(Paper) Elastic Restaking Networks

def. Restaking Network. $G=(V,S,\sigma ,w,\theta ,\pi )$consists of a following weighted bipartite graph: where:

• $\sigma (v)$: total stake by validater $v$
• $w(v,s)$: partial stake by validator $v$ on service $s$
• def. Atomic network is when validators can only stake to one service, and stake fully $\sigma$
• def. Restaking network is any non-atomic network.
• ! services include the base Ethereum network, since they have the same slashing mechanism as far as we’re concerned def.1. Restaking Degree of validator $v$ is the ratio of their total stake $\sigma$ they used up in staking.

$${\text{deg}}_G(v):=\frac{{\sum }_{s\in S}w(v,s)}{\sigma (v)}$$

• Intuition. ¶Restaking degree of 1.5 means the validator over-staked by 150%.
• def. Prize per unit threshold (=total stake required to secure a service) is prize per difficulty. $\frac{\pi (s)}{\theta (s)}$

Cryptoeconomic Security Game §

1. Each validator chooses amount $\alpha \in [0,\sigma ]$ to allocate to attack on a service $s$
2. def.2. Attcked Services. an attack may include multiple services, and those that are mounted a successful attack is in the set of attacked services.

$$S_{\alpha }=\left\{s\mid \underset{\text{ total stake attack }}{\underbrace{\sum _{\forall v}\alpha (v,s)}}\ge \underset{\text{ stake req. for success }}{\underbrace{\theta (s)\sum _{\forall v}w(v,s)}}\right\}$$

3. def. Validator cost and Total cost

$$\begin{array}{rlr}{c}_G(v,a)& =\min \left(\sigma (v),\underset{\text{ stake used by v in attack }}{\underbrace{\sum _{s\in S_{\alpha }}\alpha (v,s)}}\right)& \text{validator v’s cost of attack}\\ C_G(\alpha )& =\sum _{v.\in V}c(v,\alpha )& \text{total cost for attack}\end{array}$$

def.3. Modified Strong Nash Equilibrium.

def.4. Restaking Network Cryptoeconomic Security. Restaking network $G$ is cryptoeconomically secure iff attack ${\alpha }_0$, where attacked services $S_{\alpha }=\varnothing$, is the MSNE.

def.5. Attack Profitabilty. $\alpha$ is profitable iff $C_G(\alpha )\le \underset{\text{ sum of rewards }}{\underbrace{{\Pi }_G(\alpha )}}$

def.6. Restaking Network Cryptoeconomic $\beta$-Robustness. $G$ is $\beta$-budget robust if an adversry is willing to spend up budget $\beta$ to take town services $S_{\alpha }$ using attack $\alpha$, but the MSNE is ${\alpha }_0$ where $S_{\alpha }=\varnothing$..6

def.7. $\beta$-costly Attack $\alpha$ has $S_{\alpha }\ne \varnothing$ and $C_G(\alpha )\le {\Pi }_G(\alpha )+\beta$

Byzantine Service §

def. Byzantine Service is one that, due to ¶bug in the code accidentally slashes all of its stakers (or, forced to do so by an adversary) def. Base Service. Some services (like the Ethereum base network) we deem un-failable because that’s too catastrophic to fathom. Adversary can thus choose to fail services taking from following subsets:

$${\mathbb{B}}_G(f)=\left\{S^B\subseteq (S\setminus S_{\text{base}})\mid \sum _{s\in S^B}\frac{\pi (s)}{\theta (s)}\le f\right\}$$

Example of adversary slashing a byzantine service.

1. Adversary chooses $S^B$, set of services that are byzantine
2. Adversary fails them, slashing all stakes to that service. Staker’s new stakes are

$$\begin{array}{r}{\sigma }^{\prime }(v)=\sigma (v)-\min \left({\sigma }_0,\underset{\text{ total stake to byzantine service }}{\underbrace{\sum _{s\in S^B}{w}_0(v,s)}}\right)\end{array}$$

3. Other services may lose stake too, due to validator not having enough stake

$$\stackrel{\text{ unrelated service stake }}{\overbrace{w^{\prime }(v,s)}}=\min (\underset{\text{ current stake maintained unless... }}{\underbrace{w(v,s)}},\underset{\text{ ...new total stake is smaller }}{\underbrace{{\sigma }^{\prime }(v)}})$$

Example.

1. Validator has 5 units, (over-)staked to 3 services
2. Adversary fails first service, slashing 3 units from the validator
3. Validator now has no longer enough to stake 3 units on service 2

def.8. $(f,\beta )$-robust network is robust for all $S^B\in \mathbb{B}(f)$ the network $G\searrow S^B$ is $\beta$-budget robust.

EigenLayer’s Weak Security §

thm. Atomic Network $G$ is cryptoeconomically secure if the cost for misbehavior is:

$$c(v,\alpha )=\{\begin{array}{llc}\sigma (v)& \text{if}{\sum }_{s\in S_{\alpha }}\alpha (v,s)>0& \text{slash all stake}\\ 0& \text{base case}& \end{array}$$

and also for all validaators $v$ in $G$

$$\sum _{\forall s}\frac{w(v,s)}{{\sum }_{\forall v^{\prime }}w(v^{\prime },s)}\cdot \underset{\text{ stake to secure s }}{\underbrace{\frac{\pi (s)}{\theta (s)}}}<\sigma (v)$$

⇒ problem: we don’t want to slash the whole stake. That’s a bit too harsh, and it may also affect stakes to other services less secure as we saw above.

Searching for Attacks is NP-Complete §

prop.4. Determining whether a restaking network has a profitiable, allocation-indivisible AND allocation-divisible attack is NP-complete. corr.2. Checking if restaking network is fully secure, i.e. has no allocation-individsible attack is co-NP-complete.

WB in a Symmetric Network? §

def.9. Symmetric Network. $G$ is symmetric iff:

1. All validators have equal total stake $\sigma (v)$
2. Stake of two validators to any service is same, $w(v_1,s)=w(v_2,s)$
3. All attack threshold are same $\theta (s)$

def.10.

Improvement §

Q. from the application’s perspective, let’s try requiring a ceiling for restaking degree of a potential validator wanting to restake

• services can dynammically join, then design
  • maybe consider adversaries, who dynamically add services
    • ¶ if the code is committee, and committee is evil ¶ malicious/backdoor in code ¶if rewards are given to validators