January 8, 2019 . 5 min read

5. A Separation of Powers in STORE’s Decentralized Governance of Checks and Balances

How formal and enforceable roles prevent gridlock when miner, developer, and holder interests diverge

Introduction

While preventing 1/3 Byzantine fault tolerance (BFT) and Sybil attacks looms as the issue of most importance for any monetary blockchain protocol, we at Storecoin believe that there is a challenge equally as important. This is the ability for the governance system to enable the protocol to evolve, update, and upgrade without leading to collusion or other forms of centralization of power. After extensive research, we have come to the conclusion that the only way to achieve this is through a separation of powers.

This separation of powers must be a division of the responsibilities of governance among different stakeholders, which enshrines checks and balances such that the changes that occur advance the protocol as a whole, not just the interest of one group of stakeholders over another, as well as preventing tyrannical rule by any one group. This document is about the separation of powers built into the Storecoin governance model. It describes the specific groups who make up governance - their members, incentives and roles.

Why A Separation Of Powers?

The ecosystem around any blockchain protocol is a complex web of token holders, developers, foundations, and network builders (such as miners and validators). Each of these groups has different financial interests, and as such, different incentives in terms of the changes they’d like to see in the network.

These different incentives are potentially an enormous source of gridlock in the change process. Each group constantly fighting for its own interests can lead to stagnation by preventing important changes from ever occurring. On the other hand, if one group has too much power relative to the others, it could impose changes that are good for its interests at the expense of the others or of the network as a whole.

One way to look at governance design is to see it as the task of allowing groups with competing incentives to advocate for their interests, but within the context of a system that can still reach finality through democratic means.

The framers of the US Constitution knew this problem well. One of their great innovations was the idea of a separation of powers. By giving groups with different incentives different roles and responsibilities, those groups could provide checks and balances against one another without threatening the ability of the governance system as a whole to advance important changes, and while also preventing functional takeover by a single group.

The “Citizens” Of Storecoin

Anyone who holds $STORE is considered a Storecoin citizen - a formal member of the Storecoin community.

The average $STORE holder is interested primarily in 1) increasing the value of their holdings, and 2) being able to use those tokens effectively - such as to pay for goods or services, send to friends, etc. As such, the incentive of $STORE holders to understand and participate in governance is likely proportional to their financial stake and their self-defined goals for that stake. In all cases, they have incentive to either propose changes themselves or support change proposals from others that they believe are likely to increase the value or utility of $STORE tokens.

In addition to participating in the community discussions around governance, Storecoin citizens (i.e. holders of $STORE) additionally have two avenues for formal participation in governance.

First, all holders of $STORE have the right to propose feature changes. In order to keep formal governance processes focused on the most important issues to the community, any feature change proposed by a $STORE holder must demonstrate that it has sufficient support before being added to a quarterly ballot for voting.

The second way $STORE holders participate in governance is by staking $STORE to demonstrate their support for feature change proposals during this crowd-funding process. Initially, the proposed governance model requires 0.005% of the total market capitalization of $STORE to be staked for a measure to make it to the ballot.

In Storecoin’s “Decentralized Republic” model, that responsibility falls to the “Decentralized Branch” or dBranch for short.

The Decentralized Branch (dBranch)

The dBranch is comprised of the entities that actually do the work to make the Storecoin blockchain function, and function securely.

The dBranch includes Validators, Messagenodes, and Security dGuards. Each of these groups plays an important role in the Storecoin ecosystem:

Validators run full nodes to validate the p2p consensus.

Messagenodes run full nodes to host data for the p2p consensus.

Security dGuards are focused on the security of the network.

By definition, these entities hold $STORE and thus are able to propose feature change requests and support the proposals of others by staking them. Unlike regular $STORE holders, however, Decentralized workers are involved with voting on measures that make the ballot.

The reason regular $STORE holders do not vote but Decentralized Workers do comes down to a question of who has incentive to be best informed about and most thoughtful with regard to the potential different outcomes of change proposals. Whereas $STORE holders may be simply passive investors, decentralized workers are $STORE holders who have decided to take the additional step to stake $STORE in order to more fully participate in network building and governance. While it is neither difficult nor cost-prohibitive to become a dWorker, it does convey a more proactive engagement and more commitment. On average, these dWorkers have a greater financial incentive to understand the implications of different proposals.

