Litepaper

Providing Cost-Effective Cryptonomic Security for BTC L2 Ecosystem

Pell Network aims to create a decentralized token economy security leasing platform for the Bitcoin ecosystem. By constructing a network that aggregates native BTC Stake and LSD Restake services, it allows stakers to choose to validate new software modules built upon the Pell Network ecosystem. Stakers opt-in by granting Pell Network smart contracts the ability to impose additional reduction conditions on their staked assets, thereby allowing for the expansion of cryptographic economic security.

Pell Network serves as an entry point into the security aspects of the Bitcoin network, providing a multi-layered, multifunctional service network for a wide range of Bitcoin ecosystem protocols, applications, and infrastructure, thereby extending the economic utility of Bitcoin on a security vector. Stakers can validate various types of modules, including consensus protocols, data availability layers, virtual machines, guardian networks, oracle networks, bridges, threshold encryption schemes, and trusted execution environments. Through Pell Network, innovators do not need to establish their own trust networks to implement new distributed validation modules; instead, they can quickly and cost-effectively establish corresponding high-security, decentralized validation modules via Pell Network.

Pell Network does not disperse security among modules but rather aggregates Bitcoin's security across all modules. This enhances the security of decentralized applications that rely on these modules. Additionally, it provides diverse staking and investment opportunities for ecosystem participants, helping to promote the economic circulation system of the Bitcoin ecosystem and creating more value for Bitcoin holders and ecosystem participants, thereby fostering the vitality and sustainable development of the entire Bitcoin economy.

Introduction

With the advent of a new Bitcoin halving cycle, coupled with the ongoing exploration and promotion by ecosystem participants, the market demand for establishing a broad Bitcoin ecosystem network has become increasingly prominent. This strong market demand drives rapid development within the ecosystem, as a series of asset issuance protocols and upper-layer application network solutions based on the Bitcoin network are continually introduced and eagerly pursued by the market. Amid this rapid development, the pace at which ecosystem applications are deployed far exceeds the rate at which infrastructure security is built, highlighting the urgent need for quickly establishing network infrastructure that is sufficiently secure, decentralized, and economically safe.

However, each module requiring its own distributed verification semantics to perform validations, such as data availability layers, new virtual machines, guardian networks, oracle networks, bridges, threshold encryption schemes, and trusted execution environments, faces several challenges:

1. New Verification Network Bootstrapping: If a module requires proactive verification services, innovators must initiate a new trust network to achieve security, and the cost of establishing a new decentralized verification network is undoubtedly high.

2. Fragmentation of Value Flow: As each module independently establishes its own verification service trust pool, users must pay fees to these module pools in addition to network transaction fees. This method of fee flow fragments the value flow within the ecosystem network, preventing the formation of an effective economic circulation mechanism within the ecosystem.

3. Burden of Capital Costs: Validators staking for new proactive verification services will inevitably incur additional capital costs, equivalent to adding related opportunity costs and price risks in the new system. Thus, proactive verification services must offer sufficiently high staking returns to cover these costs. For most AVS operating today, the capital costs of staking far exceed any operational costs. For instance, consider a data availability layer with $10 billion in staked protection, assuming an expected annual percentage yield (APY) of 5%. This AVS must pay at least $500 million annually to validators to compensate for capital costs, significantly higher than data storage operating costs or network costs.

To address these needs, Pell Network leverages the security aspects of the Bitcoin network to provide a multi-layered, multifunctional service network for a wide range of Bitcoin ecosystem protocols, applications, and infrastructure. Pell Network aims to solve the following demand scenarios, including but not limited to:

1. Providing Security Solutions for Critical Infrastructure: Pell Network offers economically effective security solutions targeted at critical infrastructures needed for the development of the Bitcoin ecosystem, such as oracles and cross-chain bridges, enhancing infrastructure security and efficiency.

2. Promoting the Construction of Bitcoin Layer-2 Networks: Pell Network provides low-cost, efficient, and highly secure solutions for the construction of Bitcoin layer-2 networks. By optimizing key components such as data availability layers, RPC nodes, and sorters, it helps reduce operational costs, improve network performance, and enhance user experience.

3. Promoting the Development of Economic Circulation Systems: Pell Network facilitates the development of the Bitcoin ecosystem's economic circulation system by providing diverse staking and investment opportunities, creating more value for Bitcoin holders and ecosystem participants, and thereby fostering the activity and sustainable development of the entire Bitcoin economy.

