The Cosmos is Expanding: Interchain Security and Forge

The Cosmos is Expanding: Interchain Security & Forge

4. November 2024

The primary application of the Cosmos Hub (with native token ATOM) has just undergone a major upgrade. Interchain security was released in March 2023, and the last year has been an era of experimentation for this bold vision for shared security. But, on October 2nd of this year, the Hub successfully upgraded to version 20 (see Proposal 966), dramatically expanding the capabilities of its native application. In this article I’ll take you through:

  • A brief history of ICS
  • New features in V20
  • How Forge brings these features to life for the entire Cosmos community

Let’s dive in.

The Basics

There are many overlapping (and sometimes confusing) terms when it comes to defining exactly what the Cosmos Hub offers, so let’s take a page out of the Interchain Security docs and briefly cover some terminology. If you already fancy yourself an expert, feel free to skip ahead.

Shared Security is a large family of technologies that allow one blockchain to share its economic security with another chain. This family includes rollups, interchain security, mesh security, and more.

Interchain Security (or ICS) is a Cosmos-specific brand of shared security where a provider chain validator set provides consensus for an entirely separate blockchain (the consumer chain). The two chains communicate important information to each other using the inter-blockchain communication protocol (or IBC for short), which is a blockchain interoperability protocol conceived of and launched within the Cosmos ecosystem.

Within ICS there are two different implementations. Replicated Security was the original imagining – this is where the entire validator set of the provider chain would provide security to the consumer chain. However, it was quickly realized that this model would create considerable stress on the validators with the lowest voting power. To alleviate this stress, the Cosmos Hub transitioned to Partial Set Security (PSS), which is where some subset of the provider chain’s validator set would provide security to the consumer chain. The Cosmos Hub currently utilizes PSS to provide Stride and Neutron with economic security.

 

Overview of blockchain shared security

Overview of blockchain shared security

Partial Set Security: Implications

The initial difficulties with Replicated Security prompted a number of interesting discussions about ICS more generally.

  • Is a Cosmos Hub validator required to validate ALL consumer chains?
  • How many validators are necessary or desirable?
  • Which validators get included or excluded?

And so on. None of these questions had obvious answers, and most importantly their answers may depend on the wishes and capabilities of the consumer chains and validators.

For potential consumer chains, there are two main scenarios: (1) a team wants to launch a fresh ICS chain or (2) a standalone blockchain, currently maintained by its own validator set, wishes to migrate to a PSS. Since scenario (2) is a bit more complicated, I’ll only cover scenario (1) here.

Prior to the v20 upgrade, any chain wishing to launch on interchain security needed to submit a governance proposal and have it pass. But security isn’t free – in their proposal, the team would have to outline

  • Whether or not they would have their own token
  • How they will reimburse Cosmos Hub validators and ATOM stakers
  • What their requirements are for validators

And other important details about their economic model. In this launch paradigm, a lot of oversight was required – conversations with validators and core Cosmos Hub contributors are extensive and not always available to the general public. Additionally, there is a ‘top-down’ structure to the process which runs counter to the bottom-up culture of blockchain development. These mechanics were cumbersome for teams wishing to launch on a particular timeline and slowed the adoption of ICS.

On the other hand, if a consumer chain is successfully voted in, this forces all Cosmos Hub validators to allocate extra computing resources to securing it. This may push less profitable validators out of the Cosmos Hub active set, which is undesirable for decentralization.

How do we solve this complex balancing act?

Permissionless Interchain Security

The recent Cosmos Hub upgrade dramatically simplifies the process for development teams, validators, and delegators by introducing several new features. The forum proposal can be found here.

For Chain Development Teams

The upgrade splits all new consumer chain deployments into two categories: Opt-in or Top-N. Teams can nominate which option they prefer well before their launch and their choice will inform the strategies they must use to garner support.

Opt-in chains can be launched completely permissionlessly – no governance and no approvals. They are referred to as ‘Opt-in’ because validators can choose whether or not they want to validate any Opt-in chain. This puts the onus entirely on the development team to effectively communicate and define their value proposition to the ATOM Economic Zone (AEZ), without counter-party negotiations and support from the Cosmos Hub development teams.

Visual summary of opt-in consumer blockchains

Structure of Opt-In consumer chains

Top-N chains must specify a percentage of the Cosmos Hub voting power that they wish to procure (N). For example, a Top-90% chain is requiring that the top 90% of voting power contribute to validating their consumer chain. In this situation, because the consumer chain is forcing a particular subset of the Cosmos Hub validators to commit to their chain, teams wanting a Top-N chain will need to pass through the normal governance process.

