The Array of Properties For Sound Governance

Ouija

Written by 0xOuija
Edited by Danica Swanson; tratium


The importance of governance is understated for blockchains and their related projects and protocols. Governance is the set of processes that platforms use to make decisions and agree on how to evolve.

Blockchains and their application layers currently lack widely adopted and established governance methods and practices. Instead, different blockchains and applications have added varying levels of integration and complexity to how they work.

Governance mechanisms can be combined or used separately on different platforms and for different projects. Off-chain governance is the most centralized of these systems, as most decisions are made by the core developers or the most trusted contributors.

On-chain governance, using on-chain voting mechanisms, is often more transparent and inclusive than off-chain governance.

We have seen governance issues before – notably in Bitcoin and Ethereum. A backward-incompatible update created a division in the community, leading to hard forks and the creation of Bitcoin Classic and Ethereum Classic. Each hard fork has unique reasons, such as in Ethereum’s “The DAO” episode.

These two noteworthy examples demonstrate the importance of sound governance. It is paramount that the community participants be able to express themselves effectively.

A previous article in this series covered governance and decentralization from a practical, surface-level perspective.

Governance And Decentralization
A detailed primer on various decentralized governance frameworks and their benefits and pitfalls.

We’ve also discussed decision-making, plurality voting, and consensus.

Decentralized Decision Making: A Comprehensive Primer
A comprehensive primer on decentralized decision making, including voting and consensus-based models and their respective qualities.

Finally, we’ve defined and discussed decentralized organizations (DOs), including their subdivisions, structures, and organizations; how they might function; and what they may eventually become.

DAO Structure: A Comprehensive Primer
Ouija does a deep dive into various DAO structures and their vulnerabilities, and explores how decentralized organizations will continue to evolve over time.

To understand each of these – to deeply evaluate and critique governance models as an individual, and/or come up with your own models as a team or project – it’s important to know the basic properties of sound governance.

This array of properties may be divided into the following categories:

  • Suffrage
  • Pareto Efficiency
  • Confidentiality
  • Verifiability
  • Accountability
  • Sustainability
  • Liveness

While each property should be considered and included, keep in mind that they exist in the context of a governance system, whatever that system may be. An ideal voting system should intertwine with three different domains:

  • Security - cryptographic and cyber-security aspects
  • Incentives - game-theoretic and economic aspects
  • Timeliness - time and expediency
a square with an array of properties inside, and a governance domain in each of the four corners

Suffrage

Suffrage refers to the right to participate. Persons granted suffrage can participate in decision-making procedures. There are two types of suffrage: active suffrage, the right to vote; and passive suffrage, the right to stand for election.

Often blockchain and web3 spaces do not use a ‘one person, one vote’ implementation. A more common voting system requires a nominal stake (or hash power in proof-of-work chains). However, systems such as proof-of-personhood are now being developed to help verify that a given address corresponds to a unique individual. There are also platforms that enable voting only for the founders or developers.

Before stating how communities can implement suffrage, let’s define two distinct groups within a community. These two groups can be broken down into community members and decision-makers. Community members interact directly with the blockchain, protocol, or project by giving it resources, and decision-makers participate in its governance.

Suffrage may be implemented in many ways, with various degrees of rights and vote-weighting practices. These systems may lend themselves more favorably to specific structures or fundamentals, such as proof-of-stake (PoS) as compared to proof-of-work (PoW).

  • Identity-based suffrage guarantees decision-making rights to participants who can prove their identities in such a way that their votes correspond with a unique individual.
  • Token-based suffrage guarantees decision-making rights to participants with a specified number of tokens deposited into the platform or project.
  • Mining-based suffrage pertains more to blockchains such as Ethereum or Bitcoin. It guarantees decision-making rights to those who have a certain amount of hash power or other physical resources.
  • Meritocratic suffrage guarantees decision-making rights to those who have contributed positively – rights are based on effort and achievement rather than wealth or social class.
  • Universal suffrage guarantees decision-making rights to participants who have either mining power or tokens, and have also made beneficial contributions.

Neither PoS nor PoW systems are perfect; divisions of wealth can lead to concentrations of power. It’s important to strive for inclusiveness. All forms of community investment and contribution should be considered in vote-weighting.  Various suffrage-balancing methods have been tried, including quadratic voting (QV).

