The Trailing Finality Layer: A stepping stone to proof of stake in Zcash

At Electrical Coin Co. (ECC) we’re exploring a transition in Zcash from the present proof-of-work (PoW) consensus to a proof-of-stake (PoS) consensus. We’re proposing a step on this path that we name the Trailing Finality Layer (TFL). If deployed, this could be mixed with Zcash’s present consensus; the ensuing consensus protocol at that time could be a hybrid of PoW and PoS.

The general purpose is to allow finality and PoS on Zcash in a minimally disruptive method. Finality is a assure that after a block is finalized, that block and the transactions it incorporates can’t be rolled again. Finality can scale back delays for some use instances (comparable to centralized trade deposit wait instances) and allow new enhancements comparable to safer cross-chain bridges.

If the TFL method is adopted by the Zcash neighborhood, it might allow some new use instances, comparable to staking ZEC to earn protocol rewards, whereas minimizing disruption to present use instances. Mining is an instance of a course of that may be impacted in a hybrid mannequin, as mining rewards could be decreased whereas the remainder of mining infrastructure and processes would stay unchanged.

We additionally intention to reduce disruption to evaluation of consensus safety, as most of the present consensus properties stay intact in a hybrid mannequin.

We’ve solely begun to outline the design of this PoW/PoS hybrid protocol. Many key particulars stay open questions, as we develop on under. By sharing our method early on this course of, we’re aiming to assemble and incorporate suggestions as we go, discover potential collaborators, and stimulate dialogue about this method.

Get entangled

When you’re serious about offering suggestions or collaborating on this undertaking, please get in contact! A superb alternative to be taught extra and be a part of the dialog is to attend (in individual or just about) the Interactive Design of a Zcash Trailing Finality Layer workshop I’m main at Zcon4. Additionally be happy to e mail me, [email protected], about your curiosity. We’re on the lookout for contributors from a variety of backgrounds, together with technical, product, neighborhood, and any Zcash customers who need to weigh in because the proposal evolves.

PoS transition background

ECC beforehand shared our rationale for why we consider it’s in the most effective curiosity of present and future ZEC customers to transition the protocol to proof of stake within the weblog publish Ought to Zcash transition from Proof of Work to Proof of Stake? and the Zcon3 presentation Motivations of Proof of Stake. In 2022, we printed a high-level overview of our Proof-of-Stake Analysis method, a extra detailed Method, Focus, and Subsequent Steps companion publish, and gave a Zcon3 presentation about high-level design challenges in Proof of Stake.

A proof-of-stake transition path

Our imaginative and prescient for a transition to proof of stake contains at the very least two main milestones:

  1. Shifting Zcash from its present proof-of-work mannequin to a hybrid PoW/PoS system.
  2. Shifting Zcash from a hybrid PoW/PoS system to pure PoS.

Our major motivation for proposing (at the very least) two steps is to reduce disruption of usability, security, safety, and the ecosystem throughout every step.

This method of transitioning from PoW to hybrid to PoS was executed by Ethereum with the deployment of the Beacon Chain (hybrid) then The Merge (pure PoS). 

Design targets for a hybrid PoW/PoS system

ECC is refining the design of TFL with a number of targets in thoughts, and we’ll doubtlessly be including extra as we proceed to develop this proposal. At the moment:

  • We need to reduce disruption to present pockets use instances and UX. For instance, nothing ought to change within the person flows for storing or transferring funds, the format of addresses, and so forth.
  • We need to reduce complexity of safety analyses by preserving present evaluation outcomes the place doable.
  • We need to allow new PoS use instances that permit cell shielded pockets customers to earn a return on delegated ZEC.
  • We need to allow trust-minimized bridges and different advantages by offering a protocol with finality.
  • We need to enhance the modularity of the consensus protocol. Modularity has a number of loosely outlined and associated meanings, e.g., it’s doable to grasp some consensus properties solely given data of a element of the protocol, and it’s doable to implement consensus guidelines in modular code elements with clear interfaces.

