Cardano

From Organic Design

Cardano is home to the ADA cryptocurrency, which can be used to send and receive digital funds. The currency is named after Ada Lovelace, who was the first ever person to recognise that a machine had applications beyond pure calculation, and she published the first algorithm intended to be carried out by such a machine. A millionth of a single ADA token is called a Lovelace, the smallest denomination in the Cardano network. Fast, direct transfers are guaranteed to be secure through the use of cryptography and require no trusted third party just like Bitcoin. Unlike Bitcoin however, Cardano does not require a computationally expensive mining operation in order to secure the network, and has been mathematically proven to be as secure as Bitcoin without it.

Cardano is more than just a cryptocurrency, however, it is a technological platform that will be capable of running financial applications currently used every day by individuals, organisations and governments all around the world. The platform is being constructed in layers, which gives the system the flexibility to be more easily maintained and allow for upgrades by way of soft forks. After the settlement layer that will run ADA is complete, a separate computing layer will be built to handle smart contracts, the digital legal agreements that will underpin future commerce and business. Cardano will also run decentralised applications, or dapps, services not controlled by any single party but instead operate on a blockchain.

Cardano development eras

The Cardano functionality is being developed in five so-called eras, each gathered and presented on its own dedicated page: Byron (laying the foundation), Shelley (staking and decentralisation), Goguen (smart contracts), Basho (network optimisation and scaling), and Voltaire (decentralised governance). Each page has an overview of the goals of the era, as well as descriptions of the core functional components, links to associated academic research, status updates, and even real-time code commits. Each era is centred around a set of functionalities that will be delivered across multiple code releases. While the eras of Cardano will be delivered sequentially, the work for each era happens in parallel, with research, prototyping, and development often in progress all at once across the different development streams.

The Ouroboros protocol family

Cardano uses a proof-of-stake (PoS) mechanism based on the Ouroboros protocol family. The usual "longest chain rule" that secures proof-of-work blockchains like Bitcoin is not directly applicable in PoS systems. Nodes that (re)join the network for the first time or after being offline for a while therefore need to trust the information that they receive from other nodes. This is known as the bootstrapping problem, which increases the network’s vulnerability to long range attacks. In a long range attack, a node is offered an alternative version of the blockchain and the node has limited or no recent information available to distinguish whether this is the correct version. Proof-of-stake systems have been around since 2011, but as of late 2019 Cardano is the first one to overcome all of these design challenges in order to reach the same level of security as Bitcoin.

There have been a number of versions of the Ouroboros protocol released so that the various aspects could be tested and developed in phases - not to be confused with Cardano's eras. The first version which is now being called Classic was the basic PoS system that depended on all nodes being constantly connected and in-sync. The next version was Praos which allowed for nodes to come and go as they please, which is of course an essential aspect of a real-world peer-to-peer network. The next version was called Genesis which was major, because that's what brought all Cardano's promises of a new superior system into reality, and is the version we're currently running in the Incentivised test Network (ITN).

Since Genesis, Ouroboros was the first PoS protocol that is mathematically proven to guarantee persistence and liveness in both a synchronous and semi-synchronous setting — under the assumption that a honest majority participating, just like Bitcoin. Hence, it is more secure than other PoS protocols that require at least 2/3 honest participants (e.g. Ethereum Casper, Algorand) and equally secure as Bitcoin, but with a much lower energy expenditure and better performance.

The next version is called Chronos which allows nodes to operate together without depending on a global time external to the network, making the system more independent and resilient. The final planned version of the protocol is Hydra which introduces sharding into the system.

Staking in Cardano

Cardano uses the Ouroborus (Currently the Genesis version) proof-of-stake algorithm to secure the network. In addition to the main block chain, this system divides time into epochs and slots. In the mainnet, there are 21,600 slots each lasting 20 seconds which makes an epoch 5 days. In the incentivised testnet, slots are only 2 seconds long and there are 43,200 of them making up an epoch of 24 hours.