Quadratic Voting

QV, a variant of cumulative voting, is a collective decision-making procedure that attempts to address the issues of voting paradox and majority rule. To express their support for a given matter or proposal, voters “pay” for more votes using credits. Results are aligned with the highest willingness to pay, not the majority preference.

a vote pricing example associating number of votes with "vote credit" cost

QV is based on market principles. If a voter wants to voice strong support or opposition toward the proposal, they may allocate additional votes to demonstrate their preference proportionally. Since marginal costs increase linearly with votes, vote-pricing rules make subsequent votes more expensive.

The robustness of a voting system is defined by how sensitive it is to non-ideal behavior from either voters or outside influence. QV exhibits similar sensitivity to collusion as one-person-one-vote systems (1p1v), is less sensitive to “underdog effects” than 1p1v, and has a higher efficiency-through-preference expression than 1p1v systems. (Efficiency-through-preference refers to voters expressing themselves personally and believing that their votes are more pivotal).

The most common objection to QV is that it favors the population with the highest willingness to pay. The wealthy can afford to buy more votes relative to the rest of the community, thereby distorting outcomes in their favor. While not unique to QV, it is a consideration, and it may be alleviated in many ways.

One of the biggest criticisms of QV is Sybil attacks, in which an individual or group uses fake or duplicate identities/addresses (or hires others) to influence decisions in their favor. These attacks happen because a single vote from multiple addresses carries more voting weight than a heavy weighting from one address, thus being more capital-efficient.

While proof-of-personhood can alleviate this, it would require a protocol to verify identities and assign levels of trust to those individuals. The conundrum here is that in implementing such a system one would lose something blockchain communities treasure: anonymity. (Posner & Weyl, 2017); (Nebulas, 2018).

Pareto Efficiency

Aligning intentions between decision-makers and community members is not just a question of suffrage and accountability. Pareto efficiency refers to a situation for which no individual or preference criterion can be made better off without making at least one individual or preference worse off (Wikipedia, 2022). While there are many variants of Pareto efficiency, it may be categorized into three situations:

  • Pareto improvement refers to a new situation for which some agents will gain, and no agents will lose.
  • Pareto dominated situations are those for which a possible Pareto improvement exists.
  • Pareto optimal or efficient situations are those for which i) no change could lead to improved satisfaction for some agent without some other agent losing; or ii) there is no scope for future Pareto improvement.

Note that Pareto efficiency does not require a totally equitable distribution. An economy in which a wealthy minority holds the vast majority of resources, for example, can be Pareto efficient.

This is best demonstrated through the example of a pie and three people. The most equitable choice would be to give one-third of the pie to each person. However, half of the pie divided between two with one-third holding none is also Pareto optimal, because no recipient could be better off without decreasing someone else’s share. This is an example of the liberal paradox, which states that people have preferences about what other people do, and the goal of Pareto efficiency may conflict with the goal of individual liberty (Sen, 2004).

Without delving too deep into public choice theory, one of social choice theory’s most applicable discoveries is Arrow’s impossibility theorem. It proposes that when voters have three or more distinct alternatives (options), no ranked voting electoral system can convert the ranked preferences of individuals into a community-wide ranking while also meeting the specified set of criteria: unrestricted domain, non-dictatorship, Pareto efficiency, and independence of irrelevant alternatives (Arrow, 1950).

Arrow’s impossibility theorem voting states that no rank-order electoral system can be devised in a way that satisfies three “fairness” criteria:

  • Every voter prefers alternative X over alternative Y; then the group prefers X over Y.
  • If every voter’s preference between X and Y remains unchanged, then the group’s preference between X and Y will also remain unchanged, irrespective of how other candidates are ordered.
  • There is no “dictator” – i.e., no single voter always possesses the power to determine the group’s preference.

To illustrate this, participants rank possible candidates. They are given a set of alternatives A = {𝑎1, 𝑎2, . . . , 𝑎𝑛}, and each voter (i) submits an ordered vector:

ai1 > ai2 >… >ain

Combining the votes should lead to an ordered ranking of the candidates that best represent the voters.

A Pareto efficient governance system does not lead to a worse outcome, although challenges arise in i) evaluating whether the property is satisfied, and ii) addressing strategic voting. Different systems, such as instant-runoff voting (IRV), may be resistant to strategic voting.

