Cosmos Hub ICS Security Marketplace with Jehan Tremback of Informal Systems

Sebastien Couture:

Welcome to the interop today. My guest is Jehan Tremback he's cosmos hub lead at informal systems. Informal is building verifiable systems and organizations. And they're also the stewart for several technologies core to Cosmos, including Comet BFT, IBC Rust, and, of course, the Cosmos Hub. In today's conversation, we'll discuss Informal's role the hub, what is interchange security, and the newest version of interchange security, partial set security.

Sebastien Couture:

We'll discuss changes and sort of how the ICS vision is evolving. We'll talk about bringing Bitcoin security to the hub and how the hub can compete in the broader security landscape. I'm also dying to find out why he thinks the hub should become a security aggregator. So I've been away for a couple of weeks traveling to East Denver, and so I apologize for not having an episode last week, but we'll try to get episodes out on a regular basis. Again, it's just so hard recording with all this traveling, but I'm glad that I was able to record this episode with Jahan on the day of the 5th anniversary of the hub.

Sebastien Couture:

If you were in Denver, if you didn't come to our convergence event, definitely check out the video from that panel. It'll be down in the show notes. It was really interesting panel about how Ethereum and cosmos are coming together. And I hope, you'll check that out. So before we get started, make sure to hit the like button and subscribe to get notified when new episodes drop.

Sebastien Couture:

Remember none of what we discussed here on the interrupt is investment advice. And if you enjoy this content, please consider sticking with us. We're live on Atmos Quicksilver and osmosis. Just look for interrupt in the active set. My guest, Jahan Trembach, is coming up next right here on the Interop.

Sebastien Couture:

Hey, Jahan. Thanks for joining me on the podcast today.

Jehan Tremback:

Yeah. Thanks for having me.

Sebastien Couture:

So there's lots to talk about today, particularly surrounding the Hub, but it's actually interesting that we're recording this on the 5th anniversary of the Hub. So, happy Hub aversary, I guess, as people I as I I like to call it. What what does this day mean to you? And, like, you know, reflecting back on 5 years, what, you know, has the hub achieved, its vision? Like, are we have we achieved success?

Jehan Tremback:

Yeah. I mean, no. I've I've only really been involved for, like, maybe 2 or 3 years, I guess. So I wasn't, you know, I wasn't around when the cosmos, you know, cosmos hub launch or cosmos launched. But, you know, I think I did get involved pretty soon after IVC launched.

Jehan Tremback:

So obviously before IVC existed, you know, that was very very different very different time because it cosmos is doing what it's supposed to do. I think that the hub has, you know, the the hub has like, at this point, I think we've we've sort of started dialing in on a very, like, cohesive use case for the Cosmos Hub. And, and I think in the past, throughout the evolution of Cosmos that maybe, you know, have been missing. Where Cosmos is kind of like this this very useful technology, IBC, Cosmos SDK, very useful way. Very good way to build chains, and then also have really good connectivity between chains out of the box.

Jehan Tremback:

But there wasn't necessarily really a good, sort of, idea for, you know, how the how the hub fit in there. And, I think in the past, the hub a lot of times was I'm talking maybe, like, 2, you know, 2, 3 years ago, the Cosmos hub was kind of a test net for Cosmos SDK. So there'll be new features in the SDK. We get launched on the hub and kind of, but it wasn't necessarily really interacting with with other chains. And so now we we have a much clearer, a much clearer mission for how the hub fits into this ecosystem.

Jehan Tremback:

This really successful ecosystem that Cosmos hub, you know, has created. So yeah. Yeah.

Sebastien Couture:

I think I think the hub the hub showcased the Cosmos SDK and everything that was possible with it. And then, you know, when IBC came, came online, it also sort of showcased, like, the power of IBC and, you know, osmosis would play a big role there as well. But it's been like, I think, you know, the flagship product of the cosmos SDK, as far as I see it and, you know, demonstrated what's possible there. Of course, like a lot of things are changing now and like the cosmos SDK, I think, you know, the vision for the Cosmos SDK is shifting. It's obviously like very important to the modular vision and being able to deploy applications.

Sebastien Couture:

And that's what we're going to talk about here, you know, using, renting security from other sources, you know, in terms of where the hub and particularly the cosmos SDK started, right. As this framework for building application specific blockchains, that where there was an implied, an implication of owning your own security. And now the cosmos SDK, I think moving more towards this idea of being able to rent security, building application. Right? Like, with the best framework possible, but being able to rent security from somewhere else.

Sebastien Couture:

Does this shift signify, like, a shift also in the vision for the Cosmos SDK or or was this always kind of the the end game in your view?

Jehan Tremback:

Well, let me let me just, be clear. The Cosmos SDK is the is the is the framework that's used to build Cosmos I I know I can't speak too much to it's a separate team, but, they they are doing a lot of stuff to basically make it, z k provable, to make it suitable for roll ups, and that's really exciting. But even without that, the Cosmos SDK is a toolkit to let you build your own, you know, your own app chain. And that's always what kind of Cosmos has been about, in the past, and I think also going into the future. And with app chains, you know, app chains are kind of the most flexible and most powerful way to build a blockchain project, because you can just you can control every, you know, every aspect of its operation, and you can, you know, you you can have, like, for example, you can have stuff that runs off to the side of the, like, you know, like, Skip has a slinky oracle framework, that runs off to the side.

Jehan Tremback:

There's there's stuff like d y d x built to cosmos chain, and they, a big reason why they did that was to, just to have this off chain order book system. And, so and you can kinda customize every single thing. So I think that's always gonna be, it's it's always gonna be a big factor. So, like, let's say, Celestia, for example, you can build a roll up on Celestia. You can't build Celestia on Celestia.

Jehan Tremback:

You know, know, you can build Celestia on the Cosmos SDK, which is which is what they did. So it gives you the the power you need to to really do kind of, you know, l ones.

Sebastien Couture:

I like the way yes.

Jehan Tremback:

Sorry. Where is it going?

Sebastien Couture:

Podcasts I heard recently he was talking about how, like, the Cosmos SDK is built to for, is, is made to build frontier chains and frontier applications. And, and a lot of the sort of chains that are at the frontier are using the cosmos SDK. So like DYDX, Celestia injective, say, you know, Barret chain, and list goes on.