At the start of each slot, one or more slot leaders are randomly elected and it is their right to create the next block in the blockchain if one is needed at the time of that slot, and receive a reward for doing so. The first one to create block for the slot and publish it to the network will receive the reward, if none are able to create the block, it will be created during a subsequent slot. In the testnet there are roughly 10% of slots filled which comes from the active slots coefficient for the network. During each epoch, random numbers are written to the blockchain by the slot leaders using Publicly Verifiable Secret Sharing (Specifically Schoenmakers's variation of the original Stadler PVSS from 1996) to avoid people gaming their numbers. Those numbers provide a mechanism to randomly select future slot leaders at the start of each slot in a way that can be determined independently by any node, but also cannot be known before the end of the last epoch. In essence, this mechanism signifies the symbology behind the Ouroboros name: a snake eating its own tail.

In Ouroborus classic, this leader election schedule was know publicly (i.e. it could be calculated by anyone at the start of an epoch), and there was exactly one leader for every slot. But this gives rise to the possibility of the leaders being attacked in order to prevent them creating their blocks. In the Praos version, the mechanism is improved by using a Verifiable Random Function (VRFs were introduced by Micali, Rabin, and Vadhan in 1999) is used so that each node can determine for themselves what their own leader schedule is (i.e. what slot they are the leader for in the current epoch), but nobody else can know this information. A VRF is a way of executing a function using your private key so that you can also provide a proof that your output did indeed result from execution of that exact function with the specified inputs, and then anyone can verify your proof using your public key. In this way when a node creates a new block, other nodes will only accept it if it's accompanied by a valid proof that the node was indeed a true leader for the slot. Using this system there may be more than one valid leader for a slot, or also there may be no leaders at all.

The Cardano staking system fundamentally works to incentivize two primary activities. The first is making sure that stakeholders are online. The second is participation in the protocol, i.e., block creation. Because there are many people who are either unable to run their own servers with 24/7 uptime or who don't want to create a stake pool, they will be able to delegate their stake to a pool of their choice. Delegation addresses are different from standard ADA addresses.

Unlike Ethereum, or other staking protocols, users funds are not at risk of being "slashed" or destroyed in case they attempt to participate in the protocol in an inappropriate fashion; the design of the system makes that unnecessary. In fact, user's funds are not at risk at all in any way because they never leave a user's wallet and can even be spent at any time without needing to be "locked up" into the staking system.

Staking pools

To stake your ADA coin, you can either set up your own staking pool or delegate your stake to an existing public pool which can be done from within a supporting wallet such as Daedalus or Yoroi. The person who maintains and controls the pool, and sets its parameters is called the pool operator. A pool's chance of winning is proportional to the total amount of ADA the pool holds for staking (every single staked Lovelace, the Cardano version of a Satoshi, is like a single lottery ticket) which is called the controlled stake. This means that everyone's rewards will average out over time to be in proportional to what portion of the total staked coins they have at stake. But the problem is that the smaller the portion of your coins are, the longer it would take to average out - someone with only a millionth of the total stake would be waiting centuries to realise the average and may go decades without even receiving any rewards at all!

This is why it makes sense to delegate your stake to a pool if you have less than say 0.01% of the total stake. The pool has a lot of individual people's stakes delegated to it, and so as a whole it receives regular rewards in proportion to it's total. Then at the end of each epoch, the rewards the pool received are automatically distributed to the delegators by the Cardano protocol.

Rewards

Rewards are distributed among all stake holders every epoch (which is 24hr in the testnet and 5 days in the mainnet). Rewards automatically contribute back to your stake, but your stake is not locked up, so any amount of stake can be spent at any time. In the testnet, approximately 3.8 million ADA are awarded per epoch, and there are usually around 4320 (active slots coefficient of 0.1) blocks generated as a rough guide which means that each block is worth around 1K ADA or $40 at current prices. My personal results are showing an average of $35/block. Also non-productive pools that don't create their assigned blocks will cause the reward per block to increase throughout the epoch - but note that the reward is divided evenly over all blocks at the end of the epoch, so later blocks are not more valuable to produce than earlier ones.

Tax

Pools can charge a percentage (called margin or tax-ratio) and/or a fixed amount (tax-fixed or pool cost) per epoch. There is also an optional parameter called tax-limit that allows a pool operator to specify an upper limit to the amount they can take each epoch. These costs can be changed by the pool operator any time and will take effect at the start of the next epoch, staking wallets will notify users of changes in their pools costs. Each pool has a chance of being elected as the slot winner for every slot and gaining the right to create the block corresponding to that slot.