IRV is a type of ranked preferential voting method that uses a majority voting rule in single-winner elections with more than two candidates. This could be repurposed for blockchain voting for electing delegates, team members, or proposals. IRV could even be combined with token-locking and a time multiplier. However, there is a risk that a good candidate may be deleted early.

A group of perfectly rational and well-informed voters should always produce a Pareto efficient outcome; the more information they have, the better (Toplak, 2017).

Confidentiality

When considering confidentiality, it’s best to first distinguish between secrecy and pseudonymity. It may be true that proper secrecy is challenging to accomplish on a decentralized project or protocol, and more so on a blockchain. Secrecy could even be undesirable, depending on the purpose or setting. Let’s first define the two:

  • Secrecy could be considered satisfactory in a decision-making process for which an actor cannot guess the input of any participant better than an adversarial algorithm that inputs the tally (and, if the actor is a participant, the actor’s input).
  • Pseudonymity does not require participants to reveal their identities during decision-making.

A balance can be achieved through blockchain systems, which use a shared ledger for consensus. However, keeping track of information outside that ledger is nearly impossible. Blockchain systems can serve as a function to allow voting rights in the same fashion as tracking distribution. As long as cryptographic information is required when producing an online identity, it may not be traced back to real life. Thus, pseudonymity is created (Zhang et al, 2019).

If a participant can deceive an adversary into thinking the participant has behaved as the adversary wishes, when they have in fact acted according to their own intentions, this creates a coercion-resistant system.

Verifiability

Verifiability is a crucial component of any governance system, as it ensures legitimacy.

Verifiability can be divided into:

  • Individual verifiability, in which voters may audit their own voting data to ensure it has been correctly created, stored, and tallied.
  • Universal verifiability, in which  everyone can audit the votes recorded to verify that they were properly created, imputed by eligible voters, and appropriately stored and tallied.

A system that satisfies both of these components is optimal, and may in theory be considered end-to-end verifiable. In reality, however, satisfying verifiability is more nuanced. Confidentiality (privacy) and a degree of coercion-resistance must be considered, as they increase the difficulty of achieving verifiability (Garadaghy & Volkamer, 2010).

Accountability

Accountability is a term used to imply that some actors have a right to hold other actors to a set of standards and values, to judge whether they have fulfilled their responsibilities, and to impose sanctions if those responsibilities have not been met.

Systems qualify as accountability mechanisms if they recognize the legitimacy of 1) the operative standards for accountability, and 2) the authority of the parties with respect to their relationship (one to exercise powers, and the other to hold them accountable).

Accountability models take different forms. Two such models are the participation model and the delegation model. They propose to answer the question: “Who is entitled to hold the powerful accountable?”

In the participation model, the performance of power-wielders is evaluated by those affected by their actions. In the delegation model, performance is evaluated by those entrusting them with power.

a table comparing participation and delegation models in accountability mechanisms

The delegation model is often seen throughout blockchain and project governance. In this model, accountability is conceived in two ways.

The first is the principal-agent model, in which the principal's preferences are treated as a given and the relationship may be deemed a failure if the agent deviates from them. Accountability is ensured when agents are incentivized to do as the principals wish them to do. (This may differ as appropriate).

For example: politicians are generally given a certain amount of discretion in completing their tasks. Ideally, they should leverage their superior expertise and judgment when exercising this discretion. In reference to acting on the principal’s wishes, the inverse may also be true. An example of the inverse could be illustrated in the actions of a judge, who must avoid enacting the will of those who empowered them, and instead pass the will of the law.

The second is the trustee model of delegation. In contrast to the previous model, the trustee model presumes that the agent will use discretion, which means that a deviation from the principal’s wishes may not necessarily be considered a failure or abuse of power. If an actor can demonstrate that they are serving the purposes for which they were authorized, it may be deemed legitimate (Grant & Keohane, 2004).

Ideally, accountability should capture the possible harm that may be incurred to community members. For the property of accountability to be satisfied, whenever participants enact change, they must each be held responsible for doing so in a clearly defined way — e.g., participants who approved a malicious vote may be penalized.

Sustainability

A blockchain or protocol must be sustainable both economically and in governance, since the two are intertwined. Actors may be categorized into 1) those who propose changes, and 2) those who decide whether or not to enact them.