Trailing Finality Layer in a nutshell

The hybrid PoW/PoS protocol we envision at ECC is structured like right now’s Zcash NU5 protocol with a brand new Trailing Finality Layer. We describe it as a layer, as a result of the prevailing nodes and most of their logic will proceed to function largely as-is with minimal modifications, whereas a lot of the brand new performance might be supplied by new, supplementary elements and community protocols.

The left diagram exhibits the present Zcash community, with a element that illustrates how two nodes are linked to one another inside the context of your complete community. The proper exhibits the addition of the TFL after deployment: Every node continues to have its unique PoW element, however now has an extra TFL element. The PoW elements nonetheless join to one another, as earlier than, and TFL elements use distinct connections to different TFL elements.

This new layer supplies the blockchain with a trailing finality assure: after blocks are mined they are often finalized which means they might not be rolled again. This assure extends to any of the transactions inside the blocks. It’s trailing as a result of this finality property follows the PoW mining system “trailing behind it.”

As a result of this hybrid design depends absolutely on PoW for producing new blocks, this protocol is immune to halting in the identical means Bitcoin or present Zcash is — though the finality assure could stall, as we describe subsequent.This design paradigm has each a theoretical and sensible observe report: It’s analyzed in a analysis paper, Ebb-and-Movement Protocols, and it’s the similar paradigm utilized by Ethereum each within the pre-Merge hybrid design of the Beacon chain in addition to in present day Ethereum.

Why finality issues

Nakamoto PoW consensus, launched with Bitcoin and inherited by Zcash, supplies probabilistic finality. This implies the possibility {that a} block might be rolled again falls as extra blocks are mined.

In our view, the first problem with this sort of finality is that totally different individuals independently react to rollbacks. For instance, in all probability most individuals anticipate 1-block rollbacks (that are comparatively widespread), however as the dimensions of rollbacks develop bigger, three challenges emerge:

  1. Bigger rollbacks turn into extra uncommon, so some individuals could not have a course of or coverage for dealing with that state of affairs.
  2. Completely different individuals could have totally different insurance policies, so within the occasion of a giant rollback, the ecosystem could fracture as totally different individuals disagree on methods to get better.
  3. When counterparties require a sufficiently low tolerance for rollbacks, their interplay should incur a considerable delay.

Instance: trust-minimized bridge

To drive this level house, take into account the dear use case of a trust-minimized bridge: ZEC despatched right into a bridge have to be locked up whereas an equal variety of proxy tokens are issued on one other community.

If a rollback reverts a bridge deposit after the proxy tokens are issued elsewhere, these ZEC are not locked within the bridge, and the proxy tokens are actually unbacked. This breaks the peg of the bridge, and plenty of bridge customers will concurrently lose funds. If the bridge designers determine to require sufficient PoW blocks to make the chance of this occasion astronomically small, then issuing the proxy tokens on the opposite community can have an especially massive delay.

Instance: trade deposits

If a person deposits ZEC on a centralized trade, their account on the trade is credited the suitable quantity. If a rollback of this layer happens, the trade accounting now has extra ZEC liabilities than precise ZEC held.

Exchanges search to handle this by requiring extra PoW blocks to succeed in a sufficiently low chance of this occasion. Nevertheless, it is a balancing act: If an trade imposes a delay of n hours, the chance continues to be not “astronomically small,” so customers are inconvenienced by n hours and the trade nonetheless carries a sensible threat of a legal responsibility overhang occasion.

Moreover, due to problem quantity 2 above, totally different exchanges require totally different deposit delays, which doubtlessly confuses customers and places exchanges into competitors to tackle extra threat by accepting fewer block confirmations.


In distinction to probabilistic finality, a consensus protocol could present a finality assure. Protocols that do that be sure that all individuals agree on which set of blocks and transactions are last. The trade-off is that finality could fail to make progress within the occasion of community disruptions. As soon as the community recovers, the trailing finality can “catch up” to the PoW blocks which have been produced within the interim.1

Virtually, this implies if individuals are ready for a transaction to turn into last, generally they might want to attend an arbitrarily lengthy period of time. 