Performance

A pool's performance is measured as (n / N) * (S / s) where n is the number of blocks produced by the pool in the current unfolding epoch, N is the number of slots this epoch, S is the total delegated stake this epoch and s is the stake owned by the pool this epoch. It's a measurement that applies purely to the current epoch and represents how well a pool is doing taking into account it's size. It's the proportion out of all possible blocks so far that have been produced by the pool, multiplied by how many of that pool it would take to occupy the total stake. This is the formula used in Daedalus, but it is averaged over a number of epochs according to the code comments.

Delegation

You delegate your stake to a pool with a special type of transaction which supporting wallets will do for you. This transaction will not take effect until the end of the next epoch, and then you will start earning rewards until the epoch after that, and you'll receive your first rewards at the end of that epoch. I created my first delegation transaction to LEAF pool in epoch 3, and then my first reward transaction arrived at the start of epoch 7. During epoch 7 I changed my delegation to BCSH, in epoch 10 I changed to LCP01 and in epoch 11 I changed to our own PUDIM pool. I received rewards continuously throughout all those changes, so it seems there's no downtime resulting from changing delegation.

Desirability

This is the most important metric for choosing a pool and reflects the real rewards you're likely to receive. The wallet orders pools by desirability. Desirability is composed of reliability (mainly up time), pool costs, profit margin, saturation and pledge. See this video for details about how desirability works.

There is a network variable called k which maintains equilibrium between efficiency and decentralization, by limiting the desirable number of pools appearing to ADA holders for delegation selection. K will start at around 100 and will ideally aim to be around 1000. As far as Cardano's framework is concerned, the majority of delegated ADA must go to those owners of pools that make it into the top k pools which are called competitive pools, and will be the only ones displayed in the staking-capable wallets. Those that don't make it into the top k will not be visible and are called dead pools. The stake pools that make the k do not have to go out and ask for ADA they will be saturated naturally, by design.

Quote.pngEven if every user were to run a node that was online all the time, it would be hard to keep all those nodes well enough in sync to avoid forks and still keep a short slot length. Our delegation design is aimed at keeping the number of nodes that produce a significant amount of blocks reasonably small (about 100 or 1000 nodes), so that effective communication between them is feasible.

Saturation

To help prevent any single stake pool from growing too large, there is a mechanism to ensure pools saturate at a certain percentage of the total stake in the network. If any stake pool exceeds this percentage, then the rewards for that stake pool will no longer increase but will be shared among delegators, making the pool less desirable. This is 1/k (if k is 100, then pool rewards are capped at 1%) and is discussed in this incentives paper.

Pledge

The pledge variable makes the separation of operator and owner(s) possible, maximising the number of pool owners within k. It's an elegant solution that enables Cardano to reach its k target of 1,000 public pools while encouraging those with limited Ada to pool their holdings and pledge to a pool operator, thus maximizing the diversification of pool owners while maintaining network efficiency. The Incentivised Testnet has the concept of pledging, whereby stake pool operators delegate their personal stake to their pool and register a pledge address when they register the stake pool with the Cardano Foundation. Pledging is not currently enforced by the network protocol (although it may be in the future) and functions to increase the attractiveness of a pool, meaning that other delegators are more likely to delegate to that pool. The person(s) who pledges to the pool is called the pool owner. Pledging follows the same process as delegation.

The effect that the pledged amount has on a pool's desirability is determined by a network parameter called a0. An a0 value of zero would mean that the pledged amount has no effect on rewards at all, and a high value like 0.5 gives pools with large pledges are big advantage. This is explained on detail in the article Preventing Sybil Attacks.

Private pools

In section 4.6 (Individual Staking) of the Staking Design Specification, it says stakeholders should not be forced to delegate their stake to a pool. Instead, they should have the option of running their own node, using their own stake. Technically, such stakeholders will create a private pool, which is just a stake pool with margin m = 1 (i.e. owners will take 100% of the profit), and without providing metadata. Such pools will pay all rewards to the pool operator (which is not a special rule, but just the effect of having a margin of 1), and they will not be shown in the stake pool directory in Daedalus (although even if they were, they would always be listed at the very bottom, since they would not promise any rewards to their members).

