Reevaluating Neuron Control Restrictions

Perhaps there is a misunderstanding on my end.

My suggestion was that all neurons (including canister controlled neurons) get PoK.

If all neurons, including canister controlled neurons, got PoK then we can make the discount for non PoK neurons 100%.

Furthermore, what if we beefed up the idea of the “disbursement key”. As it’s currently proposed, my understanding is that the disbursement key is just known and cannot be unknown, but it is not required to perform any functions.

What if instead of a “disbursement key”, we had a “transfer key”. And the transfer key was required to transfer the neuron controller. So it essentially becomes the new PEM file for each neuron as it relates to neuron transfers only.

Is that possible? If so, it is highly unlikely neuron markets would form under that construct.

If someone design a system that encapsulate this new PoK known design into something that just display the previous design, then we can proove that the PoK remains unknown and the market can still fleurish.

How ?

1. Encapsulate everything in canisters that use PoK but also not give the PoK visibility to the user
2. Add non PoK neuron ( actual state of neurons ) into this system before PoK is known ( either before the ICP is stacked or before the PoK is implemented for existing neurons ).
3. those Canister will then have the optimised voting rewards and act as it was before

2 Choice :

• Keep wasting ressources to prevent neurons trades ( 2 easy things to understand : what can be done offline can be done online, neuron trade dont affect security of the network, this add more useless complexity to the neurons system making average user run away )
• Use those ressources to improve the things lastjms mentionned on twitter and here Let's solve these crucial protocol weaknesses

In politics, shiny distractions might sway opinions, but in IT, such tricks don’t fly. Even average folks see through this PoK nonsense

All opinion are my own

Thanks for reading

@GeekFactory

ok I see. So you are thinking about combining the PoK set-up and the transfer penalty (Previously, I understood that you suggested to apply a transfer penalty while avoiding the technical complexities of implementing a PoK).

How would you deal with canister controlled neurons in this set-up, as these would not be able to provide a PoK (at least not in the scheme proposed at the beginning of this thread)?

I think this probably relates to this discussion above.

Enabling a disbursement key (or transfer key) for all neurons (being stored in an encrypted fashion on-chain) would mean that the security of the whole NNS would depend on the applied encryption scheme (which seems like adding an additional attack vector).

Thank you for detailed feedback @GeekFactory

The suggestion proposed a phased roll-out strategy, where each phase is interlinked. Initially, it involves lifting current restrictions on neuron control, followed by introducing incentives for holding non-transferable neurons in a subsequent phase. Hence, I see these phases as part of a bigger picture and not as individual standalone measures.

However, to address your points on proposal segmentation and resource usage, it would seem natural to link the timing and priority of implementing the complex later phase to the observed developments within potential neuron markets.

While motion proposals are generally high-level and may not go into every detail during the early stages, I understand your point about the importance of making the PoK concept more concrete. This will indeed facilitate a more informed discussion among all stakeholders.

Could you specify which aspects of the PoK implementation are of particular concern to you? This will allow me to address specific areas needing further elaboration.

Can they use a disburse key?

But I think this solution is much better:

Thanks Bjorn. What are your thoughts as it relates to providing PoK and transferrability to existing neurons that are hardware controlled?

Neuron holders that set up their neurons using hardware wallets in the past may want to transfer their neurons to a canister as they are the future of wallets. Of course, one would not want to create any security issues. I am just wondering how to bridge the gap. Seems a bit unfair that only new neurons have the option of being canister controlled and implementing PoK.

I suggest reducing the restrictions on the transfer of neurons. stETH can be traded normally without any security issues, and DFINITY and ICA have a significant amount of voting power. Recently, I looked into the Ethena project, which uses stETH to create stablecoins. It’s an amazing project that generates value from a large amount of dormant ETH. I hope ICP can do the same.

I appreciate dfinity, they make us happy for a perfect wep3, neuron transfers will be a move that nns has never made before, that’s why nns is always different and unique because they will want to imitate it and nns is the biggest innovation after bitcoin, everyone may regret the decisions they make. For account security, they should keep the neurons in different accounts, whether they sell them, in a game, at a gambling table, exchange them for a commodity or exchange them for a car, these are the WEP3 steps.

Do you have any feedback on the latest comments, @bjoernek, especially regarding the slashing solution? Thanks

Apologies for the delayed response. The requirement which you raise, i.e., the ability to transfer neurons from one technology solution to another, seems very fair. In the moment, you can transfer from say Quill to Ledger or vice versa (using the Seed phrase), but for example Ledger to II (and potentially in the future from Ledger to a canister solution) is currently not possible. Addressing this would likely require a dedicated project.

Using the technical components discussed in this thread, I currently do not see how to enable such transferability for the security concerns mentioned above.

Thank you for your patience, and I apologize for the delayed response.

Regarding the slashing solution, a significant challenge would be determining which neurons to slash. If a group of attackers gains enough voting power to pass malicious proposals, they could similarly use their power to reject any slashing attempts. Additionally, defining what constitutes a “malicious proposal” is not straightforward, adding complexity to the decision-making process.

Thank you for your patience, and I apologize for the delayed response.

No worries.

which neurons to slash

Regarding the neurons that should be slashed, it would be those that voted to adopt the malicious proposal.

they could similarly use their power to reject any slashing attempts

If we are discussing this topic along with lifting neuron restrictions in canisters, we can assume that the voting power (VP) is attached to canisters. Therefore, simply disabling or reducing the VP of these neurons should suffice to adopt the slashing proposal.

defining what constitutes a “malicious proposal” is not straightforward, adding complexity to the decision-making process.