Two factors must be satisfied to ensure sustainability:

  • Development  can be sustained through incentives, monetary or otherwise. Incentives serve to motivate and encourage the continual development of improvement proposals.
  • Participation   can be sustained if adequate incentives are offered, monetary or otherwise. This helps to compel and motivate participants to participate in discussions and decision-making processes.

Sustainability differs from accountability in that it rewards development and participation without regard to outcome. The incentives put in place to satisfy the two factors of sustainability can be considered a cost of engagement, which leads to more contributions, proposals, and voter participation. Incentives for sustainability may be monetary, but they may also be based on reputation and merit.

It’s essential to recognize that sustainable participation may create problems if applied and monitored incorrectly. An obvious example is projects with excessive emissions. Although adequate incentives help increase voters’ participation, it is not in a protocol or blockchain’s best interest if a large group of disinterested individuals cast votes just to collect rewards or extract value. Instead, it would be more optimal to have small groups of skilled and competent participants who have done their due diligence and are voting honestly (Panagopoulos, 2013).

Liveness

On-chain proposals and protocol adoption are often restricted by a set time period. This allows for proper discussion, consensus, voting, and implementation. This does not account for urgent actions that may be required; these must also be considered.

To satisfy the property of liveness, a blockchain or protocol needs to be able to resolve urgent issues within a reasonable time frame (depending on the urgency of the matter at hand). Expedient decision-making is highly desirable. Where possible, systems should be evaluated for their resistance against distributed denial-of-service (DDoS) attacks.

Examples of liveness could include:

  • The Polkadot blockchain, which allows its technical committee to initiate emergency referenda.
  • MakerDAO, which has an emergency smart contract that suspends operations and returns assets to depositors.

Closing thoughts

Inevitably, projects will encounter trade-offs when trying to satisfy the array of properties we have discussed. There is no single set of mechanisms that captures all of them.

Although a general and all-encompassing set of defined governance mechanisms has yet to emerge, it’s essential to recognize that different blockchains and applications are built for specific purposes, and thus require different mixtures of on-chain and off-chain features.

Some trade-offs to focus on include:

  • Privacy vs. verifiability and suffrage. The higher the degree of privacy required, the more difficult it becomes to ensure verifiability. This also creates a tension with suffrage, especially when trying to maximize inclusion. However, this trade-off between verifiability and suffrage may be trivial if coercion resilience is optimized.
  • Proof of personhood, identity-based suffrage, and privacy. The problem of achieving satisfactory levels of identity-based suffrage remains. Privacy should also be considered with proof-of-personage, which reveals identifiable information about community members.
  • Meritocratic suffrage and privacy. First, quantify what type of merit should be considered for participation. Second, a reliable system of records should be established to use those merits where and when relevant. Also note the privacy implications.
  • Exchanges, venture capital investors (VCs), and token-based suffrage. First, it’s important to recognize that some may choose custody solutions for their tokens. Not all participants do this; however, a large majority often opt for third-party providers, which creates entities with inflated leverage in a token-based system. Furthermore, VCs as early investors are often given a large portion of the token supply in exchange for initial funding. As a result, the token may be exposed to significant and abrupt value extraction, which can be perceived as unfair by the community.
  • Rational ignorance and inaction. Often, decision-makers don't acquire relevant knowledge when the cost of acquiring that knowledge exceeds the expected benefits. This problem is likely connected to the lack of an appropriate sustainability framework.
  • Accountability and utility. The challenge of modeling and quantifying the relevant aspects of utility for decision-makers to possess (or be limited to) remains. A balance between accountability and utility must be made on a case-by-case basis.
  • Liveness vs. Pareto efficiency and suffrage. High levels of expediency may often have negative implications for Pareto efficiency. If decision-makers are not given enough opportunities to react, Pareto efficiency is affected. Liveness also has implications for suffrage; the more exclusive the mapping from community members, the more expedient the system. However, this expediency comes at the cost of inclusiveness.

In most cases, smart contracts or purpose build logic will not be enough to capture all decision-making purposes. It is likely impossible to simultaneously satisfy all the properties to the highest degree, due to inherent conflicts between them.

