1 Secure Worker Mining and Staking

Introduction

To secure the cloud of Workers and the jobs they are assigned, the network will set Confidence Level for each worker’s CPU and will require Staking to enable mining. Each worker can only earn value $V$ if it first stakes several PHA tokens based on its CPU score, after which it can enter the mining system and start TEE Mining.

If a worker misbehaves or fails to respond, it will be punished by slashing the $V$, which strongly incentivizes participants to ensure their workers are running properly and disincentivizes attempts to cheat.

Unlike Polkadot or other Proof-of-Stake consensus systems, Phala can manage as many as one million CPU cores from over 100k nodes, which requires our staking mechanism to outperform existing PoS in both performance and efficiency. That’s why we propose Stake Delegation, which introduces an extra role of StakePool into our system to connect computing nodes with PHA holders. Anyone is allowed to create a StakePool, and a PHA holder can delegate his/her PHA to the pool. Then the pool Owner can manage and stake for any Workers belong to the pool.

TEE Mining Roles

Role Description
Worker A computing node; a CPU. Responsible for off-chain computation in the Phala network (in a private and secure enclave).
Operator Authorized by a Worker to act as administrator, responsible for managing the Worker’s mining.
PoolOwner The account which creates the StakePool. A StakePool manager who is responsible for the management of the pool and all the Workers bound to it.
StakePool A pool of stake from a group of parties backing a group of Workers. It provides a middle layer of funds flowing between Workers and Delegators. It also provides on-chain management of TEE mining stake. (Each StakePool is identified by a PID automatically generated by the system)
Delegator A PHA-holding address. It can participate in Phala TEE mining through Stake Delegation.

Role Relationships

Operator Owner Delegator
Worker A Worker is managed by one Operator; an Operator can manage multiple Workers. When the Operator of a Worker is the Owner of a StakePool, the StakePool can stake PHA for this Worker. /
StakePool The Owner of a StakePool is the operator for the Pool’s Workers. The StakePool can stake for its Workers as required. Each StakePool is bound to one Owner; an Owner can create multiple StakePools. A Delegator can stake to multiple StakePools; each StakePool can have multiple Delegators.

The Relationship between Worker and StakePool

Figure 1

As shown in Figure 1,

  • Owner-A creates Worker {A, B, C, D};
  • Owner-A creates Pool-1;
  • Owner-B creates Pool-2;

Figure 2

As shown in Figure 2, a StakePool can add or manage a Worker only if the Operator of the Worker is the Owner of the pool. In this case,

  • Since Owner-A is both the Owner of Pool-1 and the Operator of Worker {A, B, C, D}, Pool-1 can bind Worker {A, B, C, D} to it, and Pool-1 can stake its PHA tokens for these Workers;
  • Owner-B is the Owner of Pool-2, while Pool-2 cannot add or manage any one of Worker {A, B, C, D} since Owner-B is not their Operator;

Other cases:

  • After Worker-A authorized Owner-A as an Operator, it cannot authorize Owner-B at the same time. If Worker-A wants to transfer its control to Owner-B, it must first stop mining for Owner-A;
  • No ownership transfer for StakePool for now;

The Relationship between Delegator and Worker

Figure 3

Figure 3 shows the relationship between Worker, StakePool, and Delegator:

  • A StakePool can add and manage Workers;
  • A Delegator delegates his/her PHA tokens to the StakePool;
  • The StatePool stakes the PHA tokens from the Delegators for its Workers;

It is worth noting that during the staking, all the PHA tokens are kept at Delegators' addresses, and no transfer will occur.

Figure 4

Figure 4 shows the full lifecycle of our mining process:

  1. Pool-1 is created, and it adds Worker {A, B, C, D};
  2. A PHA holder delegates his/her PHA tokens to Pool-1;
  3. Pool-1 stakes Delegator’s PHA from its Workers;
  4. The Workers starting mining;
  5. In each block, Phala Blockchain will reward all the StakePools according to their shares of computing power;
  6. Pool-1 will divide its rewards into two parts according to its Commission rate: one for Delegators and the other for the pool Owner;

Case 1: Insufficient Staking

Figure 5

Assuming Worker-A and Worker-B require staking of 2000 PHA, respectively. And Worker-C and Worker-C require staking of 3000 PHA, respectively. If Delegators stake 7000 PHA in total to the StakePool:

  • Since all the Workers in Pool-1 require a minimum total staking of 10000 PHA, the amount of PHA in the pool is not enough for all the Workers to start mining;
  • Pool-1 could choose to only start Worker {A, B, C};

Commission

To avoid the case that many Workers cannot start mining for insufficient staking, we create StakePool to enable Delegators to delegate their PHA tokens to the StakePool and stake for Workers. A StakePool needs to set up two parameters for the reward distribution:

Parameter Full Name Meaning
Commission Commission Rate The commission rate of the StakePool.The commission portion is deposited into the pool’s Owner address.
Cap Capacity The capacity of the PHA tokens in the StakePool.