Running a staking pool on the incentivised testnet

This section was getting rather large and has been moved to its own article at Set up a Cardano staking pool.

Staking resources

Cardano address types

Todo... There are four types of addresses in Cardano:

Base addresses:

Pointer addresses:

Reward addresses:

Enterprise addresses:

Wallets supporting ADA

  • Daedalaus - the official Cardano wallet
  • Yoroi light wallet - by Emurgo, Cardano's commercial arm
  • Atomic - multi-asset wallet supporting Cardano
  • Exodus - another multi-asset wallet that recently added support for Cardano

Daedalus issues

On the Incentivised Testnet version of Daedalus, some problems sometimes occur such as not being able to connect for a very long time, the stake pools disappearing and staked balance mysteriously moving back to the old balance wallet with no transactions having occurred. The latter two issues can be resolved by stopping the wallet, nuking all data, restarting it and restoring your rewards wallet. On Linux the chain and wallet data is stored in ~/.local/share/Daedalus, in mainnet or itn_rewards_v1.

Token distribution

In a PoS protocol, staking coins is necessary to participate in the consensus mechanism. Since the existence of coins is required to execute the protocol, a certain initial coin distribution was required. At the time (2015), the concept of Initial Coin Offerings (ICO’s) was becoming popular, but there were concerns that holding an ICO by minting virtual assets and selling them to the general public might fall under security regulations. IOHK, Emurgo and the Cardano Foundation therefore chose to sell 25,927,070,538 ADA ‘vouchers’ in a private sale in Japan and a few other Asian countries that were redeemable for ADA after the main-net was launched in September 2017.

Particularly Bitcoin purists, that believe only Bitcoin had a fair launch, tend to react adversely to the idea of a new form of money being created and sold. At Bitcoins’ launch, Satoshi Nakamoto first shared the code to run a Bitcoin node publicly, allowing anyone to participate in network consensus from the start. While Nakamoto clearly had an advantage since just a few people knew of Bitcoin’s existence, the fact that anyone could have participated and that it was all but a given that Bitcoin would be a success arguably made it fair. However, the recent launch of the Grin privacy coin illustrates that a similar ‘fair launch’ is perhaps no longer possible, as ~$100 million in venture capital money was rumoured to be invested in mining Grin. In essence, the choice for Cardano’s private sale was a trade-off between geographical distribution and regulatory certainty, where the latter was chosen as a priority.

In total, 25,927,070,538 ADA were sold for $63 million (= $0.0024 per ADA) to over 10.000 people during voucher sale that was held between September 2015 and January 2017. According to the distribution audit that was held on behalf of the Cardano Foundation, 94.45% of the ADA was sold to Japanese citizens, 2.56% to Koreans, 2.39% to Chinese and the remaining 0.61% to citizens of 5 other Asian countries.

The other 5,185,414,108 ADA (20% of the amount of ADA sold during the voucher sale and 16.7% of ADA’s 31,112,484,646 ADA total supply), were distributed over IOHK, Emurgo and the Cardano Foundation. IOHK has publicly shared its ADA address and that one third of the 2,463,071,701 ADA they received (of which ~97.5% is still there) is available immediately, one third is made available on June 1st, 2018 and the final third on June 1st, 2019. While the Cardano Foundation and Emurgo haven’t publicly shared their ADA address, it is believed that Emurgo originally held 2,074,165,643 ADA in this address and the Cardano Foundation originally held 648,176,763 ADA in this address, as the sum of these amounts adds up exactly to the original total. Finally, the remaining 13,887,515,354 ADA of the 45 billion ADA that will ever exist (maximum supply) will be minted as block rewards.

As of December 2019, there are four ADA billionaires, thirteen addresses hold over 100M ADA, 157 addresses hold over 10M, and there are about 3000 ADA millionaires. There are about 290K addresses in all with just over a third holding under 1K ADA, just over a third holding 1-10K and about 20% holding 10-100K, 7.5% with 100K-1M and 1% are the millionaires.

Official sites

News

See also