Jehan Tremback:

Yeah. I mean, there there are a lot of projects where a smart contract is is the best way to do it. I mean, if you're doing, let's say, you know, it's a it's a dex or something, or it's something that's not too, it doesn't require a huge amount of control over how it executes, or tweaking of performance or blocks being smart contracts make a lot of sense. And roll ups as well. Roll ups are a little bit kinda like between a smart contract and a chain.

Jehan Tremback:

But if you really want the maximum power, you you gotta reach for, for an app chain. The best way to build those is with the Cosmos SDK.

Sebastien Couture:

Cool. So I I just wanna focus on you a little bit. So you're you're you're the Cosmos Hub lead at, Informal Systems. What what does the Cosmos Hub lead do? You know, for people out there, you know, lingering, sort of discovering that there's a person who's leading the hub.

Jehan Tremback:

I lead in the hub at informal, and actually, technically, I'm product owner. So I don't actually lead the development team. That's my my colleague, Marius, Marius Poke, who who does that. But basically, you know, like, you know you know, as people know the cosmos are very decentralized, so it's not like there's, I have, you know, I certainly have, like, influence in the community, but, there's no official, like, leadership. But what I do day to day is, kind of our folks at Informal is is Interchange Security, has been in the past.

Jehan Tremback:

We're also now moving into doing more liquidity, and interchange capital, related things. So Atom works, which I can which I can speak about as well. But basically, I I sort of I sort of think about where what we wanna do with the products, where we wanna take them, and what we want, like, the experience for someone using them to be like. And then also, I come from a a technical background as as a developer, so my focus is is kinda technical, and, I'll, also spend time kind of specking specking them out, working with developers to figure out how exactly it's gonna work, you know, publishing, you know, specs and and ADRs, and, sometimes even, writing some code. So I've been writing code for for Atomwares, writing Cosmos contract for that.

Jehan Tremback:

So yeah. It's you know? And a lot of a lot of meetings kinda get everyone on the same page. But yeah.

Sebastien Couture:

Yeah. It's it's a peculiar peculiar position to be in because, like, you're a product owner for a product that, like, you don't actually own in in the in the actual sense, you know, governance product product that nobody owns. Yeah. Exactly. And so Yeah.

Sebastien Couture:

You know, I'm curious, like, you know, a product owner, I think, typically, you know, takes feedback from customers and then integrates those feedback into product features or improvements to the product, and then pushes those features out, to the product and, you know, it's sort of like this feedback loop. Now it's sort of similar with the Hub. Right? Like, you have the community, you have users, you have developers. Now there there are different say, like, customers.

Sebastien Couture:

Right? There there are different people that are using the Hub or interested in the Hub success. And then your role is to, you know, sort of transform those into ADRs and, you know, governance proposals that then make it into code and it gets getting deployed On the face of it, it seems like a very sort of similar circular, process, but, like, where do the hiccups come before? I imagine there was more hiccups and and more, sort of barriers in the decentralized sort of, you know, paradigm in which you operate.

Jehan Tremback:

I mean, I think it's interesting. Yeah. There's there's users of the hub, and then there's also, like, you know, there's also stakeholders. So, obviously, anyone who, you know, anyone who has Adam's stakeholder, really. And then also people who participate in governance are stakeholders.

Jehan Tremback:

One of the challenges is we want to be very open to feedback from, from the community. And, you know, the main venue for that is the well, to try try to centralize it, we use the the the Cosmos sub forum. And so we publish stuff. We have a process called the chips process. So we it's hard for, you know, it's hard for community members to have the time to sort of read deeply into how something works and provide, like, a lot of feedback.

Jehan Tremback:

So we can't what we do can't just be only basic community feedback because, in general, if you say, hey, here's these ten options for how to design this. Which one do you guys like? I mean, it's it's not really their job. So so a lot of what we do is is kind of try to come up with maybe two directions and put those out there and see what the response to them is to to distill it and make it simpler. And I mean, I, you know, I, I'm also I hold, you know, I hold tokens of of protocols that I have very little involvement or knowledge of, like, let's say, graph protocol or something.

Jehan Tremback:

You know, it's it's I think it's a cool protocol, but I'm not, like, you know, just being some kind of small token holder. It's, you know, it's not even in Cosmos ecosystem. I'm not also not, like, necessarily influencing every decision. Right? And I think it's the same thing with with with with Adam Holt.

Jehan Tremback:

There is also a lot of people who are very deeply involved and have a lot of opinion, so we try to take this seriously. Yeah. But yeah. A lot of also it is is going to the customers. That's that does tend to be clear.

Jehan Tremback:

So going to consumer existing consumer chains, Stride and and, and Neutron. And then also, a project we're talking to to join and and getting their opinions on how they want things to work. That tends to be more focused.

Sebastien Couture:

So you guys also have this business development role, that you know, maybe, maybe this is a good segue also into the role of the ICF. Like I think historically the ICF had a bigger role in, kind of either doing this product ownership for the hub. Now that's shifting outwards into organizations in the ecosystem. Does the business development aspect also fall under the responsibility of informal systems? And, you know, how is that being accelerated?

Sebastien Couture:

Cause I think a lot of people in this space have been a little bit disheartened by the lack of business development, the lack of funding to projects, like the lack of, just, just having just sort of an entry point, right. Or like a desk where people coming to the ecosystem wasn't so yeah. So that's a lot of context, but how how is informal, you know, sort of, advancing business development in this front?

Jehan Tremback:

Our our mandated role at Informal based on the our funding proposal from last year doesn't include a huge amount of funding for business development. And, you know, we that proposal is mostly for software development, and that's kind of where the head count is going to. But we also realized, we realized early this year that that was lot of actually hiring for, ecosystem growth fleet. And we already do myself, and then also other members of our team, already do a lot of business development. We do have in terms of the official funding right now and that and that proposal, it's, it's basically half a half a full time employee for business development.

Jehan Tremback:

So that, that covers, Thiborg's activities. He's something a lot of people know. Does BDN formal. But, then my my, you know, myself and other members of our team also, to to a lot of BD just on onboarding projects and telling them about it and stuff. So the a a DAO also, is ramping up, ramping up BD efforts around interchange security.

Jehan Tremback:

And they they I think it was I I I don't wanna I don't wanna misquote them, but, they're they're putting, like, 25% of their funding, I think, towards towards that towards, you know, business development around around ICS and grant consumer change. And they're also doing, a venture grants program, which is, kind of an ecosystem investment program. And that will also I think, you know, a lot of that will go towards towards consumer chains at all. So we're as well. So I think we're we're we're definitely ramping it up and we've definitely noticed that this is a major need.

