, I wasn’t clear. When I was referring to “security,” you could call it the “security budget” or the “penalty.” Detection of malicious behavior (i.e. DAS) is orthogonal to that, but is a facet of security.

This is a really compelling proposal, simplifying the staking model, cutting unnecessary inflation, and focusing on validator-level rewards makes a ton of sense. That said, a few open questions keep nagging at me:

• If we remove staking and move validator selection off-chain, how do we actually hold validators accountable? Without any on-chain mechanism to remove bad actors (e.g. for downtime or censorship), we’re relying a lot on off-chain governance to act quickly and decisively, that can get messy.
• The economics assume a healthy level of DA fee demand, but what happens in a bear market? If activity drops, can validators still operate sustainably with just 0.25% issuance? Curious if anyone’s modeled worst-case scenarios here.
• There’s also the concern around governance capture. With validator selection happening off-chain, what’s to stop well-connected actors from lobbying their way into the set? Feels like it could turn into a veToken dynamic without the transparency as @nolanv-be mentioned
• Also as @eljhfx stated, this might create a panic among the builders on Celestia. need to restate what areas celestia might not consider inclusive.

Overall, love the direction but worth thinking through how to build in some safeguards as we shift toward PoG.

I have a thought how to stop off chain collusion.

To stop collusion we need to insert mistrust. If we make the one exposing collusion or bad behavior get X% of cheating partys bond, the trust and expected value of collusion collapse.

If the rev is used to buy back tokens the bond value posted by validators increase with network value. Thus scales with network value.

This creates incentives for validators to be watching other validators, and no validator can trust another validator

I don’t follow this explanation. Isn’t the point of this proposal that you wouldn’t have LST tokens? So why would that prevent on-chain governance?

A lot of interesting observations. I think it’s very interesting to think about but also I want to caution about a few things:

Just to be clear: I don’t completely disagree with this, but I also think it is oversimplified and risks throwing out the baby with the bathwater. A staker who delegates to a bad operator (that is later slashed) is equivalent to a staker-operators who runs bad infrastructure (that gets hacked and leads to their validator being slashed). So we need to consider:

• Stakers making different (and more risk averse) decisions and taking out of band information into account (e.g. public reputation of operators) that they would not be incentivized to gather in a pure governance decision without value at risk
• Bad stakers (who make poor decisions and allocate to bad operators) eventually losing their capital (does not matter for the first ever attack but any future attacks)
• I also think it would be pretty interesting to look for example at STAKESURE which might point towards a future where stake is used in a more productive way

These would be what you are losing by completely giving up on slashable stake.

I think this is probably the most dangerous part of this proposal. The problem now becomes that the existing off-chain governance process is overloaded with important economic decisions. A process that in successful protocols is already at the risk of constant politics will be considerably more strained. Even if successul, it will probably take away a lot of energy from protocol governance institutions.

Not really relevant for this post, but the analysis is equally true for proof of work, where a majority of miners can always exclude a minority (They can theoretically be replaced if someone else assembles more mining power, but in practice this will rarely be economically viable)

It seems like a critical underexplored assumption that this post makes is that eliminating staking will drive the previously staked TIA to DeFi to occupy the market penetration that would otherwise be enjoyed by LSTs (current and future).

Practically, and as noted by @zmanian , that market penetration is next to nil today, and mostly incentivized with token emissions and unsustainable points programs. LSTs make up 0.38% of TIA’s total supply today, broken down as follows:

• Milkyway: 1.92m TIA, liquidity marginally incentivized with MILK tokens
• Stride: 1.27m TIA, liquidity previously incentivized with a points program
• Drop: 1.19m TIA, liquidity and DeFi heavily incentivized today with a points program

The numbers get worse when you consider that the overwhelming portion of the supply of these LSTs are simply held rather than actively put to use in DeFi. None of these has been successful as of yet in increasing TIA DeFi penetration. A large reason for this, imo, is that DeFi infrastructure capable of accepting a large portion of TIA demand simply does not exist yet. This played out with Stride and Milkyway TVLs, which evaporated after the points programs ended because the TIA had nowhere to go. The same is likely to be true of the Drop points program.