4. Introducing Advanced Technologies to Support Upper-Layer Applications: Pell Network plans to introduce capabilities from fields such as machine learning, AI, and GPU computing power to support upper-layer application chains. The integration of these technologies not only improves application performance but also broadens the scope and depth of the Bitcoin ecosystem's applications.

Pell Network Architecture

Pell Network Architecture

Pell Network Workflow

Pell Workflow

The diagram above illustrates how Pell Network operates within the Bitcoin ecosystem. It comprises several core components:

1. Restaking Layer: Users can stake BTC or LSD on Pell Network at this layer to earn returns.

2. Decentralized Operators: These operators manage decentralized validation nodes, providing active verification services to ensure the security of the network and transactions while earning profits. They are also responsible for distributing profits to stakers according to established rules.

3. Actively Validated Service: Pell Network offers a variety of infrastructure and services for synchronized ecosystem modules, including but not limited to: oracles, cross-chain bridges, RPC nodes, application chains, data availability services, and Rollup sorters.

4. Service Usage Layer: Pell Network provides secure validation services to external Bitcoin layer-2 network ecosystems through this layer.

By integrating these services, Pell Network is committed to building a multi-layered, high-efficiency, and secure Bitcoin ecosystem network. Its aim is to offer abundant staking opportunities and value-added services to participants within the ecosystem, thereby promoting the activity and sustainable development of the entire Bitcoin economy.

Restake Mechanism

Pell Network offers various pathways for revenue stacking, allowing stakers to earn additional income by acquiring new AVS (Actively Validated Services). Broadly speaking, these can be linked to three different layers of the blockchain: the core protocol, AVS, and DeFi. Liquidity staking can be seen as stacking revenues by first entering the core protocol and then moving into the DeFi layer. Superfluid staking is perceived as first entering the core protocol layer, then moving into the DeFi layer. In Pell Network, there are several forms of restaking:

1. Native Restaking: Validators can restake their BTC by directing their withdrawal credentials to the Pell Network contract. This equates to a Bitcoin → Pell Network revenue stack.

2. LSD Restaking: Validators can restake their LSD (BTC already restaked through another protocol) by transferring their LSD to a Pell Network smart contract. This equates to a DeFi → Pell Network revenue stack.

3. BTC LP Restaking: Validators stake a pair of LP tokens containing BTC. This is equivalent to a DeFi → Pell Network revenue stack.

4. LSD LP Restaking: Validators stake a pair of LP tokens containing a liquidity staked BTC token. This equates to a Bitcoin → DeFi → Pell Network revenue stack route.

Each of these pathways has different types of risks. Based on the principle of opt-in governance, Pell Network outsources the management of such risks to module developers. Module developers themselves choose which tokens to accept as stakes for their AVS. They can also choose whether to prioritize rewards distributed to different types of tokens. For example, a module primarily interested in decentralization might only accept native BTC for restaking.

Staking Modes

Stakers have two options to participate in Pell Network:

• Independent stakers can opt into AVS on Pell Network, where they can directly provide verification services.

• Independent stakers can delegate Pell Network operations to different Pell Network node operators.

Delegation Mechanism

Some Pell Network restakers holding BTC or LSD may not wish to act as Pell Network operators. Pell Network provides a delegator mechanism for these restakers, allowing them to delegate their BTC or LSD to other entities running Pell Network operator nodes. These delegated node operators, who are responsible for operating the relevant validation nodes and charging fees, retain a small portion of these fees and send the remainder to the delegator.

The delegator model in Pell Network requires restakers to trust their chosen operators. If their operators fail to fulfill their obligations in the Pell Network modules they participate in, the staked deposits of these operators will be slashed. Consequently, restakers who have delegated their stakes to these operators will also be slashed. Therefore, Pell Network restakers must conduct extensive due diligence on the operators they delegate to before entrusting their stakes. There are no built-in incentives for trust delegation within Pell Network, but others may build innovative delegation frameworks on top of Pell Network.

Additionally, Pell Network restakers need to consider the proportion of fees shared between operators and delegators. Given the multitude of operators to whom BTC or LSD can be delegated, this will create a free market of delegation between restakers and operators within Pell Network. Each Pell Network operator will deploy a delegation contract within the network specifying how fees are to be apportioned back to delegators, and this delegation contract will accordingly arrange fee distribution.

