One of Tezos’ most exciting features is the way it protects itself against attacks. There are no trusted hosts or manually designated network watchmen.
It is a fully decentralized and trust-less architecture.
As it turns out, one of the attack protection mechanisms also serves a secondary, yet just as important, function. By requiring certain amounts of Tezos to be locked during minting, the system makes it very expensive for bakers to centralize too much staking power.
In this post we’ll take a look at how this mechanism works.
We’ve discussed so called Sybil attacks extensively in a previous article. Here I’ll provide a short summary of what it is, so we can set the context for Tezos’ decentralization mechanisms.
Unfortunately, a Sybil attack is a very common thing on the Internet.
It involves creating multiple personas so that one or few actors can pretend to be a larger crowd.
Sound familiar?
We’ve probably all heard of online vote rigging accusations in social media polls, contests and other majority vote decisions.
The way Tezos’ protects itself against Sybil attacks is by requiring a minimum deposit in order to qualify for baking. By making that deposit large enough, bakers will need to invest a minimum amount of money such that it becomes unfeasible to create enough fake personas to attack the network.
One roll, currently 8000 XTZ, is the minimum amount required to bake Tezos.
At current prices, one roll costs about U$ 16,000.00. An attacker would have to buy thousands of rolls, each worth a hefty amount, in order to attack the Tezos network.
Interestingly, this same mechanism is used to keep Tezos baking as decentralized as possible.
In fact, to achieve decentralization, two mechanisms are included in baking: bond lock up and endorsement lock up.
Let’s take a look at each.
When setting up a Tezos bakery, users must stake some of their own XTZ in order to prove some value to the network.
As we mentioned before, this amount must be at least one XTZ roll.
The amount of XTZ contained in the baking address is called a bond.
This is different from having delegated XTZ.
In the Tezos baking lottery, rolls are randomly chosen out of the delegated pool. So one bakery may have several rolls delegated to them and these rolls count towards the odds of it winning the draw.
The bond, on the other hand, is not a delegated amount. It must be owned by the baker himself. The bakery address must contain this XTZ amount.
We can finally get to bond lock ups.
It’s a very simple mechanism.
When a baker is chosen to solve a block, 512 XTZ coins from their bond get locked for 5 cycles (~14 to 15 days).
So, for each roll a baker owns during the last snapshot, they can mint, at most, 16 blocks (512 x 16 ~= 8k XTZ).
This ensures that, no matter how much XTZ a given bakery has been delegated by 3rd parties, no matter how high their likelihood is to be drawn in the lottery, they can only mint an amount proportional to their bond amount.
Every block a baker mints, requires the bakery owner to hold at least U$ 1024 in today’s amounts (~$2 / XTZ).
When a baker has locked their entire bond amount, they are not eligible to win in the baking lottery. This gives smaller bakeries a chance to win, thus decentralizing the staking process.
There’s yet another security and decentralization mechanism included in Tezos.
Every time a baker mints a block, other bakers can vouch that it’s valid by endorsing the baker’s newly minted block.
When a baker makes an endorsement, they automatically lock up 64 XTZ for 5 cycles (~14 to 15 days).
Similarly to a bond lockup, the endorsement lock up limits how many endorsements any baker may offer. If there was any collusion between a group of large bakeries, they would eventually run out of endorsement credits and bakers in this group would lessen their overall authority as seen by delegators.
This would encourage delegators to point their accounts elsewhere, again promoting decentralization of the baking process.
I hope this basic introduction to Tezos’ decentralization mechanisms has given you a better idea of how the system avoids yielding too much control to a small group of bakers.
Every aspect of the mechanisms we just discussed is trust-less.
No single entity decides which bakers should be chosen and which ones shouldn’t. The entire process is based on how much stake each baker has invested into the network.
A bit of each baker’s stash is locked with every block they’re chosen to mint. This limits how many blocks a baker may produce within a certain period of time, thus promoting decentralization.
To be able to bake large amounts of blocks, a bakery would have to invest large sums of money into locked funds, further driving up XTZ price, eventually making it unfeasible for any given party to centralize too much baking power.