Jehan Tremback:

And so then there's kind of 2 angles to that. So first of all, there's, like, the question, like, who's doing BD for Cosmos? Just building a Cosmos chain. And then there's a question, who's doing BD for the Cosmos hub. And so for us and also a DAO, we want that to be kind of unified.

Jehan Tremback:

So basically, we we wanna we wanna go out. We wanna talk to projects that are new to Cosmos and say, hey, here's this great technology you can build this great stuff with. And the best place to launch this type of chain is the Cosmos Hub and kind of have that be like a unified effort. And I think for a and a lot of times, like, if you are doing you know, if someone's doing a start up, up, that kind of which is kind of our target, you know, target customers, as people wanna launch chains. You know, time is at a premium.

Jehan Tremback:

And so being able to educate somebody and then bring them in to use the technology to launch in the default place, it saves them a lot of time, and it gets them in. And then once they're in there, they're sticky because they don't really have a reason, you know, to wanna leave. And so we hope that strategy is going to be good for kind of accelerating a lot of early stage projects to get them onto ICS. And, it's not a new thing. I think every, you know, every every blockchain platform, you know, since, like, Ethereum, let's say, has kinda put this playbook into action.

Jehan Tremback:

And that's something that we're trying to do more and more, along with with AA. And so on the ICF's role, the ICF is, this goes back into some ancient, you know, cosmos history, cosmos drama history, but the ICF, is a nonprofit, you know, that kind of, you know, did did a lot of the original stuff, you know, with the ICO and stuff back in, like, 2017 or the publisher. And they kind of, you know so that's a nonprofit, and, their mission has always been though to to, to sort of develop the Cosmos stack. So the open source Cosmos SDK, IBC Go, and that stuff's all very valuable to us. But, they they have never necessarily they they had the responsibility for the hub for for several years.

Jehan Tremback:

In 2019, there was, like, you know, some drama, and the company that was kind of maintaining the hub is not anymore for various reasons we don't have to get into, and it's kind of landed on the ICF. And the ICF did a very good job of keeping it going and everything, but they they're never really oriented towards sort of a really, you know, kind of hard driving, like, role to, like, promote this blockchain. And so that's something with, like, the and the community pool getting more cohesive and and more assertive in in in, you know, passing proposals to fund teams like ours. That's something where the hub is now starting to do that, you know, by itself in a decentralized way, which is pretty cool. But, of course, the ICS the ICS funding and efforts on Cosmos as you can, obviously, are are extremely important as a base layer to everything.

Sebastien Couture:

Yeah. And, and just maybe to clarify here that, I don't want to spend too much time on this here, but that the Cosmos SDK and IBC are maintained by other teams, Or I guess you guys are doing IBC, the Rust version of IBC. Yeah.

Jehan Tremback:

That's right. Informal. So informal does yeah. Also, just to be clear, like, I'm the Informal has a Cosmos Hub team, which is funded directly by the community pool, which is the team that that that that I'm on. But, also, Informal does do a lot of work for the ICF as well.

Jehan Tremback:

So I am not super involved in in that work for the ICF, although I know all people very well because they work at Informal, but it's not really my my wheelhouse. So stuff like that, like IBCRS, I would still consider that to be under the umbrella of the ICF, although some of that work is done by teams out Informal.

Sebastien Couture:

Okay. Very cool. Yeah. Thanks for all that contact. I think that's super helpful.

Sebastien Couture:

And I think for people listening, it will help them really understand what the role of, of, of informal and other teams in this space. And I'm, I'm actually really happy to to hear that you guys are taking on more of a business development role and working with, a Dow to, centralize, I guess, the, the business development efforts. I think that's very much needed and something that other chains have done very well, including like Solana and polygon and Ethereum.

Jehan Tremback:

Ethereum. Absolutely.

Sebastien Couture:

But, but Ethereum invented it. Has been kind of lacking. Yeah. Yeah. Cool.

Sebastien Couture:

So let's let's move on to, ICS, replicated security, partial security. Actually, yeah, I mean, this this was sort of the main reason why I wanted to get you on here is to talk about partial set security. The the this this idea of shared security on the hub has been around for a while. It was launched some time ago now, I think, over over a year and a half ago, maybe even 2 years ago. Time time seems to escape me these days,

Jehan Tremback:

but Well, it's been about there's always been about a year that's been live, but yeah. Right.

Sebastien Couture:

Okay. And so there's there's there's these 3 different terms, right? So there's interchange security ICS and there's a replicated security and partial security. And I'm still confused as to what these things mean and how they relate to each other. So maybe just sort of clearing up the confusion here.

Jehan Tremback:

Yeah. So I I yeah. I do apologize for the confusion. I'm I'm also, like I I think it's, generally, we should just call them all ICS, interchange security. And replicated security and partial set security are just 2 different, 2 different variations of it.

Jehan Tremback:

I would actually say partial set security is kinda like ICSV 2. And, so we're gonna be doing some marketing work to kinda clear up those terms, but in general, it's it's interchange security. That's the hub's restaking product. So the, the original version of it, which is in production now, which, kinda went live about about a year ago, is replicated security. And replicated security, every, every validator on the Cosmos hub runs every consumer chain.

Jehan Tremback:

So if a consumer chain joins, every validator has to run it. It's actually not quite every validator. 5% of those smallest ones don't, but in in effect, that is actually a large number of validators because there's many, many small ones. But, effectively, you know, it's like every validator has to run it. So, that is the highest level of security, and there's actually it was actually an interesting I'll get into this a little bit later, but there's there's this there's something called the subset problem.

Jehan Tremback:

There's a lot of things we've done around the security properties, these different variations. So I'd I'd love to cover in more detail. But just to keep a high level for now, the if the entire validator says running it, you have a full of the Cosmos Hub. You have full, like, economic alignment basically, and it is the highest level of security. However, you know, along with that high level security and the high level power you get from an app chain, the expenses for validators are somewhat high as well.

Jehan Tremback:

So validators running another chain, they they kinda need to run another server, And you multiply that by a 180, it's a lot of money. And so that's something where I think we we we didn't necessarily last year. We didn't do a good job anticipating how when people were saying this, and I think we always knew there were gonna be scaling limits to it. But basically, that's the major downside of of replicated security is is this is the scaling limits. So to get every validator to run a consumer chain, they all have to or, you know, at least majority of them have to agree to it and pass the proposal.