Governance and voting systems will persist, enabling participants to take part – ideally, in a system that satisfies the three domains and governance properties as is required and deemed optimal for that specific project’s design. Choices pertaining to governance must be educated and intentional, taking context, goals, and vision into account.


Appendix

Example of Breakdown of MakerDAO

The Maker protocol is a decentralized organization based on the Ethereum blockchain. The protocol has a two-token system, which includes DAI and MKR. DAI is a collateral-backed stablecoin (overcollateralized with a chosen variety of crypto assets) pegged to the U.S. dollar. MKR is the Maker protocol’s governance token; it is used to manage and maintain the system and DAI parameters.

Maker’s governance model features both on-chain voting such as proposal voting, and off-chain voting such as forum discussions. The forum encourages users to create signal threads to discuss possible criticism and improvements. After this, a poll is taken featuring pseudonymous voting (every user has one vote). This discussion and thread should guide and inform a subsequent on-chain governance vote.

There are two processes featuring smart contracts:

  • Governance polls aim to accept or deny signal threads, gauge consensus, and then, if necessary, select alternatives before an executive vote is held. On average, they remain open for up to seven days. Polls can feature multiple options and be voted on using IRV.
  • Executive votes are the only way to enact change. These votes are selected using continuous voting, and typically have no fixed voting window. Voters may change their vote at any time. The option with the highest approval is the victor, after which there is a 24-hour waiting period. After the approval and waiting period, the only way to revert the vote is by initiating a new vote.

Note that MakerDAO features an emergency shutdown procedure that may be initiated by depositing 50,000 MKR or more into the emergency shutdown module. Tokens deposited would be burned, and then the protocol would end. After that, all collateral deposited within the protocol would be returned to its owners.

  • Suffrage: Only MKR token holders are eligible to vote; suffrage is token-based. Satisfied
  • Pareto efficiency: Although executive votes are limited to yes or no options, governance polls allow for ranked choices, IRV, discussion, and multiple alternatives. Mostly satisfied
  • Confidentiality (secrecy): All on-chain voting is done through an interaction between a pseudonymous address and an Ethereum smart contract. It is public and unencrypted. NOT satisfied
  • Confidentiality (pseudonymity):  Users participate through pseudonymous Ethereum addresses. Satisfied
  • Confidentiality (coercion-resistance): No secrecy. NOT satisfied
  • Verifiability: All votes are tallied, and the results made public. Satisfied
  • Accountability: Once implemented, proposals are divorced from their creators and voters. Not satisfied
  • Sustainable development: Maker offers no reward or compensation for development efforts. Proposals are expected to be complete and executable. NOT satisfied
  • Sustainable participation: The MKR token is crucial for DAI peg maintenance. However, there is no incentive to expend extra energy to increase knowledge when deciding what to vote on. NOT satisfied
  • Liveness: Once executive votes receive the required number of votes, they may be implemented after the 24-hour waiting period. This enables bad proposals to be reverted, or better ones to be enacted with relative haste if needed. There is also the addition of the emergency shutdown procedure. Satisfied

References

Arrow, Kenneth J. (1950). A difficulty in the concept of social welfare.

Arrow’s impossibility theorem. (2022). In Wikipedia.

Gharadaghy, R. & Volkamer, M. (2010). Verifiability in electronic voting — explanations for non security experts.

Grant, R. & Keohane, R. (2004). Accountability and abuses of power in world politics.

Kiayias, A. & Lazos, P. (2022). SoK: Blockchain governance.

Nebulas (2018). Liberal radicalism: Can quadratic voting be the perfect voting system?

Panagopoulos, C. (2013). Extrinsic rewards, intrinsic motivation and voting.

Pareto efficiency. (2022). In Wikipedia.

Posner, E. & Weyl, G. (2017). Quadratic voting and the public good: Introduction.

Quadratic voting. (2022). In Wikipedia.

Sen, A. (2004). Rationality and freedom.

Salman, D. (2021). Polkadot wiki.

Toplak, J. (2017). Preferential voting: Definition and classification.

Weyl, G. (2017). The robustness of quadratic voting.

Zhang, X. R., and Liu, L. (2019). Secrecy and privacy on blockchain.

Share twitter/ facebook/ copy link
Success! Your email is updated.
Your link has expired
Success! Check your email for magic link to sign-in.