“Trilemma” is the term used to describe the tradeoffs between three essential qualities that must reside at the heart of any blockchain-based system design: decentralization, security and scalability. Vitalik Buterin, who put forward this idea in 2019, suggested that efforts to enhance any one of the three will diminish a blockchain’s ability to deliver one or both of the others.
Lately, the industry has seen hacks expose the underlying weaknesses of implementations with poor trilemma design. The recent Ronin hack is a crystal clear demonstration of the trilemma in action – and of the catastrophic effects that not paying heed to it can have.
The Ronin hack
Ronin is a sidechain of Ethereum and was built for one of the most successful blockchain-based collectibles games, Axie Infinity. Sky Mavis, the video game firm behind Axie, set up the sidechain because it needed an easily scalable solution that could cater to the game’s explosion in popularity.
To make sure Ronin could offer scalability, the sidechain only had nine validator nodes for transactions. To put that figure in context, the Ethereum blockchain currently has almost 300,000 validator nodes. The sidechain operated on the basis that only a majority – i.e., five – of those nodes were needed to validate a transaction.
Heightening the risk posed by reliance on so few validator nodes was the nodes’ distribution – or rather lack thereof – across the chain’s infrastructure. It has come to light that four out of the five compromised validator nodes were run by Sky Mavis itself. And Sky Mavis’ validators had whitelist control over the crucial fifth validator node that allowed the hackers to complete the transactions.
In trilemma terms, a prioritizing of scalability, facilitated by setting up the sidechain so it had a very low level of decentralization, created severe security shortcomings. The outcome was the theft of $625 million of funds.
Is the trilemma suitable for evaluating blockchain design?
Understanding the tradeoffs of the trilemma is not the same thing as effectively designing a solution around it. And there’s a pressing need for the developers of tomorrow’s blockchain-based apps and services to feel confident in their underlying chain security, decentralization and scalability, and to be sure that an improvement in one area will not compromise either of the other two.
This need is currently being addressed by a handful of companies that specialize in blockchain-as-a-service solutions. Because their focus is on infrastructure rather than developing the things that run on the blockchain, they are best placed to understand the complex knock-on implications of decisions intended to improve one of the three pillars of the trilemma.
Leveraging its background in providing infrastructure to large blockchains, Atlas has formulated a set of principles that allows the trilemma’s pitfalls to be sidestepped.
ISG: Infrastructure, signing authority and governance
Infrastructure is the first priority when it comes to developing a blockchain that’s fit for purpose, because the number and distribution of nodes determines the network’s underlying decentralization, security and scalability.
This area’s importance becomes clear if we look at the Ronin attack. Ronin’s infrastructure setup meant that at least four of the nine validator nodes were located in places that were protected by the same security arrangements, meaning they could all be accessed through a single attack. A well-designed infrastructure setup will prevent this scenario from arising because it will distribute nodes across many different servers.
Another reason why infrastructure is a crucial focus is that it creates opportunities to lower costs in a way that does not compromise the blockchain’s core qualities. Atlas is currently working toward running all of its servers on low-cost renewable energy. The energy savings that a switch to renewables yields can ensure that costs do not have to be cut in areas that will compromise decentralization, security or scalability.
Properly devising a blockchain’s signing-authority arrangements is the next consideration after infrastructure. As the Ronin hack shows, opting for fewer validator nodes will allow greater scalability and thus lower transaction costs. But it also reduces security.
According to Atlas, the signing authority issue needs to be considered with two things in mind: First, the mechanisms themselves – for instance, how many validator nodes there are and how many are needed to complete a transaction – must be appropriate to the blockchain’s current and future needs.
Second, it’s important to evaluate and know as much as possible about the actual people behind the nodes. The security benefits of a large number of validator nodes with distributed infrastructure are wiped out if the nodes are concentrated in the hands of just a few people.
A blockchain’s governance system both configures a blockchain’s decentralization, security and scalability in the present and guides how the chain will handle these areas in the future. If any user who provides hash power has a vote in how the blockchain is run, it will be more difficult to adapt the network to changing circumstances. And long waits to create consensus may make the blockchain less scalable because they will likely increase the time required to implement updates.
However, overly concentrated governance encourages rash decision making that may create security breaches. Moreover, it will likely lower the incentive for new miners or validators to go online and contribute hash power. This concentration of governance control will lead to lower decentralization and, ultimately, less security.
Implementing ISG principles
Mere awareness of ISG is not necessarily enough to stop, for example, a measure taken in the name of scalability reducing decentralization and thus compromising security, as occurred in the case of the Ronin hack.
In truth, the real value of an awareness of ISG is that it will encourage chains to be proactive in incentivizing experienced infrastructure providers like Atlas to volunteer computing power. Atlas’ vision is to provide stable computing to a large set of major blockchains – the current total stands at 20 and will continue to rise – in order to make them more secure, scalable and decentralized.
You can learn more about Atlas and Building Web 3.0 during its featured side-event ahead of Consensus in Austin this June.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.