Allow wallets representative to change representative

Protocol Design
#1

Hello nano community! I love nano and I love what you guys are doing! Keep up the good work! Heres a protocol idea that i personally find to be really interesting. I wrote about it on reddit a while back, thought this post is a bit more thought out.

This is the idea:
Currently only the wallets owner is allowed to change the representative of the wallet. What if this was extended to both the owner of the wallet and the current representative of the wallet?

"If the original representative was a malicious actor, could he not just change their vote weight back to themselves and then do a 51% attack?"

If a representative decides to change the representative of someones wallet, then it would no longer be the representative of that wallet. Since only the current representative of the wallet is allow to change the representative, then the original representive no longer has the power to change it. Therefore the representative change is irreversible for the original representative.

"Couldn't a malicious actor delegate the votes to other nodes from the same actor, and therefore hide how much power he has"

There isn't much stopping you from doing something simular today. As we see with binance, which holds about 20% of voting weight, which is not easily visible from the voting weight distribution

"But some people don't want their representative to be able to change their representative. They want to choose a representative and have it stay there. I am a poweruser and i want to have control"

One solution to this is to make this an optional feature. The transaction that changes the representative could also include a boolean which indicates whether or not the wallets representative should also be given power to change the representative. This way, wallets could have a on/off button on whether or not they should "allow your representative to change your representative".

The Advantages

  • Solves the issue of offline vote weight (nodes that are shutting down will now be able to get their voting weight away from their node)
  • Solves the issue of relying on people to change representatives
  • Potentially further decentralization (a node with high vote-weight could decide to give some away to smaller nodes that he/she trusts)

The Disadvantages

  • The time needed to develop this
  • Makes the learning curve of nano a tiny bit steeper (while it might simplify for most users, who may not need to think about representatives)
  • Could increase the attack surface, as it increases the complexity. For example, if this was created and a bug was found that allows one to change anyones representative, then it would be game over for the nano network

Bonus:
Allows for a automatic vote-weight mixer. This could be great for "lazy people". Simply make this your representative, and the representative will find a node that it trusts, and delegate your vote to the trusted node. Or maybe just evenly delegate vote-weight randomly to nodes? This would of course be entirely optional and can be made by the community

Bonus 2:
I am skeptical about this bonus idea, but it is interesting. What if offline vote-weight is thrown into a mixer and then re-delegated to online nodes? This could be an optional feature on nodes for example

What if representatives are being blocked
#2

While I have always been very skeptical about allowing anyone but account owner to choose reps, but I suppose it would not be a huge breach of trust for you current representative to re delegate.

That being said, based on the trust required I don't think any rep should re delegate to anyone else, so I don't see the benefit of extra "decentralization".

So the only real use would be reps going offline, or selling of businesses that ivolves nodes (see nanowallet.io, which now lots of people have the seed since it moved hands). Which is not nothing, but still. I just don't think this should go anywhere near the top of the list of priorities, and unless lots of nodes start going offline or changing hands it could probably be delayed forever.

But I don't think it's a bad idea on itself

1 Like
#3

I do believe it gives somewhat extra decentralization. If a node goes from being trusted to becoming a malicious actor (for example through a hack, or if it is controlled by multiple people like a bank, or a change in ownership). Then that malicious actor can not get back the vote-weight that has already been re-delegated. It might be wise for a large node to delegate away some of the vote-weight to prevent itself from becoming a single point of failure (of trust). The "irreversible" nature of it makes it somewhat more decentralized (but not by alot yes).

But yeah, you make some fair points

#4

For any honest node perspective it's safer to maintain control than delegate. The risks of delegating to a malicious node by mistake (or it becomes a malicious node in the future) far outweighs any abstract benefit that comes from decentralization. Also if you are an honest node, from your perspective the network is safer in your centralized hands.

An honest node should never re delegate unless its own node is at risk. Either by more people having access to it (shared/sold businesses) or because you are going offline.

And except for the case where you are going offline, where you have no option but to redelegate to a 3rd party, in the case of a business change for example, you should redelagte to yourself. When BB bought nanowallet.io for example, they would create a new rep that the old owners would not have access and then move all delegators from the old rep to the new one. So there's no redistribution of weight.

1 Like
#5

Yeah, you're probably right

#6

I've been thinking about this few days, because something bugged me about this idea and didn't know what.

Hacks .

Currently no one can redirect wallet delegation, except the wallet owner.
So a malicious hacker would have to obtain controll of many individual wallets to gain controll of the network.

With this proposal, he need so hack only a few servers. And as (big) software without bugs can not exist, there are possible future vulnerabilities, that would allow hacker to gain controll of the whole network.

2 Likes
#7

Thanks for thinking about the idea <3

True, thought would it not be simular to a regular 51% attack? You only need to hack the top 6 nodes in order to do a 51% attack. Thought i guess this idea makes it possible to do this incrementally. You would not need to take control of all 6 servers at one point like you would need today, but you could take one, delegate away, take another on another day, delegate away, take the third one month later and then delegate away, and then do a 51% attack! So yeah. The node could alert the users that their rep has been maliciously redelegated, and tell them to change it back or to another, though that will assume that people will do that and do it in time before an attack

#8

bug in the node it self, and attacker could do it all in few minutes.

#9

Potentially further decentralization (a node with high vote-weight could decide to give some away to smaller nodes that he/she trusts)

my wife :face_with_hand_over_mouth:

Nano Forum | Terms of Use | Privacy Policy | About | FAQ