How baking works?
In this section, we will discuss how baking works. The different actors of the mechanism and the technological solutions will be presented.
FIGURE 1: How Baking Works?Actors
Two types of actors are involved in the block creation process:
- The Delegate, that can be :
- a Baker, who participates in the consensus by creating new blocks and by attesting the blocks created by other bakers.
- an Accuser, who participates in the consensus by monitoring validators works.
- The Delegator, that can delegate their tokens to a Delegate.
Roles of a delegate
Baking
Baking is the act of creating, signing and publishing blocks.
Bakers select and validate all transactions and add them to the blockchain. If a baker behaves dishonestly, the protocol has a built-in mechanism that can cause them to lose their security deposit.
Bakers are rewarded with Tez for securing the network.
In Tezos, the right to produce a block in cycle n
is assigned to a randomly selected delegate in a randomly selected stake snapshot from cycle n-PRESERVED_CYCLES-2
.
Bakers are randomly selected from the list of all nodes that have declared themselves as delegates, in proportion to the amount of Tez they have.
A baker is a delegate, while a coin holder who delegates their Tez is a delegator. Note that a baker does not necessarily need delegators to function, they can play solo, but they have fewer chances to be selected for baking.
The selected baker is allowed to create the next block and add it to the chain then communicate it to the network. They receives a certain number of Tez as a reward.
Several bakers are elected to create a block with a priority list. The one with the highest priority will try to create a block. If they fail to do so within the time limit, the hand will pass to the next baker. A block generated by the baker that does not have priority will be invalid and refused by the network.
To create a block, a baker has to freeze part of their tokens, which will be made available back to them only PRESERVED_CYCLES
= 5 cycles later.
A baker can be marked as either active or passive. A passive delegate cannot be selected for baking or attesting. A baker becomes passive in cycle n
if they fail to create any block or attestation in the past PRESERVED_CYCLES
cycles, that is to say, in cycles n-1
, n-2
, …, n - PRESERVED_CYCLES
.
Attesting
Among the validators, a list of bakers is drawn up for each block. Their role is to attest the blocks created by the baker (i.e. to officially attest the block) in exchange for a reward.
To attest a block at level n
, the bakers each add a signature operation that is included in the n + 1
level block.
Once the block n + 1
is baked, no more attestation operations are accepted for block n
.
Each block has 7,000 attestation slots. There is no obligation for a baker to include attestations with attesting power more than 4,667 but the baker will receive a bonus proportional to the extra attesting power of the attestations included.
A baker may obtain several attestation slots for a given block. They will then be rewarded for each attestation slot completed (i.e. for each slot validated).
Accusation
There are also accusers. This type of delegates monitor that a baker does not create two competing blocks at the same level nor attest multiple blocks.
If an accusation is correct, the accuser gets a part of the funds that were frozen by the baker as a reward. The remaining part is burned.
Any attempt to fraud is therefore punished.
Cryptocurrency tokens or coins are burned when they are permanently removed from the circulating supply on purpose.
Cycle
The Tezos consensus is organized in cycles. One cycle corresponds to BLOCKS_PER_CYCLE
= 24,576 blocks (≈ 2.8 days).
At any point, the shell will not implicitly accept a branch (chain of blocks) which fork point is in a cycle more than PRESERVED_CYCLES
= 5 cycles in the past (≈ 14 days).
Delegates' rights selection
At each cycle, a random seed is created. A pseudo-random number generator uses the seed to generate the priority list based on a stake snapshot 2 cycles ago.
Stake snapshots
Snapshots of delegates' stakes are done every 1024 blocks and define who can bake. The probability to sample a particular delegate is its stake in the snapshot over the total stake in that snapshot.
A stake snapshots represents the stake distribution for a given block. Stake snapshots are taken every BLOCKS_PER_STAKE_SNAPSHOT
= 1024 levels.
We also define:
BLOCKS_PER_CYLCE
= 24,576 blocks.n
, th current cycle.PRESERVED_CYCLES
= 5 cyles, i.e. the number of cycles during which the tokens are frozen.
Random seed
Since Tezos runs a deterministic protocol, there is no real randomness. More specifically, there is no randomness in the snapshot selection and baking/attestation slots attribution, i.e., we know the result before the operation occurs (unlike in PoW where you can only estimate it).
The seed is created by requesting a secret number (nonce) from all delegates. All secret numbers are gathered and used to create a hash that will be used as the random seed. Since the last owner to reveal their secret already knows the other numbers, a 2-phase process called "Commit & Reveal" is necessary.