Non-Fungible Token

Pell Network will not issue fungible tokens representing restaked positions because each restaker may choose to validate different module combinations, thus being subject to different slashing risks. Ensuring that such risks are transparent to holders of fungible positions is challenging and could generate principal-agent problems between the holders of fungible positions and the operators running nodes. Thus, Pell Network does not intend to issue fungible positions.

Slashing

Cryptoeconomic security quantifies the cost that an adversary must bear to compromise the required security attributes of a protocol. This cost is known as the Cost of Corruption (CoC). When the CoC significantly exceeds any potential profit from causing harm (Profit from Corruption, PfC), the system is considered to have robust security. This concept starkly contrasts with systems that rely on a majority trust guarantee, which only hold under the assumption that a certain percentage of validators are altruistic and will act honestly. A key idea behind Pell Network is to provide cryptoeconomic security through various slashing mechanisms that generate high costs for any attempt to compromise the system.

A crucial feature of Pell Network’s smart contracts is their control over the withdrawal credentials of stakers’ assets. If a restaker in Pell Network is proven to engage in adversarial actions while participating in an Actively Validated Service (AVS), their staked assets will be subject to slashing. Since the withdrawal addresses for stakers are set to the Pell Network contract, any assets withdrawn through Pell Network will be reduced according to the on-chain slashing rules of the AVS, ensuring that the economic penalties are applied automatically.

Tiered Actively Validated Services

We have discovered that the highest level of security is achieved when all assets re-staked through Pell Network are used to support specific Actively Validated Services (AVS). However, this approach presents two main issues:

• Whether the expected revenue from AVS can cover the operating costs for operators.

• Whether operators possess sufficient computing resources to participate in the verification of AVS.

To address these concerns, we propose two potential solutions through the design of different modules:

Large-Scale AVS

In a large-scale AVS, the total computational workload is evenly distributed across all participating operator nodes. This method is known in distributed computing as horizontal scaling. For example, in a large-scale data availability protocol, data is divided into N blocks, each block sized at 2/N of the original data, making the total cost of storing data comparable to it being stored by only two nodes. In such an AVS, the data processing demands on each node might be low, yet the overall system can achieve high throughput by aggregating performance across multiple nodes. Moreover, compared to traditional blockchain systems, large-scale AVS reduces reliance on centralized verification since, in blockchains that are not horizontally scalable, the verification cost can be completely amortized by a central operator. However, in horizontally scalable modules, each central entity must perform separate verifications for each segment, thereby minimizing the benefits of cost amortization.

Lightweight AVS

Lightweight AVS includes tasks that are redundantly performed by all operators but at very low costs. Examples include verifying certain information using light clients, validating zero-knowledge proofs, running light nodes of other blockchains, and executing oracle price feeds. The computational demands and infrastructure requirements for these tasks are very low, making them suitable for operation on the Pell Network.

We note that through the design of this tiered AVS, Pell Network can capture most of its potential revenue. This approach ensures that even individually operated validators can gain substantial economic benefits from Pell Network, effectively reducing the pressure of centralization on staking.

Application Scenarios Supported by Pell Network

Scenarios

Pell Network supports a broad array of new Actively Validated Services (AVS), including new blockchains, middleware, and modular blockchain layers, such as oracles and data availability layers. Here we list some potential applications, many of which represent exciting directions for ongoing and future research:

1. Oracles: Pell Network enables the rapid construction of economically secure oracle networks. Developers can focus more on data processing and feeding without expending significant effort in building an independent AVS layer.

2. Large-Scale Data Availability Layer: Leveraging re-staking and community development within Pell Network, we can construct a large-scale Data Availability (DA) layer that offers high efficiency and low cost.

3. Light Node Bridges: It is straightforward to build light node bridges using Pell Network for message passing. Restakers can validate bridge inputs off-chain; if a robust group of cryptoeconomically strong nodes signs off on a bridge input, it is accepted. Challenges can lead to verification of bridge inputs, with validators in Pell Network being slashed in a slow (non-optimistic) mode if discrepancies are found.

4. Opt-In Event-Driven Activation: Event-driven activations, such as liquidations and collateral transfers, are in wide demand in the decentralized finance sector. In Pell Network, stakers can opt to re-stake for event-driven activation AVS, providing strong guarantees for operations involving event-driven actions but with the risk of slashing.