Jehan Tremback:

And so we have 2 very high profile, very high quality consumer chains running, neutron and Stride. I'm very happy about that. But it has been kind of a a high barrier entry to the the new chains just, you know, starting out. And so that's a partial set security, which is really just the next version of interchange security is addressing. So with that, you don't have to have every validator run every chain.

Jehan Tremback:

You can have, a chain start basically permissionlessly, and as soon as validators start opting in, it starts running. And so, with with that, it allows chains to sort of start up in a very lightweight way, have the Cosmos Hub be a place to find a validator set and get started, get launched, and scale their security as they need to. And what that allows us to do is really ramp up to, like, open the flood the floodgates to basically let everybody who wanted to run a consumer chain run a consumer chain. And that's also, you know, our ramp up of the BD and growth efforts are, you know, enabled by that because then we can bring a lot of people in, get them started, get them going. There's not this big hurdle of the government's proposal.

Jehan Tremback:

So that's what that's what that that distinction is all about. There there is a feature in partial head security that's called top end. So there it will, there will be an option for chains to have guaranteed security. So for Neutron and Stride, for example, they're going to move to that, and what that does is is you can have a setting that says, for this consumer chain, we wanna mandate that the top end percent for neutron and cyber, but the top 95% of validators have to continue running these chains. And that's good for chains that do need to continue with a high level security, or if we get other sort of higher profile chains coming in, they might also use that.

Jehan Tremback:

So chains that can clear that governance hurdle, they wanna do you use that. For the majority of chains, though, I think it's gonna be they can just launch permissionlessly, validate or start opting in, and it's a lot smoother. So that's kind of the yeah. That that's clear that it's all just interchange security, and partial security makes it easier to launch.

Sebastien Couture:

So so this top end, thing you mentioned, so that would mandate that validators run or at least the the top 95% of validators run security for these changes. Is that a governance? Is that subject to governance?

Jehan Tremback:

Yes. Yeah. It has to be. Yeah. So, you know, regular opt in consumer chains, they can, you know, that's where there's no top end permissionless.

Jehan Tremback:

They they can launch permissionlessly. I think in the first version, there will be a governance proposal for every consumer chain, but that's kind of an implementation detail. But, that's you know, it will be soon it will be completely permissionless. And, but but yeah. For for top end, if you're mandating that a certain top percent of validators run it, that there does need to be governance proposal.

Jehan Tremback:

So top 95% is kind of basically equivalent to replicated security, the the old version. But you also do something like top 66%. 66% of the validators actually is only 24 nodes. So, that's pretty interesting cause you get like the majority of the of the same security, but it is only 24 nodes that have to run it reducing the costs by a lot. But yeah, I think it's going to be less important than opt in security.

Jehan Tremback:

It's more just there if you need

Sebastien Couture:

it. The vision here seems to be kind of different from the original vision of, of interchange security. At least how I remember it. I remember in chain security being this idea that the cosmos hub would secure A handful of chains, maybe 10, 20 chains. These would be very high quality projects.

Sebastien Couture:

Like, you know, new, the neutrons, the strides, the Nobles, aligned and complementary with amongst each other, you know, no competing plat chains on the hub. And I kind of like that. I felt that this would would create sort of an ecosystem of of applications that would create a lot of value for the hub. And that this curation was really an important aspect of, of interchange security. It's it seems now that that shifting to a more permissionless model where the hub becomes kind of a security marketplace and validators can opt in or opt out of securing certain chains.

Sebastien Couture:

Yeah. Why is there a a a shift or an apparent shift in vision? And, how will this you know, is is is this marketplace sort of the right way to to see interchange security moving forward?

Jehan Tremback:

Yes. Yeah. I, there there has been a shift in vision. And you're right that you described the, the sort of strategy, you know, from last year pretty well. And I think the the reason we're shifting is because, you know, I think that the the the overhead of of governance ended up being, you know, more than we expected and the overhead of making every every validator get on board.

Jehan Tremback:

And I think that one of the one of the points of friction that that happened was was that you'd have chains where, you know, you you'd let's say let's say, Neutron, for example. Neutron is there's a little bit of a split between Atom token holders, I felt, and and validators. So where for a token holder, if you have Neutron on board, that's very good Because Neutron is a leading smart contract platform in in Cosmos, and that's having having them on board is only good for for a token for an Atom token holder. It's like that's that's that's great to have them in. For validators, token holders don't really necessarily face any costs for every new consumer chain.

Jehan Tremback:

For validators, they they do. And so that was a point where if you have this curated model in this decentralized context, it becomes pretty tough to sort of, like it's hard to do that sort of curation with a very decentralized, you know, community and ecosystem because, like, you can't necessarily nobody can go and say, look. This is how it's gonna be done. These These are gonna be the change we're gonna have. Nobody has that authority actually in in the in the Cosmos hub.

Jehan Tremback:

I certainly I certainly don't, and and not even people who are, you know, very well like Ethan or something or Zucky or Jae Kwan or whatever. People who founded it don't even have that authority. So it's I think we kinda realized that we need to go since it is such a decentralized community ecosystem. We need to go for more free market model and and kinda let let things evolve, versus versus having a model that depends on, kind of curation. So I I think that's that's why we shifted strategies.

Jehan Tremback:

Another thing I will say, though, is there is another improvement coming in the new version of ICS, which is something I wrote about in the forum, but is not really I don't think a lot of people have paid attention to it, but I think it is pretty important, which is that validators will be able to set their own commission rates, for each consumer chain. So, right now, how it is is the validators charge commission. A lot of them charge 5%. That commission applies to their adam validation and then also applies to any rewards that come from the consumer chains. And so validators generally don't want to change that because they don't want to raise their commission.

Jehan Tremback:

You know, makes them less competitive with the new version of ICS, they're going to be able to say per consumer chain, they're gonna be able to say, hey. This consumer chain, it's a little expensive to run. I'm gonna be charging 20% on this one. And Yeah. So it's gonna let them it's gonna let them really dial it in a lot more and kind of, you know, kind of do better, do better for, you know, being able to to get the economics exactly right.

Jehan Tremback:

So that that'll help as well. But I mean, that yeah. That that's sort of the the reason we've we've shifted shifted it.