Finality addresses all three challenges to some extent:

  1. Members now not must anticipate rollbacks of various possibilities when designing their procedures and insurance policies. As a substitute, they need to anticipate the danger that generally finality fails to progress in a well timed vogue.
  2. All individuals agree precisely which blocks and transactions are last, although they might disagree on methods to react if finality is stalled for lengthy durations of time.
  3. Members could now depend on the finality assure to make sure they solely react to some transactions when there’s zero probability of the transaction being reverted.

Within the examples above:

  • A trust-minimized bridge can depend on finality for issuing proxy tokens. This ensures the bridge won’t ever be under-collateralized. The trade-off is that so long as finality stalls, cross-bridge transfers may also be stalled.
  • All exchanges can use the identical finality assure, so customers can anticipate the identical deposit delay in every single place (and it’s more likely to be notably decrease than the established order). The trade-off is that if finality stalls, new deposits may also be stalled, although all exchanges will behave persistently on this regard.

The tip end result for customers is that some high-value interactions (comparable to bridging or trade deposits) will now be quicker and safer more often than not. Generally finality could stall. When finality resumes, it is going to “catch up” to the PoW chain, so customers who don’t want the finality assure can proceed utilizing this hybrid protocol, equally to how they use Zcash right now, and be unaffected if finality stalls.

Standing and open questions

This weblog publish introduction covers most of our R&D, up to now, on the TFL design. There are nonetheless many open points that have to be resolved with collaboration and enter from the Zcash neighborhood earlier than a TFL design is prepared as a proposal for a Zcash improve.

An incomplete listing of points that also have to be resolved embrace:

  1. Is that this normal method acceptable to the Zcash neighborhood?
  2. How will new ZEC issuance be distributed between PoW, PoS, and any potential Dev Fund successor? It is a key concern for each miners and potential stakers or delegators.
    1. How can we combine another modifications to issuance mechanics, such because the Zcash Sustainability Fund?
  3. The entire PoS accounting mechanics, comparable to how bonding works, how delegation works, what sorts of slashing could happen, withdrawal delays and mechanics, and so forth.
  4. How would PoS operations work together with all different Zcash ledger actions, comparable to shielded swimming pools, and so forth.? This might be a key space for understanding how privateness and staking work together.
  5. Ought to the chain tip ever stall with a view to certain the hole between the finalized block and the chain tip?
  6. Detailed safety analyses, together with financial safety, a case evaluation of PoW seize, PoS seize, community safety (esp. given two separate community protocols/layers).
  7. How can we guarantee cell shielded wallets are first-class individuals? For instance, can we guarantee they will safely and effectively delegate stake and handle stake-delegation positions? This contains each UX points, like delegation UI flows, in addition to implementation, comparable to lightwalletd protocol modifications.
  8. How you can combine any TFL protocol modifications with different proposed protocol modifications in a protected and well timed method. Examples: Zcash Sustainability Fund, Zcash Shielded Property, bridging efforts, Namada integrations, and so forth.
  9. Collection of a selected finalizing PoS protocol. We’re presently specializing in utilizing Tendermint and ABCI as a technique to quickly prototype and validate the design.
  10. Prototypes, testnets, code structure, and so forth.

As we handle the open points above, particularly the interplay with different protocol options and coordination with these groups on timing, we are able to start to refine a deployment timeline.

Subsequent steps

Our subsequent steps for this TFL R&D initiative are to get neighborhood suggestions on this weblog, host a workshop at Zcon4, and produce R&D updates on the open points above.

As we collaborate with different protocol growth groups, we’d wish to create a tentative deployment timeline that includes the entire different protocol function efforts such because the Zcash Sustainability Fund, Zcash Shielded Property, and potential cross-chain bridge efforts.

Lastly, we’re in search of out different groups or people who’re serious about collaborating on this TFL undertaking, so when you’re , please see the Get entangled part above.

1 In a pure finalizing PoS protocol, the equal “stalls” are literally network-wide halts. One energy of this hybrid design is that PoW needn’t halt, and if it doesn’t then customers who don’t depend upon finality can proceed utilizing the community.

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected

- Advertisement -spot_img

Latest Articles