Tezos Token Sale: A smart contract platform with formal verification and a self-amending protocol - Smith + Crown

Tezos Token Sale: A smart contract platform with formal verification and a self-amending protocol

The Tezos token sale is raising funds for a Proof of Stake smart contract platform that allows for contracts to be subject to formal verification.

Project Description

Tezos is a new blockchain launched via an uncapped token sale. Like Ethereum, Tezos supports Turing complete smart contracts; however, it differs from Ethereum in the use of its consensus algorithm, governance mechanisms, and smart contract programming languages. Some of the major features highlighted by official Tezos materials are:

  • Delegated proof of stake: Tezos uses a delegated proof of stake for its consensus algorithm.
  • Onchain governance and native funding: Tezos has a mechanism to fund protocol development. Tezos token holders will be able to vote for and approve these payments. This is similar to how Bitshares funds its development. Tezos also has a governance structure that allows token holders to ‘upgrade’ the protocol, which would arguably make it easier to incorporate new protocol changes.
  • Formal verification: Tezos is trying to make formal verification as easy as possible for its smart contracts. To that end, the team has invented Michelson (described as a mix between Forth and Lisp), a purely functional programming language, for EOS’ smart contracts. Tezos itself is implemented in OCaml. OCaml is primarily a functional language popularized in the financial industry by the hedge fund Jane Street.
  • Scalable Zero Knowledge Proofs: The Tezos team plans to implement Zcash’s zero knowledge proof protocol with a few minor revisions. In order to regulate network resources devoted to solving zero knowledge proofs and mitigate the risk in Zcash of hyperinflation caused by a bug in the proof circuit, the use of zero knowledge proofs (and complex smart contracts in general) will be executed on specialized servers or user owned hardware rather than by consensus nodes. Additionally, the use of zero knowledge proofs will be limited to a special token issued on the Tezos blockchain. This token will be redeemable one to one with the TEZ. Eventually, Tezos will switch to the STARKs protocol, which is similar to SNARKs but is less resource intensive and doesn’t require trusted setup.

Delegated proof of stake

For consensus, Tezos uses a delegated proof of stake algorithm. This was originally developed in Bitshares but several projects use it today, including Lisk, Steemit, and EOS (yet to be released). Tezos’ adaptation differs from the more well known implementations of delegated proof of stake in that there is no upper limit on the number of delegates. Anyone can become a delegate that contributes to consensus directly by delegating themselves. Users also have the option of delegating their tokens to others.

In addition to acting as a full consensus node, users can become signatories and earn rewards for signing off on completed blocks. This adds an extra layer of protection against a forking attack. A malicious node would not be able to build a chain in secret unless they also controlled a large cloud of colluding signatory nodes. The exact requirements to serve as a signatory nodes seem unclear in the white paper and subject to revision.

The team has also proposed the use of checkpoints. Checkpoints are hashes of the blockchain’s state stored outside of the blockchain itself. These checkpoints are then read by the nodes (usually hardcoded into the client software) to validate the current blockchain up to that point. These checkpoints put limits on the window in which attacks on the network can take place. In order to be credible, an attacker who wanted to fork the network would need to build up an alternate chain and push it to the network between two checkpoints hashing events. Despite this, checkpoints are controversial because they are considered a form of centralization. Checkpoints will be stored off-chain and managed by the foundation.

The Tezos architecture has a main ‘Node’ that connects to and communicates with the network, including transaction validation. There is also a client interface that handles all user-specific actions like private key management, sending transactions to the network, deploying and tracking smart contracts. On the network layer, Tezos has encrypted communication between the nodes of the network. There are also peer whitelists and blacklists for the nodes when they’re connecting to the network to receive and send information about new transactions.

On-chain Governance

A big part of Tezos’ pitch is its on-chain governance structure. Some other blockchains also have governance by voting, such as Bitshares. However, in Tezos, any blockchain parameter is up for change. The team believes this will allow the protocol to remain flexible and adopt with changing technology based on the wishes of the token holders (thus solving a problem seen in Bitcoin where the miners can hold off on changes that other stakeholders agree with). Tezos describes the governance as “self-amending,” because protocols approved by shareholders are implemented automatically. Token holders can theoretically address any issue and upgrade through its on-chain governance.

How realistic this goal is without losing decentralization remains to be seen. Voter apathy is a known problem with these types of voting schemes, and in practice, a few key players may be able to influence the direction of the evolution. On-chain governance is an ongoing consideration for many blockchains and several have implemented some form of it, including Dfinity, Qtum, and Cosmos.

Formal Verification

Putting formal verification at the center of smart contracts development is another move by the Tezos team. Formal verification provides certain mathematical guarantees that a smart contract does what it is supposed to do, at least according to how it is programed. This is usually done by creating an abstract mathematical model of the smart contract that can be proved to be equivalent to the specifications provided. Thus it is possible to establish an equivalence between the smart contract and the specifications, so that as far as the specifications are accurate, the smart contract will also be accurate. This eliminates many common forms of bugs in smart contracts.

However, that doesn’t mean that the smart contract will behave as ‘expected’ — just that they will be consistent with what is expressed in the formal verification. Ethereum too is working on formal verification of Solidity contracts. The formal verification required by smart contracts on Tezos is arguably easier to write for developers, based on their choice of programming language paradigm for smart contracts, though this is not well tested.

Long Term Scalability

For long term blockchain scalabilty, Tezos has taken a different approach from other popular solutions like sharding (e.g. Ethereum) or parallel processing (e.g. EOS). Tezos plans to use Zero Knowledge Proof concepts, popularized by Zcash, for smart contract execution. The way this would work is by separating the execution of a smart contract and its verification by the consensus nodes (miners for Ethereum, delegated proof of stake nodes for Tezos).