Sebastien Couture:

Okay. Now that makes sense. I mean, like, it look like taking a step back and and looking at, I think, what has really been a prevailing advantage of Cosmos, maybe over you know, I I like sort of a tangent here, but I like to compare Cosmos and Polkadot as the cathedral and and the bazaar where cosmos always took this very market based approach and and polka dot had a more central decision making approach. And I think that that's that has been, you know, very important to the success of cosmos and the flourishing of ideas and cosmos. Now that makes things very messy and and that's normal and, like, governance is messy and decision making is messy.

Sebastien Couture:

But in the end, I think you get something that's much stronger, much more resilient, much better, and, yeah, for for the long term, this this idea of having a more market based approach for interest in security feels more aligned with the Cosmos vision, but I think that because I I wonder if the the reason for wanting to, you know, at first, at least, have a more curated approach wasn't a sort of reaction to the, you know, over, to the drama and sort of all of the messiness within Cosmos and at least for the hub, you know, wanted to sort of, curate and and narrow down the project so that we wouldn't end up in this in this very, disorganized, messy, dramatic, situation. But I don't know. I mean, in the end, I think it's I think it's better and probably in the long term, we'll end up being better for the hub to have a market based approach to, to governance or sorry to, to ensure security. Yeah.

Jehan Tremback:

Yeah. Somebody who asked on, I don't know if we wanna cover this now, but somebody asked about the subset problem on on Twitter. Let's

Sebastien Couture:

do it. Let's talk about the subset problem. Let's let's go through it. Yeah.

Jehan Tremback:

Okay. Cool. We're gonna get really technical here. A lot of interchange security design was driven off of that. And so, that that's, yeah.

Jehan Tremback:

So I'll get into it. So basically, the subset problem was something that I sort of noticed, a long time ago, when we were first, you know, first working on Internet security. And, basically, I was I was I was thinking because we actually originally were gonna have a b opt in. Like, what we're about to release was supposed to be the original version. Or maybe the the replicated security was just supposed to be, you know, a prototype or something, whereas the whole validator set.

Jehan Tremback:

But I realized at some point, hey. What happens if you have 10 small validators, Let's just say really small ones at the bottom of the set that might have, you know, point I don't know. They might have, like, a 10th of a percent each. Right? And they total up to only 1% of the power.

Jehan Tremback:

And they're opted in a consumer chain, and then you have a validator with 2% of the power opt in. They're from, you know, higher up, maybe in the middle of the set, around 2%. I saw it. It's pretty high, actually. But so a larger validator that comes in immediately, That large validator has 2 thirds of the power on the chain.

Jehan Tremback:

And the validators on any any chain, any Cosmos chain, or any really any any blockchain at all, any proof of stake chain at least, if you have 2 thirds of the power, you control the chain. So I was like, man, what's how what what about that? What do we do there? And the, the thing is what you you know, some of the original earlier you know, some of the suggestions actually stuff we're putting to play now, though, actually. But, like, some of the suggestions were, like, you know, from people I was working with were, like, well, let's just, you know, make it so that you limit the power so no validator can have more than 25% on a consumer chain or, know, different things like that.

Jehan Tremback:

Or you can't have them join to clearly, if they if they join, their power ramps up over time, so it doesn't immediately take over, stuff like that. And so that stuff, I think, practically does work does probably work pretty well, but it's also kind of the it's the kind of thing where it's always possible to kind of, for validators to break up their stake. So for 1 large validator to appear as several small ones. You can see the extreme example of this in Ethereum where they decided to not have things decentralized. They wanted to limit it so you can only have 32 ETH staked.

Jehan Tremback:

It's like every validator needs to be very, very small, and they thought it was gonna result in, like, everybody running validators in their bedroom or whatever. What really happened was that everybody used liquid staking services who each run 1000 and 1,000 and 1,000 of separate validators on Ethereum. And so, yeah, that is yeah. So so that kind of makes it so that, you know, even if you try to limit the power of validators, you you can't really do it because, because they can always break it up. So anyway, digging deeper into that, the sub that that's what I call the subset problem.

Jehan Tremback:

It's like, well, if you have the subset, then they open themselves up to kind of being being taken over. And to put a finer point on that, we've kind of as we've evolved our understanding and stuff, what they the understanding like, my understanding of that is now is actually more that the issue at play there is the fact that there are some things you can slash for and some things you can't slash for. So you can slash for double signing. That's what the interchange security slash is for. And a native Cosmos, you know, regular proof of state chain, independent standalone proof of stake chain also slashes for double signing.

Jehan Tremback:

You can you'll soon be able to slash forward, at least completely prohibit, like, what I call incorrect execution, which is, where you'd, like, make money out of thin air or something like that to break the rules of the protocol completely. That will be something with z k proofs and fraud proofs that can be prevented. But then there's still stuff, like, for instance, you can't you it's very hard to slash for, like, downtime, actually, for liveness. The downtime slashing we have is actually more of just to keep honest people honest. It's not if you if you really wanna stop a chain, you can do it with without being slashed, and there's actually doesn't seem to be any cryptographic way to even prove it, to to a protocol.

Jehan Tremback:

So, basically, the issue at play is that if you are, is that stand alone chains are kept secure a lot through basically their through economic alignment. So if you're an osmosis validator, you don't even if you could attack Osmosis and not be slashed for by the protocol, you'd still lose a bunch of money, if you're successful because you got a bunch of tokens staked. So it's like it's almost like you're being slashed by the market. Right? And so with restaking, you'll lose that because it's a different token being staked.

Jehan Tremback:

Now there's a lot of other benefits that come with it, of course, but you it's not necessary. It's not the same exact token. Right? And then, also, the other thing is if you have so if you have a replicated security where you have the entire validator set validating every consumer chain, if they do something wrong in that consumer chain, it still is like, they're still gonna be slashed by the market. You know?

Jehan Tremback:

So if, like, the entire validator set of the Cosmos Hub, you know, screws up neutron and makes money out of thin air on neutron, like, the Adam is gonna tank, and those validators are gonna lose a lot of money because they're economically aligned with with Adam. Whereas if you have, like, one validator that's running one consumer chain, do something bad, it's not as clear of a it's not as clear of a boundary. And so in the in the in the in the past year, past year and a half or so, one thing that's happened is that a lot of other restaking protocols have come out, and they've largely ignored this. And so to to stay competitive, I mean, we kinda have to give we kinda have to give the people what they want, and we have to make it up to, you know, up to consumer chains to decide, you know, to decide what what they want their guarantees to be and and allow them to launch in the way that they want, without necessarily having everything be, like, where we know it's, like, the maximum security. The The other thing that we're gonna be bringing in with partial set security is fraud votes.