The rewards for the Owner and Delegators can be calculated by:

  • Owner Rewards = StakePool Rewards × Commission
  • Delegator-A Rewards = StakePool Rewards × (1 - Commission) × Delegator-A’s staking / All staking in StakePool
  • If an Owner stakes to the pool, he/she is treated as a normal Delegator;
  • All the staking in the pool can be divided into deposit and free;

After Delegators delegate their tokens to the pool, there are two more parameters:

Parameter Full Name Meaning
Cap Gap Capacity Gap The difference between Cap and the real amount of delegated tokens. It shows the number of tokens that can be further delegated to the pool.
Free Delegation Free Delegation The difference between the amount of delegated tokens and the ones that have been staked. It shows the free tokens which can be used.

When there are free tokens in a pool, its Owner has multiple choices:

  • Add more Workers;
  • Overstake for its Workers (to change the staking of a Worker requires it to stop mining first, and this can cause a drop in value $V$);
  • Just keep the free tokens in case of Delegators' withdrawal;

Case 2: Commission Setup and Reward Distribution

Figure 6

Figure 6 shows the whole process of reward distribution and the commission rate’s effect on it:

  1. Pool-1 is created, and it adds Worker {A, B, C, D} with a minimum total staking of 10000 PHA. Its Commission is set to 60%;
  2. 5 Delegators each delegates 1400 PHA to the pool. Now there are 7000 PHA in the pool;
  3. Pool-1 stakes 7000 PHA for the Worker {A, B, C}, and Worker-D has no staking since there are not enough PHA;
  4. Worker {A, B, C} start mining;
  5. Phala Blockchain rewards 10 PHA to Pool-1 for its computing power;
  6. Pool-1 divides its rewards into two parts according to the 60% Commission: 4 PHA is distributed equally to the 5 Delegators, with 0.8 PHA for each; 6 PHA to the pool Owner;

Figure 7

Figure 7 shows the case of reward distribution when there are Free Delegation since the delegated tokens are more than those that have been staked:

  1. Pool-1 is created, and it adds Worker {A, B, C, D} with a minimum total staking of 10000 PHA. Its Commission is set to 60%;
  2. 5 Delegators each delegate 1400 PHA to the pool, and one more Delegator-Rich delegates 5000 PHA. Now there are 12000 PHA in the pool;
  3. Pool-1 only stakes the necessary amount of tokens for each Worker (10000 PHA in total), and leaves 2000 PHA Free Delegation;
  4. Worker {A, B, C, D} start mining;
  5. Phala Blockchain rewards 10 PHA to Pool-1 for its computing power;
  6. Pool-1 divides its rewards into two parts according to the 60% Commission: 4 PHA is distributed to the Delegators, with 0.47 PHA for normal Delegator and 1.6 PHA for Delegator-Rich;
  7. 6 PHA is rewarded to the pool Owner;

Exit Staking

If the Owner and Delegators want to quit mining and withdraw all their own staked PHA, they first suspend mining. After the request is initiated, the funds that were staked will undergo a 7-day freeze period in the StakePool, after which the balance will be unfrozen and will be returned. The Owner cannot withdraw other Delegators' deposits.

Figure 8

As shown in Figure 8, if a Delegator sends a withdrawal request, and the amount he requests is less than the Free Delegation in the pool, he can immediately get his funds back.

While if the requested amount is larger than the Free Delegation, he can only get the Free Delegation and has to wait for the rest to be available.

Figure 9

In Figure 9, the Delegator wants to withdraw 4000 PHA, while there are only 2000 PHA Free Delegation in the pool, he will immediately get 2000 PHA, and needs to wait for the rest 2000 PHA.

At this time, there is a funding gap of 2000 PHA, and the Owner of Pool-1 has two choices:

Figure 10

As shown in Figure 10, if no extra PHA is delegated to the pool in 7 days, then all its Workers will be forced to stop mining and enter a 7-day freeze period. This freeze period cannot be interrupted by anyone. After 7 days, the withdrawal request will be fulfilled.

Figure 11

As shown in Figure 11, within 7 days, if some extra PHA is delegated to the pool or some Workers stop mining and release the staking, then this Free Delegation will be sent to the owed Delegator until his withdrawal request is fulfilled.

In summary:

  • A Delegator can exit staking in at most 14 days;
  • The Owner of the StakePool should take care of the Free Delegation, and introduce extra delegation or reduce mining Workers as needed. Or all the Workers in the pool can be forced to stop mining;