5. Ultra-Low Latency Application Chains: The Bitcoin network typically generates a block every 10 minutes, sometimes taking hours. Many applications requiring low latency cannot operate under these conditions. Pell Network allows for the creation of re-staking sidechains, where Bitcoin restakers can participate in new consensus protocols that offer very low latency and high throughput.

Through these application scenarios, Pell Network aims to provide a more diverse and efficient set of services for the blockchain ecosystem, thereby fostering development and innovation across the industry.

Roadmap

Pell Network Roadmap

Risk and Challenges

We have identified two types of risks within Pell Network and have established effective mitigation mechanisms for each:

Operators Collusion Attack

Ideally, when all node operators re-stake their assets into all of Pell Network's Actively Validated Services (AVS), the cost of attacking any one AVS would be proportional to the total assets staked in Pell Network. This scenario is optimal for maximizing disruption costs. However, in reality, only some operators may choose specific AVS, leaving potential security vulnerabilities, such as possible collusion attacks on certain types of AVS. For this type of collusion attack, we have considered the following two mitigation strategies:

1. Limiting AVS Value Circulation: As a preventative measure, AVS can limit the amount of value circulated within a specific timeframe. For example, bridges could limit fund flows during reduction periods, while oracles might limit total transaction volumes. The implementation of this strategy depends on the AVS designers.

2. Proactively Increasing Attack Costs: Pell Network can take measures to increase the costs of attacking specific AVS. We have conducted a generalized analysis and assume that stakers might collude to launch a collusion attack. If colluders control the majority of nodes in some AVS, they could exploit these nodes to extract value from the AVS. Therefore, Pell Network has designed a mechanism to identify operators or groups of stakers who might pose a security risk through collusion. For example, by creating open-source dashboards, we allow AVS to monitor whether operators participating in their verification tasks are also heavily involved in multiple other AVS. This helps AVS to incorporate terms in service contracts that encourage operators who participate in only a few AVS to join more AVS services. Thus, we can consider Pell Network to have resilient security.

Potential Unforeseen Slashing Vulnerabilities

In Pell Network, the goal for Actively Validated Services (AVS) is to reach a stable state. A stable AVS should undergo rigorous real-world testing to ensure very low unforeseen risks. Before reaching this mature stage, the slashing mechanism must cautiously handle various risks stemming from potential security vulnerabilities, especially those inadvertently introduced during programming, as these could lead to asset losses even for honest users.

To address these risks, Pell Network has designed the following defense mechanisms:

1. Security Audits: Before an AVS can be registered and run by node operators on the Pell Network, the AVS development team must provide a comprehensive code audit report. This ensures the service's security and builds confidence among stakeholders and operators.

2. Continuous Risk Assessment: Prior to formally integrating with Pell, an AVS undergoes continuous risk simulation to evaluate its performance under various parameters. Additionally, Pell will monitor operator participation and node performance data to dynamically assess and adjust the AVS service's risk levels.

3. Delayed Slashing and Vetoing Slashing Events: Before an AVS reaches a fully stable state, each slashing event will be preliminarily decided by more than two-thirds of the consensus nodes in the Pell Network. The decision will then be published for community review. The final decision requires a vote from both the Pell community and the governance layer. Early governance members are jointly nominated by the Pell team and the community. The governance layer, using multi-signature decisions, can veto potential slashing actions based on the vote results. This involvement in slashing decisions by the governance layer is a temporary measure, akin to a consensus mechanism that may be phased out in the future, aimed at providing additional security safeguards before the system is fully stable.

These security audit and governance intervention mechanisms are implemented by Pell Network to achieve resilient security. Even before AVS are fully stabilized, these measures ensure that security risks are effectively contained, protecting user assets and promoting the healthy development and eventual stability of AVS.

Conclusion

1. Pell Network has created a free market for decentralized trust, extending Bitcoin's economic utility on a security level through diverse staking options and combining them with the security aspects of the Bitcoin network.

2. Through restaking in Pell Network, stakers can choose to provide security and verification services for the modules they choose, either by directly operating nodes or by delegating to other Pell Network node operators to provide services and earn profits.

3. Various lightweight and large-scale decentralized component modules can be built on Pell Network, offering economically effective security solutions for the infrastructure security of the upper-layer Bitcoin ecosystem, as well as ecological application security.

Pell Network will provide a multi-layered, multifunctional service network for the Bitcoin ecosystem, aimed at enhancing security and diversifying staking options to promote the growth and development of the Bitcoin ecosystem.