Jehan Tremback:

So this is gonna be something that consumer chains can choose to activate, and that basically makes so that validators validating on one of these chains can be slashed by governance proposal. And so that is able to slash things where it's hard to slash in protocol, so stuff like liveness attacks or incorrect execution will be slashable by a vote, which is kinda replicates the mechanism of being slashed by the market in a standalone chain where you're just economically aligned except for the fact that now you don't have to have every, you know, every validator having some of that token. You can leave it up to governance to to slash to slash validator. So I think it's still an ongoing, an ongoing area of research, this kind of stuff, and it's it's a it's an issue that faces pretty much all restaking. It's something I, you know, I continue to research and write about and also talk with, you know, people at and stuff about, and Babylon, and and and we're all figuring it out together.

Jehan Tremback:

But I think the fraud votes are pretty good are pretty good, a way to remedy it. And then also just, you know, partial set security is kind of about opening it up and giving consumer change the choice to launch how they want and and make the, you know, make the security choices that they want. That's kind of the philosophy.

Sebastien Couture:

Okay. I'm beginning to get a picture of what this looks like. And I think you mentioned earlier that, validators who are not in the active set of the hub are also going to be able to participate in in partial set security. Is that that's right?

Jehan Tremback:

Yeah. Not in the first version. So the code we're doing now, it is only the active step that's a lot easier.

Sebastien Couture:

Okay.

Jehan Tremback:

There's a lot of details around bonding and unbonding, but that's definitely something we we we should be able to put in with with some effort depending how we prioritize it. Okay.

Sebastien Couture:

So then if you're so so if you're an Appchain, I'm I'm just trying to sort of, like, understand the calculus here. Like, if you're a new app chain, let's say, like, d y d x or some other, you know, big vision chain, a frontier chain, you know, as we put it earlier, that wants to build an a Cosmos SDK chain and, like, be secured by by validators. Like, there's now, like, 2 ways that they can do that. They can go out and do a validator roadshow, like call up all their, all their VCs and all their VCs friends and all the validators in the space and like run, incentivize test net and sort of do that work themselves to get validators to come on board. Or they can go to the cosmos hub, which presumably now that there's partial set security and that there is this marketplace, like, validators will be incentivized to also participate in, Cosmos Hub staking even if they're not in the active set because they're going to have access to it like a pipeline of chains that are, are choosing to to be stake there.

Sebastien Couture:

So so, basically, the old way to do it, which is just to do this validate roadshow and try to incentivize people to come on your chain, doesn't really make sense anymore if the Cosmos Hub is able to attract, you know, the majority of valuers in the space because it'll be, like, sort of this direct pipeline, essentially, you know, this marketplace that we, we talked about earlier, where you have this direct pipeline to validators and and a sort of streamlined way to onboard those validators onto your chain. Like, it it is is that right, or is there still an an argument for doing it kind of the old way?

Jehan Tremback:

I I, you know, I think that there's there's always gonna be people who want to take the Cosmos technology and customize it to a huge extent and build their own validator sets and and that's not something, I I don't think I think there's always gonna be something people wanna do. But I think that for the majority of chains, for smaller projects, leaner teams, I think that they that, you know, will become very big, you know, someday. I think that there's a lot of utility in having a place to launch. And, like, a one a weight a way to do it, basically, like, just like the best way to launch. And, I remember when I was, you know, I remember when I was, you know, in in it was, like, maybe 2018 or 19.

Jehan Tremback:

I wasn't really involved in in Cosmos to a big extent, but I I went to a Cosmos hackathon, and I built a hackathon project. And then it was almost a little bit, like, anticlimactic, you know, because, like, you you go to an Ethereum hackathon and, you know, they're like, oh, yeah. Now just hit the deploy button, and now it's live on Ethereum, you know? And, you know, it's, like, pretty exciting. With Cosmos, it's like, you know, they're they're like, I mean, I think it was like, you know, j kwon and like Ethan there and something.

Jehan Tremback:

They're like, okay, guys. Now you can just, you know, run this one validator on your own computer, and you can see how your chain works. But yeah, of course, if you don't have a real chain, you have to find these other validators. And I was like, what what where it's just running on my computer now, whereas when's it gonna go live, you know?

Sebastien Couture:

It is live.

Jehan Tremback:

So I think that's something now It's live on your computer. Yes. Live on my computer. Yeah. So so I think that's something that's that's been a little bit of a puzzle for for projects, especially projects coming from other ecosystems, for a long time with Cosmos is is, you know, like, what what now?

Jehan Tremback:

And so with with interchange security, what we wanna do is give these projects, like the best way to launch the Cosmos chain. So, like, sure, you go out and find your own validators. That might be a good fit for some, very large prominent projects. But for most projects, it's going to be easiest to just permissionlessly put a transaction on the hub. Validators start coming in, the chain starts running.

Jehan Tremback:

That's kind of what we're going for to make the best place to launch a chain.

Sebastien Couture:

No. That's cool. And and, I think I wanna now take a little bit of a zoom out a little bit because I I I read in one of your posts on the hub forum, about, Babylon. You said something I'm I'm paraphrasing here to the effect of that. You you hope that the hub will become an aggregator of security.

Sebastien Couture:

And that this really this really, kind of stuck out at me as like a new concept that I hadn't heard before. Now, of course, like this was in the context of talking about bringing Bitcoin to secure Bitcoin security, to the hub. Can you expand on what the what's the kind of end game here in terms of bringing other sources of security to the hub and augmenting the existing validator set?

Jehan Tremback:

Yeah. I think, so we don't want to augment the val well, yes. I guess it's augmenting validators, but we don't wanna bring more validators to validate. I mean, obviously, more validators can try and have any time, but it's like Right.

Sebastien Couture:

I mean, like, augmenting the security. Set? Yeah.

Jehan Tremback:

Yeah. Augmenting the security. Yeah. So so, you know, like I was saying, like, the the the goal here, the North Star is to provide the best place, you know, or the best way to launch a chain. Right?