It’s true that we could expect this to change in the future (and if this post is aimed at addressing a change to be made several years from now I’d agree we shouldn’t overindex on this now), but if this is to be implemented in the near future it’s worth considering how strong the assumption is that TIA currently staked will simply migrate to admittedly the immature DeFi infrastructure that currently exists.

The state of the world today is that a TIA holder can earn 12% against an inflation of 7% by staking, soon to be ~8-9% against 5% inflation.

This proposal, when implemented, would change that dynamic to 0% earned against 0.25% inflation (i.e., 0.25% annual dilution). So we’ll need to assume that a TIA holder is either fine with accepting dilution for holding the asset, or is fine with accepting the various risks incumbent in DeFi to earn enough yield to offset that dilution (even assuming the current defi infrastructure could accommodate a 0.25% yield at the current level of TIA staked supply, which it cannot).

All of this is to say, if we’re wrong about the assumptions outlined above, the end result is likely to be a massive TIA supply glut and selloff. It’s possible that for the purposes of this post that this is irrelevant, but it’s worth considering given the protocol doesn’t exist in a vacuum and that this will likely lead to a CIP at some point in the future.

I also loosely agree with @eljhfx that this is an unfriendly move for builders looking to invest resources in Celestia’s ecosystem (and disclosure, I’m a contributor to Stride, a Celestia LST provider), but I don’t think the platform’s roadmap is, or should be, beholden to commercial interests that don’t directly align with the stated goals of the platform, and I’m under no illusions that staking / LSTs are one of those goals.

I’m mostly concerned that we’re not doing enough to consider the actual, real-world implications of such a significant change to the protocol’s security model.

Staking isn’t how validators are held accountable. Detecting malicious behavior is through DAS. Ejecting a minority of validators (e.g. for downtime) can happen automatically. It’s independent of staking. Ejecting a majority of validators always requires a hard fork if the validators are malicious and censoring. So, removing staking doesn’t change any of this.

Given that validators are paid for their services that are denominated in some stable currency, ideally they should actually just be paid in stablecoins.

Sorry, this wasn’t clear. It has to do with the bonding requirements to make a proper voting protocol. Most LSTsTIA would be bridged out of the Celestia state machine, so they can’t be bonded in the Celestia state machine for voting purposes.

You could develop a protocol (hence, “challenging,” not “impossible”) that does all the voting tallying and bonding etc. across all major chains that have LST- TIA on them, but that’s non-trivial.

I think you mean TIA bridged to other chains, not LSTs. Also, I think it would be fine if the protocols that that TIA is bridged to does the voting (eg via interchain accounts or zk accounts).

From the pov of the slashed, yes. The issue is the principle-agent problem, where the validator isn’t the one getting slashed.

In practice, I don’t think many people actually gather information. They just delegate to the Lido and Coinbase, which is why you end up with a very small number of very large validators.

Also, the selection of validators under PoG would absolutely be incentivized to get the best value out of the issuance paid to validators, both in terms of performance and alignment. Those positions wouldn’t just be given out to anyone. A better argument would be the opposite, that those positions would be lobbied and bribed for!

The presumption here is that stakers that delegate to a bad validator behaved poorly, but I’ll contend that’s not necessarily true. For example, are stakers that delegate to Lido bad if Lido, with a perfect track record, decides one day to attack Ethereum? The attack came out of nowhere, the stakers had no way to know.

Aside from this, but if you want slashing for misbehavior then just make validators bond some tokens. Then they also get value accrual from REV, so they’re even more economically incentivized by the protocol to behave correctly.

This is where I kind of agree. Off-chain governance can be tricky. However, I think this proposal allows us to explore a more democratic and meritocratic way of selecting validators, rather than the purely plutocratic ways of current PoS chains.

Once that’s fully available, if there’s consensus to adopt that as the governance process for deciding validators, then it’s always possible to swap out the governance process! But it’s not a blocker to deploying PoG with off-chain governance first.