There’s been a lot of talk about pledging in Cardano lately.
What does pledging mean? What is pledge, exactly? Do stakers need to be concerned? What will the minimum pledge amount be?
In this article we take a look at some of these questions and try to explain them in the simplest possible terms. No previous knowledge is required to understand that which is, otherwise, considered a complex subject.
Let’s get one of those questions out of the way: do stakers need to be concerned? No. Pledge amounts only concern staking pool owners. Stakers’ funds are safe no matter what amount a staking pool pledges.
So, let’s take a look at the definition of pledge and the motivation for its introduction into the Cardano protocol.
What is pledge?
As implied by the name, pledge is an amount of Cardano ADA which is committed to the system by a staking pool operator. This commitment is assumed to be of longer term than just staking. It is said that the pool operator “pledges” this amount to the system as a display of financial solidity and commitment.
To put it in investing terms, pledge is a pool owners’s skin in the game.
Since the pledge amount is locked up in a staking pool and cannot be moved (without breaking bits of that pool), it sends a message to users that the pool is in it for the long run – and has invested the money to prove it.
But, if the system itself is 100% secure and no trust is required, then why must pool owners pledge an amount to display business solidity or commitment? Users can’t lose anything, can they? These are good questions. Because, in fact, your funds are safe no matter what the staking pool operator does.
So, why is a pledge required?
The main reason is to protect the network against a cheating method called Sybil attacks.
Sybil is the title of a 1973 book which describes a woman who had 16 separate personalities. It’s a true story, despite the woman’s true identity having been preserved.
In the context of technology, so called Sybil attacks refer to a method of subverting online polls, forum discussions, votes and other collective online activities where having a majority makes the difference.
In a Sybil attack, a single cheater pretends to be several different persons in order to direct the narrative, influence polls, manipulate votes and other metrics. Anyone who’s been online long enough has either suspected, witnessed or been the target of such an attack.
In cryptocurrency verification, having a majority of “votes” is key to running a successful system. There are several ways these “votes” are computed in cryptocurrencies and Cardano uses what we call Proof of Stake.
For example, if someone were able to impersonate a large number of network participants, they could subvert the system by voting for invalid Cardano blocks.
But how would something this be achieved, exactly?
In a Proof of Stake (PoS) system, a person who owns 10 coins has 10 times more voting power than someone who has just 1 coin.
If this were the only factor in the system, then everything would be fine. In fact that’s exactly how a PoS system is supposed to work. This would be a secure system because whoever owns 10 coins has 10 times less interest in subverting the system than someone who owns just 1. They stand to lose more than they’d win by cheating (that’s where the term “stake” stems from), which is the logic behind all PoS systems.
But, in order to “cast a vote” in a PoS system, the coin holder would need to be online during the vote. Otherwise blocks couldn’t be verified in real time. And there’s the problem: regular users wouldn’t want to be online 24 hours a day just to vote for valid blocks on their favorite cryptocurrency!
This is where delegation comes in.
Users delegate their voting powers to someone who they think will be online 24×7. Someone who will solve valid blocks for them.
The delegates who solve blocks on behalf of someone else are what we know as a staking pools.
Delegation Sybil Attacks
Now we finally join the concepts of delegation and Sybil attacks together to explain why the pledge amount is necessary.
We know that someone with 10 coins has 10 times more power than a person with one coin.
But, what if someone creates 10 staking pools and is somehow able to attract the delegation of those 10 coins’ votes to his network of pools?
The users wouldn’t know it, but it’s the same person behind those 10 pools (like Sybil’s multiple personalities). Stakers think they’ve delegated their stake to 10 honest guys who’ll mint coins for them, but in reality now there’s just a single person who controls all 10 votes!
So, how do we stop someone from creating multiple tiny pools which fly under the radar?
You guessed it.
By requiring pool owners to pledge some money to each pool they create.
We’ve finally reached the point of this article. The staking pool pledge is the amount of ADA coins required to make pool creation expensive enough, such that it makes cheating undesirable.
Pledging isn’t about securing users’ funds. Ouroboros, which is Cardano’s protocol, does that for us.
Pledging is about financial stability of the system and overall network protection against Sybil attacks.
By requiring a certain amount of ADA to be locked up in a staking pool, someone who tried to attack the network would have to lock up large amounts of coins. This would defeat the adversarial player’s purpose, which is to make a quick and easy profit by cheating.
So, what’s all the fuss about? Why is everyone suddenly discussing pledging? Isn’t it obvious that this is required to make the system work?
Well, yes and no. There are arguments both ways and each have their own merits.
Those who argue against pledge, believe that users are wise enough to choose reputable staking pools to delegate to. They also think that by not requiring a minimum investment in order to open a pool, it’d promote enough decentralization to flood the Cardano market with staking pool options. Cheaters therefore wouldn’t be able to attract enough stake to attack the system, because users would spread their funds to a large number of pools.
These are valid points, to an extent.
In practice, running a staking pool isn’t for everyone. It requires lots of technical skill and dedication. A team must monitor the pool, update it, keep the software running smoothly, guard against hackers and so on. This doesn’t come cheap. Which adds to the cost of staking, which reduces the number of pool.
Therefore, even if pledge were zero, the costs and technical requirements of running a staking operation would already limit the number of players. Decentralization wouldn’t necessarily happen automatically and in enough numbers to completely avoid Sybil attacks.
Pledge also helps the protocol designers establish the cost floor. By requiring a pledge, them minimum cost of running a pool is established. The protocol designers can then estimate how many pools would be required to make a Sybil attack unfeasible. The idea is to maximize the number of pools, but not allowing a large enough number that would make Sybil attacks profitable.
What will the minimum pledge amount be?
According to this article just published at IOHK (official Cardano source), there won’t be a minimum pledge.
But at the time of this writing we didn’t know the answer to that question yet. The Shelley stage is still in development and the details of pledging haven’t been decided on.
What we do know is that the pledge amount will be calculated to be the minimum number of ADA necessary to make it too expensive to cheat.
The calculation involves dividing the amount of ADA free float in circulation by some factor, such that the cost of establishing a staking pool is higher than the amount a cheater would earn by attacking the network.