Jehan Tremback:

And so everything else is in service of that. And, you know, chains don't necessarily care about, like, what's the most security or whatever. You know, they certainly do care about some extent, but it's like a lot of times, it's like how do we get launched? How do we get launched with with enough security? And then also, there's also, you know, alignment.

Jehan Tremback:

So sometimes, like, there's a lot of lot of people building what are effectively, you know, cosmos chains, but they're calling them Bitcoin l twos, because, you know, they wanna be aligned with with Bitcoin and do things for the Bitcoin community. So, I think in services that goal of, like, it being the best the best way to launch a chain, that means that we don't wanna limit it and say it can only be secured by Adam. You know, we wanna we wanna we want you to be able to launch a chain secured by anything on the Cosmos hub. So that's what the, you know, that's what the Babylon, partnership, is is is about, is kind of bringing additional sources of security in. And we're also working on bringing other assets in.

Jehan Tremback:

It's actually gonna be kind of pretty much the same code to bring the Bitcoin security in as it is gonna be for for any other asset as well. So that's kind of, will definitely, Bitcoin will be first, but we're gonna open, you know we're we're we're gonna we're gonna be batting more security sources, you know, as quickly as we can. So what's what's interesting about it, the way it interplays with the validator set is basically the validator who's secured by so so people staking on the different platforms. So let's say, Adam, you know so with with staking Adam natively on the hub and then also, let's say, with staking Bitcoin on on Bitcoin, which Babylon allows. A validator's power is going to be made up of the security from everybody who delegates that validator no matter where they're delegating from.

Jehan Tremback:

So if, I don't know. Let's say what's a good example? Let's say, you know, s g one. S g one has some number of Atom delegations, and they have some number of Bitcoin delegations. They're gonna take that power and that security to any consumer chain that they choose to to validate on.

Jehan Tremback:

What's what's a Bitcoin Delegation? Oh, okay. That's well, okay. I wanna get off on the tangent too much, but we we can talk more about Babylon. Basically, Babylon.

Sebastien Couture:

Yeah. Yeah. But it's because, like, I mean, I think here that it it bears sort of unpacking what a Bitcoin delegation is because that's

Jehan Tremback:

I've never heard

Sebastien Couture:

that term in my

Jehan Tremback:

life. Yeah. So Babylon allows, people to basically stake on on Bitcoin. So they they've they've come up with some novel cryptography, to basically let you lock your Bitcoins up directly on the Bitcoin blockchain and have that, power go towards validators on proof of stake chains, on on the Cosmos hub. And they the Bitcoins also they get slashed if there's double signing.

Jehan Tremback:

So it's it's kind of they they put together the package of delegation and slashing, and rewards. So it's basically like you could you could be delegating Adam on the Cosmos hub, or you could be delegating Bitcoin on on the Bitcoin network. And that those are those are the, you know, the source of security I'm talking about aggregating here, although we wanna add other ones. But, yeah, just to clear that up.

Sebastien Couture:

Okay. And but the the What

Jehan Tremback:

what I was gonna say about the validators yeah. Is that validators who we can do more of a deep dive on that too if you want, but I was just finished the thought. Validators let's say s g one's power will come from the Adam delegations and the Bitcoin delegations. And so there's kind of a that's where the security aggregation comes in. It's like you're kind of creating almost like this effect where the more that people are trying to stake on, like, any chain that's running on the Cosmos hub, the more security also goes towards other chains at the same time too.

Jehan Tremback:

And so there's this flywheel effect, and that's what, you know, know, I was talking about for for for security aggregation. So you you know, you might have let's say s g one is is is, you know, validating on the Cosmos hub, on Stride, on Neutron, and also on, you know, let's say some some kind of Bitcoin l 2. Bitcoin people from Bitcoin are delegating because they wanna earn rewards in that Bitcoin l 2 from s g one. S g one's power now is actually gonna be increased everywhere it's validating, you know, within the within the Cosmos subsystem. So that's the security aggregation concept.

Jehan Tremback:

Okay.

Sebastien Couture:

And yeah. Regarding security, I I think it's becoming clear that security is is on the way to becoming commoditized. You know, we host we hosted this this event in, in Denver, called we called the convergence and it was sort of a panel about the convergence of Ethereum. And really to me, the, they, the takeaway there is. What that means is that security Ethereum security is becoming commoditized application.

Sebastien Couture:

The, the, the, the Cosmos SDK framework and IBC are going to be leveraging commoditized security to build applications and that interoperate with each other. And that the so the end game is this swarm of validators that's that's proving lots of different applications across this, you know, massive kind of state machine. How does the hub compete in in this, you know, commoditized security landscape? And how does it, differentiate itself from, I mean, at least in the short term with, with the likes of Igan layer and, Polygon V2 and some of the other restaking projects out there?

Jehan Tremback:

Yeah. I think the key is in in this landscape is that you don't wanna just be a middleman. You don't wanna be a middleman between an asset and the thing it's securing, because the middlemen are gonna get cut out. And so, know, you need to be providing value. I think, you you know, the the the real so the real thing like, even with Eigenlayer, let's say, the the real thing is the the Ethereum that's being used to secure.

Jehan Tremback:

That that's where the value is going is to people who are actually staking their assets. And anything that's kinda going between, you know, is is is in the is in the pipeline between the staked asset and then the system is securing, ultimately needs to be providing value. And so the way we wanna do that with the Cosmos Hub is by having this by focusing on this thing about where it's the best the best way to launch a chain. And I think, ultimately, that's more important that you have that you bring all these chains together versus kind of offering any one particular kind of security. And like I said, there's the flywheel effects with where the validator set getting more security from other sources makes it even stronger.

Jehan Tremback:

So that's kind of what we're focusing on is is is adding value by making things easier for chains versus just saying, like, hey. We have this source of security that that we're bringing in. And that's definitely a shift too. I mean, I think when we've started on your chain security, we were in the mindset of just, you know, let's let's bring Adam's security to other chains. But as as it's becoming more and more commoditized, you know, we're figuring out how to how to act as as a point within that ecosystem where people can, you know, kind of come around this point and and, you know, create a flywheel effect and aggregate security.

Sebastien Couture:

So maybe just taking the other side here, I want to talk a little bit about ethos. Now, of course, ethos is not live yet. It's still sort of in stealth. There's been some information about like what ethos is building and ethos is this, this eigen layer of yes, that will enable Cosmos SDK chains to leverage Ethereum security. I think, like, ethos positions itself, or at least not explicitly, but implicitly as as a competitor to the hub where applications can leverage in all of the restake ETH and Eigen Lara for for security.