Visual summary of Top-N consumer blockchains

Structure of Top-N consumer chains

Another interesting feature is the power-shaping parameters. This allows development teams to make customizations to the way that voting power can be distributed across their validator set. As a few examples, teams can choose to:

  • Cap the validator set size
  • Cap the maximum possible voting power of a single validator
  • Implement deny-lists or allow-lists for existing validators

and more.

For Validators

Cosmos Hub validators can now be able to ‘opt-in’ (as the name suggests) to any consumer chain that is being launched permissionlessly. It is now at their own discretion to determine whether a particular consumer chain is of value to ATOM holders or not, and direct their internal strategy appropriately.

A particularly interesting feature of v20 is that it allows validators who are not currently in the Cosmos Hub active set to validate Opt-In consumer chains. They simply need to spin up a Cosmos Hub full node, and though they will not receive rewards from the Hub, they will be able to receive rewards from their opted-in consumer chains.

Validators will need to carefully review proposals for Top-N chains and engage with the ATOM community on whether or not they feel that the proposed economic models of these chains are going to be sufficiently lucrative to warrant the increased cost in the infrastructure requirements.

For Delegators

For ATOM stakers, choosing validators to delegate with as always been an important part of managing your assets (check out this article if you need to review the basics!), but this upgrade introduces an entirely new dimension to this choice. For each consumer chain, our decision-making process for new chains launching will need to look something like this:

(1) Do I want to receive rewards from this chain?

(2) Which Cosmos Hub validators have opted in?

Overview of rewards in interchain security

Only participating validators (and their delegators) will receive rewards from consumer chains

(3) If they are outside the active set, am I comfortable sacrificing my rewards in ATOM?

(4) If they are in the active set, do I feel that their participation in governance accurately reflects my values and vision?

It is also worth noting that these new opportunities do not come without some new degree of risk. Validators who are slashed for misbehaviour on any consumer chain will be slashed on the Cosmos Hub and all consumer chains. So another aspect of our decision making process could look like:

(5) Am I confident that these validators will be able to provide high quality service across all of the consumer chains they have opted into?

Overview of slashing in interchain security

Slashing consequences on consumer chains

This new array of opportunities and risks might demand that we rethink our strategies for selecting validators to delegate to. Remember, you can and should delegate to more than one validator on all Cosmos ecosystem chains!

Forge – Coordinating Adoption

Navigating these new choices is going to require new tools. Developers, validators, and delegators need easy access to the array of possibilities that the Cosmos Hub is now capable of delivering, and not all existing wallets and interfaces may be capable of keeping up with them.

Enter Forge.

Forge is a front-end developed by the team at Informal Systems that allows all users to see and interact with the evolving ICS landscape.

Explore Chains

Forge Explore Chains page

Explore Chains page

This is the menu – a listing of what’s on offer at the Cosmos Hub buffet. The Explore Chains page lets users browse the consumer chains being secured by the Cosmos Hub at any given time. Currently, they are simply listed in order of their registration, but long-term the hope is that users will be able to sort these chains by a variety of criteria including rewards, stage of development, and perhaps others.

Chain Details

On these pages, users can dig deep into what a consumer chain is really offering. They feature descriptions of the chains where users can quickly understand their functionality and evaluate the value being delivered to the AEZ. They also include a list of validators that are currently securing the consumer chain and whether they have opted-in or been included by a Top-N style launch.

Chain Details example page - Stride

Chain Details example page – Stride

Forge is also intended to be the destination where developers can track their progress through their chain launch and where validators can find information about upcoming launches that they may want to opt-in to.

Conclusion

Well done on making it this far! Hopefully, you now understand that

  • Interchain Security (ICS) is the primary application of the Cosmos Hub
  • The version 20 upgrade introduces new features, most notably Permissionless ICS
  • This feature dramatically changes the way all stakeholders interact with the Cosmos Hub
  • Forge provides tools for decision-making in this new environment

The Cosmos Hub has survived a tumultuous past, but at CryptoCrew, we feel that it is in the healthiest state that it has been in for a long time. Being a close collaborator with Hub maintainers and consumer chain teams, we are well-prepared for the demanding technical requirements of this next chapter. As such, we have made the decision to opt-in on all consumer chains that we feel will bring sustainable value to the Atom Economic Zone and the greater Cosmos. We are also the recipients of a grant from the Atom Accelerator DAO to aid in onboarding new consumer chains, so please do not hesitate to get in touch if you think your next Web3 application should be secured by the Cosmos Hub. We are both proud of and grateful for the opportunity to contribute to what we believe will be a bright future as an incubator for new and promising projects looking to build in the Cosmos. An age of expansion is upon us, and we are determined to be along for the ride.

Thanks for reading!
~Robin Tunley
X.com: https://x.com/The5thForce0_0