This allows the actual execution of the smart contract to be done in a more centralized manner (and on specialized servers for complex smart contracts) but with the consensus nodes verifying that the execution is indeed valid, based on the proof submitted to them. This greatly reduces the load on consensus nodes as they only verify the proof and don’t need to execute the entire smart contract. This also preserves the decentralization property of the smart contracts since the consensus nodes would reject any invalid execution being presented to them by a malicious actor.

The benefits of this method of scaling would be more for complex smart contracts. From the point of view of the consensus nodes, the complexity of the smart contracts doesn’t affect performance or compute power requirements. Consensus nodes would simply process the execution proof submitted to them while smart contract execution would occur on the user’s computer or on specialized hardware. If this works as planned, Tezos could theoretically eliminate gas costs for the execution of smart contracts and replace it with a flat fee for transactions and verification of proofs submitted for smart contracts. This would make it much cheaper to run decentralized applications at scale. More information can be found in their blog post.

It should be noted that this is an active area of research among mathematicians and cryptographers today. The team is betting on the validation proofs becoming much more efficient to validate in the future than today. It is also conceivable that new ideas emerge from this research that Tezos can benefit from.

The Role of the Token

The Tezos token is the native blockchain token for Tezos. It is similar to Ethereum’s Ether in that it will be a store of value, the sole means of paying transaction fees, and the means of fueling smart contracts.

Because Tezos is a proof of stake chain, the token will also be used by consensus nodes to buy staking bonds and as a factor in calculating minting rewards.

Finally, the token has voting properties and will confer a single vote per token to holders. Votes can be cast to approve or disapprove

State of Technology

Note: this section was written in May 2017

The Tezos team started making their code public ten months ago. The current project status is in private testnet. One major component still missing from being implemented is gas metering, i.e. the calculation of the cost required to run smart contracts on the Tezos blockchain. The team also has a good amount of testing to go with their releases, including an attacker integration test tool.

The team has not set any deadlines for the launch of the network in production, instead saying they will launch Tezos only when they are “confident, beyond a reasonable doubt” that they have completed all the testing and security audits.

The Market for Smart Contract Platforms

The past six months have seen a burst of new protocols vying to become the dominant smart contract platform. It is too early to tell which smart contract platform will become preferred in the long run. While Ethereum has had a long run, it is not the only smart contract game in town. Last year, Lisk, Waves, Antshares, and Ark launched token sales and are striving to attract developers. This year, a new wave has emerged with a number of design changes aimed to make it a superior alternative or viable complement. Some of the key dimensions of differentiation include:

  • Formal Verification. One of the first projects to highlight the importance of a smart contract protocol that relied on proofs was Tau-chain, though they actually argued for a different approach than formal verification. In the wake of the DAO hack, Cornell professor and thought leader Emin Gur-Sirer pointed out that writing smart contracts should be “more similar to writing code for a nuclear power reactor, than to writing loose web code.” Solidity simply might be too flexible and prone to bugs.
  • Consensus process. The industry seems to be moving away from proof-of-work as the primary means of securing new chains, and proof-of-stake is gaining more acceptance. Many protocols tout their own defenses to well known attacks in POS protocols.
  • Interoperability. While platform designers might prefer that applications developed on their protocol stay on their protocol, developers might prefer to chase users on whatever platform they are on. Both cross-chain communication and the ability to port dapps between platforms have emerged as protocol-design themes.
  • Scalability. In the wake of Bitcoin’s two-year struggle to figure out a scaling solution, almost every new chain or platform has touted its scaling strategy.
  • Governance. Bitcoin’s scaling debates highlighted the need for better protocol governance, and the controversy around the Ethereum fork heightened community anxieties about who ultimately determines major protocol changes.

Below is a brief overview of how several new chains are distinguishing themselves from Ethereum (and each other) along the above dimensions.

The number of smart contracting platforms entering the market is reminiscent of the early days of ‘altcoins,’ when different currency protocols claimed to improve upon Bitcoin in one or several key dimensions: hash algorithm, block times, block sizes, long-term scalability, funding mechanisms for core development, transaction privacy, and governance. While all of these improvements had merits, Bitcoin continued to be the preferred platform for cryptocurrency, though some protocols like Monero retained a significant following in their own right.

Convincing users and developers to migrate from Ethereum to a new protocol will not be easy. Network effects are difficult to dislodge and replicate. However, the anxiety around Bitcoin’s future points to the dangers of depending on only one protocol.

Project Details

Incorporation status: Dynamic Ledger Solutions, Inc.,  Plans for a non-profit in Zug, Switzerland
Team openness: Fully transparent
Blockchain Developer: Unclear, but team has 8 developers
Technical White Paper:      Yes
Available Project Code: Yes
Prototype: Compilable code in Github

Token Details

Role of token: Voting, block creation, payment, and access rights
Token supply: Proportional to raise
Distributed in ICO: Proportional to raise
Emission rate: 5.4% nominal inflation per year (subject to change by token holder vote)
Blockchain: Tezos
Consensus method:      Proof of Stake

Sale Details

Sale period: July 1st, 2017 to July 14th, 2017
First price: 0.0002 BTC
Accepted currencies: BTC and ETH
Investment Round: First public offering
Token distribution date: Unclear
Min investment goal: None
Max investment cap: None
How are funds held: Held by Tezos Foundation
Minimum Viable Product:      Unclear
Bonus schedule:
Period (Bitcoin blocks)           Bonus
 0-399 20%
400-799 15%
800-1199 10%
1200-1600 5%
1600-1999 0%

Official Resources