Holochain Forum

HIP: Economical Insurance Protocol (Holo Improvement Proposal)

If I understand correctly, Holo presently suffers from the “flood and undercut” attack that possibly takes a portion of an app’s DHT and deletes it forever. Briefly, if a good enough hosts decide to not host your app anymore and just shut their machines down forever, then a portion of your app’s data goes with them!

Holo’s timeline page did mention something called “warrants” but did not explain what it was. If it’s the same concept, then do let the community know. I’ll still continue, just in case…

So in essence, a Holo host should be able to deposit some Holofuels in some form of a smart-contract that says that if the host shuts down his/her machine while it’s bound in a warranty-contract with some app publisher, then the warrant money goes to the app publisher as a form of compensation and the host no longer remains in a position to reclaim that money. The host gets regular interest money for hosting such an app. Please note that it’s entirely different from the “staking” common in popular POS systems.

However, if the host sincerely decides to not host that app anymore (from I guess the HP Admin or so) while it’s in contract with the app-publisher, then the DHT’s data is sent to other hosts hosting the app and the app closes properly. Although the data is already replicated and doesn’t need to be sent to other hosts, the operation still waits for a day or so to complete, and only then is the app terminated/deleted from the host’s device. The host gets a portion of the contract’s money for being sincere while the remaining goes to the app publisher.

From the app publisher’s perspective, they specify some amount (let’s say a billion dollars) that would be enough to compensate him/her in case the app is taken down via flood-and-undercut vector. The hosts list the amount of money they are willing to lock in such premium apps in total. The algorithm does the rest; maximize the interest the host receives, while distributes the app to sufficient premium hosts to cover the said billion dollars. The app-publisher is notified if the compensation covered is less than the said amount due to a lack of “premium hosts” in the system, i.e. due to a lack of hosts willing to lock some money in advance in warrants; the app still continues being hosted though.

In effect, this creates an ecosystem in which grandma won’t be hosting… let’s say Facebook2 but rather small startups that don’t mind data-loss, while app developers and hence their users enjoy a good night’s sleep…

History has taught us time and time again that there’s no better strategy to tackle bad behavior in distributed systems than an economical one. No host can be trusted despite any KYC knowledge; hell not even the government can be trusted for the issual of the so-called “trusted” documents!!! Holo’s philosophy is correct all through; it’s hard to get one thing right, it’s a whole different feat to get so many things right one after the other; Holo seriously deserves more acclamation than it currently gets. However, this little change shall make Holo invincible! Let’s ditch KYC! Let’s rely on economics!

– The A Man

Was skimming through The Book of Swarm and found this!
Quoting Viktor Tron from The Book Of Swarm

"3.3.4 Insurance: negative incentives

The storage incentives presented so far refer to the ability of a system to encourage
the preservation of content through monetary rewards given to storers. This was
achieved using a postage lottery which instrumented the fair redistribution of postage
payments to storers. With this scheme, we provided positive incentivisation on a
collective level. Such a system, however, is suspect to the tragedy of the commons
problem in that disappearing content will have no negative consequence to any one
storer node. The lack of individual accountability renders the storage incentivisation
limited as a security measure against data loss. Introducing competitive insurance, on
the other hand, adds an additional layer of negative incentives and forces storers to
be very precise with their commitments to provide users with reliability. Particular
attention is required in the design of the incentive system to make sure that failure to
store every last bit promised is not only unprofitable but outright catastrophic to the
insurer."

This is what I meant. Wouldn’t it be great if Holo had such an insurance mechanism too?.. Is it anywhere on the roadmap?

Interesting! I dont know enough to bring something substantial to the main topic, however two small comments:

  1. I think the “warrants” term you mention refers to the self-defence mechanism of dealing with peers that dont play by happ rules ie posting invalid data. A peer performing data validation posts such warrants to inform the happ-network of the bad peer upon discovery. At least thats my understanding - could be wrong.
  2. Depending of happ KYC might still be needed for regulatory reasons (I do think thats the case in Holo) but nonetheless the mechanisms could coexist as available tools in Holo to app devs and complement each other where needed.
1 Like