Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Remote Staking with Optimal Economic Safety

Xinshu Dong, Orfeas Stefanos Thyfronitis Litos, Ertem Nusret Tas, David Tse, Robin Linus Woll, Lei Yang, Mingchao Yu

TL;DR

The paper presents remote staking, a modular protocol that lets Bitcoin lock up stake to secure PoS chains, achieving $1/3$-economic safety by slashing the stake of adversarial validators when a safety violation occurs on the PoS chain. It combines a Tendermint-based finality gadget using DAPS, a Bitcoin bond contract (via covenants or covenant committees), and a Bitcoin-backed timestamping protocol to synchronize validator sets and enable slashing without altering the PoS protocol rules. The construction guarantees safety, liveness under limited adversaries, and slashable economic security, with formal arguments and a mainnet deployment (Babylon Mainnet) reporting substantial stake, approximately $4.1$ billion USD. The work demonstrates practical viability, outlining implementation costs, latency implications, and the trade-offs between covenants versus covenant committees for enforcing slashing on Bitcoin. This approach decouples security from the PoS native stake, breaking circularity and enabling scalable, cross-chain economic security with broad applicability to PoS ecosystems.

Abstract

The idea of security sharing traces back to Nakamoto's introduction of merge mining, a technique that enables Bitcoin miners to reuse their hash power to bootstrap and secure other Proof-of-Work (PoW) blockchains. However, with the rise of Proof-of-Stake (PoS) chains (where merge mining is inapplicable) there is a need for new methods of Bitcoin security sharing. In this paper, we introduce remote staking as a technique that allows Bitcoin holders to use their idle assets to secure PoS chains. Our remote staking protocol achieves optimal economic safety: in the event of a safety violation on the PoS chain, at least one-third of the Bitcoin stake securing the chain is slashed. We make two key technical contributions to enable this: 1) A cryptographic protocol that enables slashing of Bitcoin stake despite the absence of smart contracts on Bitcoin; 2) A secure unbonding mechanism that guarantees slashing can occur before the stake is withdrawn from Bitcoin if a safety violation occurs on the PoS chain. Our design is entirely modular and can be integrated with any PoS chain as the security consumer and any chain (including Bitcoin) as the security provider. A version of this protocol was deployed to mainnet in August 2024 and has since accumulated over 4.1 billion USD worth of staked bitcoins.

Remote Staking with Optimal Economic Safety

TL;DR

The paper presents remote staking, a modular protocol that lets Bitcoin lock up stake to secure PoS chains, achieving -economic safety by slashing the stake of adversarial validators when a safety violation occurs on the PoS chain. It combines a Tendermint-based finality gadget using DAPS, a Bitcoin bond contract (via covenants or covenant committees), and a Bitcoin-backed timestamping protocol to synchronize validator sets and enable slashing without altering the PoS protocol rules. The construction guarantees safety, liveness under limited adversaries, and slashable economic security, with formal arguments and a mainnet deployment (Babylon Mainnet) reporting substantial stake, approximately billion USD. The work demonstrates practical viability, outlining implementation costs, latency implications, and the trade-offs between covenants versus covenant committees for enforcing slashing on Bitcoin. This approach decouples security from the PoS native stake, breaking circularity and enabling scalable, cross-chain economic security with broad applicability to PoS ecosystems.

Abstract

The idea of security sharing traces back to Nakamoto's introduction of merge mining, a technique that enables Bitcoin miners to reuse their hash power to bootstrap and secure other Proof-of-Work (PoW) blockchains. However, with the rise of Proof-of-Stake (PoS) chains (where merge mining is inapplicable) there is a need for new methods of Bitcoin security sharing. In this paper, we introduce remote staking as a technique that allows Bitcoin holders to use their idle assets to secure PoS chains. Our remote staking protocol achieves optimal economic safety: in the event of a safety violation on the PoS chain, at least one-third of the Bitcoin stake securing the chain is slashed. We make two key technical contributions to enable this: 1) A cryptographic protocol that enables slashing of Bitcoin stake despite the absence of smart contracts on Bitcoin; 2) A secure unbonding mechanism that guarantees slashing can occur before the stake is withdrawn from Bitcoin if a safety violation occurs on the PoS chain. Our design is entirely modular and can be integrated with any PoS chain as the security consumer and any chain (including Bitcoin) as the security provider. A version of this protocol was deployed to mainnet in August 2024 and has since accumulated over 4.1 billion USD worth of staked bitcoins.
Paper Structure (68 sections, 9 theorems, 2 equations, 6 figures, 1 table, 9 algorithms)

This paper contains 68 sections, 9 theorems, 2 equations, 6 figures, 1 table, 9 algorithms.

Table of Contents

  1. Introduction
  2. Bitcoin Security Sharing
  3. Remote Staking
  4. Bitcoin Security Sharing via Remote Staking
  5. Remote Staking Protocol
  6. Finality gadget (Section \ref{['sec:finality-gadget']})
  7. Bond contract (Section \ref{['sec:bond-contract']})
  8. Timestamping protocol (Section \ref{['sec:timestamping-protocol']})
  9. Security Properties
  10. Babylon Mainnet
  11. Related Work
  12. Accountability and Slashing
  13. Finality Gadgets
  14. Accountable Assertions and DAPS
  15. Covenants
  16. ...and 53 more sections

Key Result

Theorem 1

Suppose Bitcoin is secure. Then, the remote staking protocol equipped with covenants satisfies $1/3$-economic safety. In the absence of covenants, the remote staking protocol with a (permissionless) covenant committee satisfies $1/3$-economic safety, as long as one of the committee members is honest

Figures (6)

  • Figure 1: Nakamoto's first post on the Bitcoin Forum about merge mining.
  • Figure 2: Remote staking protocol. Validators lock their stake in a bond contract. They then become eligible to run the consensus protocol of the consumer chain. During this time, they sign the consumer blocks confirmed by the underlying consensus protocol with double-authentication-preventing signatures (DAPS) as part of the finality gadget. Hashes of the consumer blocks are periodically timestamped on Bitcoin along with the finality signatures on them as part of the timestamping protocol.
  • Figure 3: Staking market capitalizations of the top $25$ PoS chains in comparison to Babylon. Note that the $y$-axis is in log scale. Data is from stakingreward.
  • Figure 4: Illustration of the data availability attack and the safe-stop rule 1 (cf. Section \ref{['sec:stopping-rule-1']}). Yellow squares within the consumer blocks represent the hashes of Bitcoin blocks. Similarly, blue squares within Bitcoin blocks (called provider chain for symmetry) represent the timestamps of the consumer blocks. Light blue blocks denote unavailable consumer blocks.
  • Figure 5: Illustration of the escaping stake attacks and the block output rules (cf. Section \ref{['sec:stopping-rule-1-5']}).
  • ...and 1 more figures

Theorems & Definitions (25)

  • Theorem 1: Security, Informal
  • Definition 1
  • Definition 2: caspersnapchat
  • Definition 3: DAPS
  • Proposition 1
  • Definition 4: DAPS safety
  • Theorem 2: DAPS Safety
  • proof
  • Theorem 3: Liveness
  • proof
  • ...and 15 more