Separation of powers has two dimensions in the context of the dBranch. The first is that it is a separate branch from the other major branches of governance, with the unique role of voting on governance measures. The second is that, within the dBranch, there are in fact three independent voting chambers, similar to the separation of voting in the U.S. Senate and House.

The assumption is that each of the groups - Validators, Messagenodes, and dSecurity Guards - will be motivated to push for measures that would benefit them economically. By forcing ballot measures to be voted affirmatively in each independent voting chamber, Storecoin’s voting process ensures that only measures that are broadly and cross-cuttingly beneficial can pass through governance.

Another important note about the decentralized workers playing the role of voters in governance is that this system attempts to address the opacity of development process and roadmap prioritization that plagues other protocols. In some other blockchain ecosystems, the core developer groups or foundation teams represent something of a black box. By providing the Storecoin decentralized workers the ability to vote, it creates checks and balances against unlimited developer power.

The Executive Branch

The Executive Branch of Storecoin’s governance is the group of software developers and engineers, led by an Executive Director (ED) and employed by the Storecoin nonprofit.

The members of the Executive Branch have the primary purpose of implementing the changes that are passed through governance. They are hired exclusively for this purpose and can be fired for failure to deliver. In short, the Executive Branch is an implementation branch.

In this, their incentives are somewhat different than other branches of governance. On the one hand, their incentives are less about what the changes are and more about delivering against the decisions of the governance process effectively and efficiently such that they keep their jobs. Within that context, however, the Executive Branch - and in particular, the Executive Director, have an incentive to see realistic, feasible changes pass through governance.

In other words, the incentive for the Executive Branch is to see only accomplishable, essential changes pass, rather than radical policy swings, fly-by-night feature changes, or half-baked concepts or ideas rather than codified, actionable updates. One of the important checks and balances in Storecoin’s separation of powers is that, like the U.S. President, the Executive Director can veto changes approved through governance. Vetoed measures are sent back to the Decentralized Branch for a re-vote with higher thresholds to pass.

The Executive Branch also has a role in determining the course of action in the case of severe security threats. During a severe security threat, the Executive Branch works with the Security Branch to develop a proposal that is approved or rejected by the Judicial Branch outside of a vote from the dBranch. The window for this non-voting security change process to occur is only 30 days, after which all changes must once again be approved by the dBranch.

The Executive Director is the only member of the Executive Branch hired through a formal governance process. The appointment is recommended by the Judicial Branch and approved via vote by the dBranch. This process is again exemplary of the checks and balances that arise in Storecoin’s separation of powers.

When the Executive Director is hired, their employment contract includes certain terms and expectations that are enumerated in Storecoin’s governance. In particular, they agree to certain standards for how expediently changes passed through governance are implemented. While in general, a removal of the Executive Director must also be subject to an approval vote by the dBranch, failure to implement changes within the time window articulated by Storecoin’s governance (and built into their employment contract) can open them to firing for cause by the Judicial Branch. For more on this, see our previous piece on enforcement. An Executive Director is allowed to serve for 8 total years, whether consecutive or non-consecutive.

The Executive Director is responsible for hiring and firing the developers and other employees who make up the Executive Branch. This process is not subject to governance review or approvals, and functions just like the ED of any independent nonprofit building their team.

The Security Branch

The Security Branch is comprised of the Chief Security Officer (CSO) and a network of decentralized and anonymous Security dGuards (dGuards). They are tasked with maintaining the security of the network.

Like the Executive Branch, members of the Security Branch are hired with a specific mandate: to keep the network secure. Their incentives are to undertake a set of activities that address potential or current security concerns in a manner that will lead to their re-hiring.

The Chief Security Officer is nominated by Executive Director of the Executive Branch and approved by the Judicial Branch. Since the CSO never touches final code that is released into the product, they do not need to be approved by full dBranch vote. They have the same 8-year total restriction as the Executive Director, and can be fired by the jBranch for performance issues or nefarious activity. The dGuards are hired, reviewed and re-hired on an annual basis by the CSO.