I think there is no better way. For example, in the original proposal we are directly assuming that canisters are malicious and applying a penalty beforehand.

If it involves a transfer (as in the example given) or if it affects the functioning of a subnet, it seems to be straightforward. It works with the worst proposals and there is no need to define it beforehand. Additionally, the penalty could vary depending on the severity of the damage.

Hi all,

following up on the request for additional information regarding the Schnorr Proof of Knowledge, please find the details below.

Schnorr Proof of Knowledge

The Schnorr Proof of Knowledge (PoK) is a cryptographic protocol used to demonstrate that a prover knows a secret value without revealing the value itself. This technique is part of a family of proofs known as zero-knowledge proofs. The basic idea is proving knowledge of a secret associated with a discrete logarithm problem. Specifically, the Schnorr PoK allows a prover to show that they know the discrete logarithm of a public value (g^x) with respect to a base (g) in a given group, without revealing (x) itself.

Here is an overview of key steps involved:

• Setup: Let (G) be a cyclic group of order (p) and generator (g). The prover has a secret (x), and the public key is (y = g^x ).

• Commitment: The prover selects a random natural number (r) and sends (t = g^r ) to the verifier.

• Challenge: The verifier sends a random challenge (c) to the prover.

• Response: The prover calculates (s = r + cx \mod p) and sends it back.

• Verification: The verifier checks if (g^s = t y^c ). If true, it confirms the prover’s knowledge of (x) without revealing (x) itself. (Note that g^s = g^{r+cx} = g^r g^{cx} = t y^c ).

Relevance of Schnorr PoK for this thread

Threshold cryptography, utilized in signature schemes like ECDSA or BLS, allows signing capabilities to be distributed across multiple parties. For instance, both threshold ECDSA (tECDSA) and threshold BLS (tBLS) signatures are supported natively by the ICP protocol. There is also a non-interactive threshold Schnorr signature scheme, which is planned to be added to the ICP protocol.

An interactive Schnorr PoK is not compatible with these threshold signature schemes due to its design: In the threshold signature schemes, the cryptographic challenges are deterministically computed using a hash function, which incorporates the message. On the other hand, in the interactive Schnoor PoK the cryptographic challenge is chosen randomly by the verifier. Consequently, canisters, which rely on tECDSA for signing messages, cannot provide an interactive Schnorr PoK. Similarly, II-controlled neurons that use tBLS are also unable to provide an interactive PoK.

In contrast, a user who manages their neurons via Quill or a Ledger device can provide a Schnorr PoK of their secret neuron controller key.

Schnorr PoK vs Disbursement Key

II-controlled neurons cannot directly participate in a Schnorr PoK scheme due to their reliance on tBLS signatures. To allow these neurons access to enhanced rewards while disincentivizing neuron transfers, one might create a new scheme providing the neuron controller access to a non-modifiable disbursement key.

This key, controlling the disbursement of ICP and possibly neuron maturity, would grant significant power to its holder. Since knowledge of the key is irreversible, this poses a risk to buyers; previous owners might retain access to the neuron’s ICP or voting rewards.

Conceptually, providing a PoK of the newly created disbursement key is similar to providing a PoK of the controller key. In both cases, possession of the key verifies knowledge of a specific secret. However, the disbursement key introduces a new key (which requires a whole new scheme to manage this additional key) vs a PoK of the existing controller key does not.

Hi all,

Here is my preliminary (personal) attempt to summarize the discussion in this thread on neuron control restrictions:

Everybody seems to be in favor of lifting restrictions to allow canisters to control neurons (phase 1).

However, opinions differ regarding the need for additional measures to disincentivize neuron transfers. Implementing further restrictions, such as those suggested in phases 2 and 3, would enhance security but also comes at a cost (through high implementation effort and added complexity for users). This applies in particular to phase 3.

Several interesting ideas for additional/alternatives measures were also proposed, such as whitelisting certain canister-controlled neurons (e.g., those managed by a truly decentralized SNS), further ideas to facilitate neuron management, or slashing the stake of canister-controlled neurons in case of malicious behavior.

A key point discussed is the issue of materiality: As long as a small number of neurons are controlled by canisters or II, this does significantly impact long-term voting behavior of the NNS overall. Therefore, we might proceed with phase 1 (removing restrictions) while delaying further phases or alternative measures, depending on how the materiality of canister-controlled neurons evolves. In this context, we might need to improve NNS metrics, such as reporting the stake and voting power of canister-controlled neurons. It is important to note that additional measures could be reconsidered if this situation changes.

Does this summary reflect our discussion accurately?

Yes, I believe this summary reflects our discussion accurately.

Perfectly summarized, thanks Bjorn!

I think thats it well summarised - everyone is in agreement with phase 1 and removing the restriction.

Do we have a timeframe? should we expect an NNS proposal soon? I’ll keep an eye out for it.

@bjoernek, I want to state for the record that I’m opposed to limiting canister-controlled neuron functionality to just a Whitelisted group of neurons. Doing this would adversely effect the Personal DAO governance model which relies on each Personal DAO replica having the ability to stake its own canister-controlled neurons in order for DAO members to receive voting power.

I’m also opposed to introducing the idea of some sort of slashing mechanism as doing so would automatically classify any neuron application service on the IC as a security as referenced in Wisconsin’s Department of Financial Institution’s (DFI) Administrative Enforcement Action Against Coinbase which can be found here on page 5, section 24. In this Administrative Enforcement Action, The DFI sites the possibility of slashing as being a potential negative consequence of a mismanagement by the Coinbase, and uses that as a justification for why staking services that feature the risk of slashing should be classified as a security.