The random seed for cycle n
is a 256-bit number generated at the very end of cycle n-1
from the previous seed and the nonces that delegates commit during cycle n-2
.
FIGURE 2: Commit & RevealIn cryptography, a nonce (number used once) is an arbitrary number intended to be used only once.
A commitment is the hash of a nonce.
One out of every BLOCKS_PER_COMMITMENT
(= 32 blocks) can contain a commitment. There are therefore, at most BLOCKS_PER_CYCLE / BLOCKS_PER_COMMITMENT
(= 128 commitments) per cycle. The commitment is generated by the baker who produces the block and is included in the block header.
In summary, the seed for cycle n
is a hash created from:
- the seed of cycle
n-1
, a constant. - every nonce that was revealed in cycle
n-1
This seed is used to randomly select:
- a stake snapshot from cycle
n-2
- delegates in the selected snapshot
Baker selection
The generated list of priorities identifies which delegate has the responsibility to bake a block and which delegates have to attest this new block. It is a round-robin process that cycles on the list of priorities until the end of the cycle (4096 blocks).
A round robin is a way of choosing all elements in a group equally in some rational order, usually from the top to the bottom of a list and then starting again at the top of the list and so on.
Minimum time delay before baking a block
The minimum time delay between two blocks is 10 seconds, reached if the baker is of priority 0 and has gathered at least 66.7% of the attestations. If the priority 0 baker fails to bake, the priority 1 baker may then bake after a certain time, defined by a so-called round duration function. To be able to bake as rapidly as possible, the baker must gain enough attestations (66.7%, that is, endrosements with endrosing power of at least 4,667 out of 7,000). Rounds follow the structure below:
Round duration thus increases linearly with DELAY_INCREMENT_PER_ROUND = 5s
, MINIMAL_BLOCK_DELAY = 10s
,r = round
.
Any block baked ahead of the minimum time delay is automatically rejected under the protocol's rules.
Remote signing
Remote signing software is one way to reduce the exposure of private keys during baking operations.
In the block validation process (baking/attestation), the software interacts with a private key management system (e.g. Ledger Nano S, a remote machine communicating via a secure channel).
Remote signing involves physically separating baking/attestation requests originating from the network and intended for a given delegate, from that delegate's signing operation. The Octez client implements several built-in signing mechanisms (unix, tcp, http, and https) that use different communication channels to send signing requests for the baker.
The following events occur during a remote signing operation:
- The node sends a signing request to the remote signing software that interacts with the private key management system.
- The remote signing software verifies what the operation involves − usually the creation of a block or an attestation (The third, rarer option is a nonce revelation.) − then sends it to the key management system, which signs the operation.
- The signature is then validated by the remote signing software and sent back to the Tezos node, which propagates the operation to the network.
The key should preferably be held in a hardware vault so it is never directly accessible on the network. Moreover, it is more secure to ensure that the hardware vault authorizes only block signing rather than the signing of just any transaction (i.e. such as not to create a blind signing mechanism). For example: Ledger Nano S together with Kiln meets these two conditions.
In summary
- At each cycle, a priority list of bakers is chosen and up to 7,000 delegates are chosen to attest the block of bakers. The bakers are elected pseudo randomly in proportion to the quantity of Tez that they possess.
By abuse of language, we often designate by bakers: the different validators creating blocks and attesting them. Because in practice, they are the same entities that carry out the operations of creation and validation of blocks.
To become a delegate, one must freeze a part of their tokens, at least 6000ꜩ, which will be made available to him only 5 cycles later (14 days).
A baker is a delegate and the one who delegates their Tez is a delegator. Note that a baker does not necessarily need delegators to operate, they can play solo, but they will be less likely to be selected to create the block, because they will have less funds at their disposal.
Several bakers are added to a priority list. The one with the highest priority will try to create a block. If they fail to do so within the time limit, the hand will pass to the next baker. And so on.
The first baker who manages to create the block will be able to add it to the blockchain. They will receive a certain number of Tez as a reward. In turn, bakers share the additional revenue generated from the delegated tokens with the delegators, in proportion to their participation.
The accusers monitor the process and punish the cheaters.
Conclusion
The Tezos consensus protocol uses the Liquid Proof of Stake algorithm. Delegates (people who have at least 6,000 ꜩ of delegated funds) are given the responsibility of creating and attesting blocks. They are rewarded for their action. They are also required to lock a portion of their capital as a security deposit to ensure honest behavior.
References
[1] https://tezos.gitlab.io/008/proof_of_stake.html
[2] https://wiki.tezosagora.org/learn/baking/proofofstake/consensus