Sebastien Couture:

You know, if you're an app chain, like, alright, you have different options for securing your chain. You might build your own validator set, but if that's out of your out of bounds, like, sort of out of reach for you, you might go to out, you might go to Cosmos, you might say, hey, like I'm fully I want to be aligned with Ethereum because that's where there is the most security, and that's where there's the most economic value in terms of defy and, you know, liquidity. Maybe you're borrowing Bitcoin. Like maybe Bitcoin sort of falls outside of that, at least for now. Why would a change pick the Cosmos Hub over, Ethereum and the entire sort of ecosystem, the EVM ecosystem, and all of the roll ups and all of the liquidity and applications being built there?

Jehan Tremback:

Yeah. I think well, like I said, I think, you know, launching and, launching a an app chain, launching a Cosmos chain is the most powerful way to build a blockchain application. It's not necessarily right for every project. I mean, some project will be better on roll up or or a smart contract directly on Ethereum. So as far as, like, you know, the Cosmos hub versus anyone else, we are we're gonna be adding an Eigenlayer AVS as well.

Jehan Tremback:

It's actually pretty much the same at least on the Cosmos side, it's kind of the same thing you need to do to bring Bitcoin security and bring Eigenlayer security in. So I think we we don't wanna just be like a middleman. We don't wanna just be like an Eigenlayer middleman and just saying, hey. You know, here's how you, you know, here here, we're offering you this eigen layer security. We we wanna we wanna aggregate multiple source of security.

Jehan Tremback:

You know, obviously, bit Atom, which already is, you know, very, very large source of security, but then also Bitcoin and Ethereum and kind of, let people benefit from a validator set that's secured by all these things, versus just kind of acting as a middleman, for for one of them. Another thing we wanna do is actually when we do this, Eigenlayer AVS, you kinda use AVS. It's a Eigenlayer. It's a Ethereum contract on the Ethereum side, and then you need, like, an Oracle to be able to read it to get the security in. When we do that work, we actually even wanna open source it.

Jehan Tremback:

Because I think that if if a chain just wants Ethereum security, they should just go direct to Ethereum. They should set up their own eigenlayer ABS. So I think just kind of just kind of sticking on one one source of security and putting ourselves in as a middleman is not what we're really shooting for. We're trying to aggregate a lot of different security and bring it together with a battle test and validator set, innovative stream consumer chains, and be the best the best way to launch a chain. So that's kind of, our our focus.

Jehan Tremback:

I can't speak for anybody else. Yeah.

Sebastien Couture:

Yeah. No. I think it makes sense. One of the topics on the panel in Denver was alignment. So we talked a lot about what what Ethereum alignment means and what Cosmos alignment means.

Sebastien Couture:

And the question was like, is there such a thing as Cosmos alignment? I think the prevailing takeaway was that Cosmos alignment is not so much about aligning with an asset as it is maybe in Ethereum, but, aligning with a technology and and specifically with IBC. Right? So, like, Cosmos Alignment means, being part of the IBC network. Does that resonate with you, or do you see Cosmos Alignment as something different?

Jehan Tremback:

No. I think that resonates with me. I think that, you know, I think that a lot of stuff around alignment in the crypto ecosystem is kind of BS. And I actually find it refreshing in Cosmos that it's like about like, hey, what can we build? What technologies can we use?

Jehan Tremback:

A lot of times But I think it's like a lot of times there's a lot of stuff that's that's that's done where it's kind of you you want to you want to kind of like make people like you based on, you know, what what you know, like make people like you based on, you know, what what, you know, what community you choose to align with versus like trying to build the most useful thing. I think Cosmos is great we have we have a lot of teams that are just trying to use the technology to to build the most useful thing they can without it being like about trying to choose a particular tribe or whatever. And so with the Cosmos Hub, with whatever. And so with the Cosmos Hubway, Interchange Security, we want to always what we do, we want to facilitate that. We want to build something useful where you can use the security you want, get it from where you want, and kind of have it set up in the way you want versus, trying to say, hey, I'm I'm part of this this tribe or whatever.

Sebastien Couture:

Yeah. The thing, what we had concluded in the panel was that alignment is a bear market coping mechanism And that whenever, whenever the bull market comes around, like alignment just gets thrown out the window because you know, there's so many opportunities and, incentives to, you know, put your liquidity towards like things that might not be aligned with your initial thesis. And, so I thought that's kind of funny anyway, I'll put the link in the show notes for people who are interested in, reading the recap of the panel and re rewatching the panel because it's also on, on, on YouTube. So, yeah. What's the end game here?

Sebastien Couture:

Like, you know, looking now, the the hub is 5 years old, and, you know, I wish the hub many more years, and I, you know, I hope that we're still all holding Adam, in 5 years from now. What's the at the end game for the hub in your view?

Jehan Tremback:

Yeah. I think the hub does more. Like you said, it was, you know, also, you know, Adam wars and and also, you know, atomic IBC and and roll up related stuff, which we'll have to cover later. And maybe

Sebastien Couture:

We'll have to get you back on. Things too. We'll have to come yeah. I'll have to come back on with that.

Jehan Tremback:

Yeah. But I will say as far as chain security goes, the end game is, like, it's I wanna create, you know, what's been what's been missing, which is, like, hey, I built this. I use this powerful technology. I built this powerful blockchain, but it's only running on my computer. I wanna I wanna provide people a way where it's just, like, the best way to launch.

Jehan Tremback:

Like, there's other ways to launch it. Sure. You can't you can't put together your own validator set, and that's always something that some people will choose. But I want this to be just kind of the best way if you're just trying to get your project out, get it launched, get it secured by a lot of security and, you know, get moving. So that's kind of, that's kind of what we're shooting for.

Sebastien Couture:

Great, John. Thanks so much for coming on today. It's been really, really fun chatting and, looking forward to getting you back on to to cover all the things that I have here in my in my rundown that we didn't get to cover.

Jehan Tremback:

Yeah. Cool. Good talking.

Creators and Guests

Jehan Tremback
Guest
Jehan Tremback
Cosmos Hub Lead, Informal Systems
Cosmos Hub ICS Security Marketplace with Jehan Tremback of Informal Systems
Broadcast by