The Security Branch studies potential threats and builds software and algorithms for the dGuards to find those threats. As part of this work, the Security Branch makes ongoing recommendations to the Executive Branch for how to secure the network. The Executive Branch can then choose to turn those recommendations into proposals for voting by the dBranch.

As discussed previously, during severe threat situations, the Security Branch has 30 days to work with the Executive Branch to create a proposed response, which can be approved by the Judicial Branch without the approval of a dBranch vote.

In the context of Storecoin’s separation of powers, the Security Branch exists to ensure that there is a branch of governance concerned exclusively with security, over and above all other motivations for protocol changes.

The Judicial Branch

The Judicial Branch is a group of independent entities (akin to a board of directors) who, more than any other branch, are responsible for the long-term health of the Storecoin protocol and ecosystem.

The Judicial Branch is designed to think big picture. It is the only branch that can make proposals around changes in leadership and monetary policy. Its responsibilities include:

Nominating the Executive Director of the Storecoin nonprofit (which must be ratified by dBranch vote)

Recommending the firing of the Executive Director (which also must be ratified by dBranch vote) or firing the ED for cause based on the terms of Storecoin’s governance

Approving the Chief Security Officer after they are recommended by the Executive Director, triggering an approval vote

Researching and studying monetary policy (including reviewing monetary policy suggestions from the Executive Branch - who can recommend changes to the Judicial Branch but who cannot propose monetary policy changes directly to the dBranch)

Referring proposed monetary policy changes to the dBranch for vote

Puting the protocol into Severe Threat Mode, triggering security fix proposals from the Executive and Security Branches that can be approved by the Judicial without a dBranch vote

Interpreting the Storecoin Charter (i.e. constitution) when necessary

The Judicial Branch can put Storecoin governance into a state of severe security threat or “Severe Threat Level” environment. When this happens, normal security proposal voting through the dBranch is suspended for 30 days and the Executive and Security Branches can recommend changes for direct approval by the Judicial Branch. After 30 days, the security state expires and changes must once again be approved by the dBranch.

Appointments and removals from the Judicial Branch are recommended by the Executive Branch but must be approved by dBranch vote.

Summary & TL;DR

Just like in the United States government, the purpose of a separation of powers in Storecoin is to ensure that no single group within the Storecoin ecosystem has the power to unilaterally advance policies and changes that would benefit their incentives over the incentives of the others.

$STORE holders are not a formal part of governance (i.e. they do not have the right to vote on feature changes, leadership changes, or questions of monetary policy or security), but can propose feature changes and stake to support other feature change requests.

The dBranch is comprised of the Validators, Messagenodes, and dSecurity Guards who do the work to keep the protocol functioning, and have the responsibility to vote on changes to features, leadership, security and monetary policy, which they do from within independent voting chambers. For a measure to pass, it must pass each of the independent chambers and be ratified by the Executive Branch.

The Executive Branch is the implementation branch of developers and engineers tasked with writing into code the changes passed via the governance process. It is led by an Executive Director who is appointed by the Judicial Branch and approved by a dBranch vote, and who can be removed the same way OR fired for cause if they fail to implement changes in a predetermined time set forth in the Storecoin governance bylaws. All other Storecoin nonprofit employees are hired and fired by the ED as they would be in any independent nonprofit.

The Security Branch is charged with securing the network, including ongoing threat awareness and recommending proposed security changes to the Executive Branch, who can advance them for vote by the dBranch. It is led by a Chief Security Officer who is appointed by the Executive Branch and approved by the Judicial Branch. The jBranch can also remove them for performance issues or nefarious activity. The dGuards charged with identifying security threats are hired, fired or re-hired each year.

The Judicial Branch is charged with big picture thinking, and are responsible for recommending leadership changes and monetary policy changes, which are then voted upon by the dBranch. They are also able to put the network into a Severe Threat Environment, which gives them a 30 day window to directly approve security changes recommended by the Executive and Security Branches.

In our next piece, we’ll dive deeper into how checks and balances function in the context of specific change processes.