Backing Q: L1 blockchain/DAO with unique multi-layered consensus & governance for resilience as well as enforcement of traditional contracts as complements to smart contracts

by Felix Machart, May 10

We are excited to share that we led Q’s recent $12m funding round, which has recently launched their mainnet.

Q is building a unique L1 protocol with a clear governance process, security that is based on several layers of diverse node operators and its constitution as well as legal enforceability and dispute resolution for applications building on top.

The team is guided by the insight that sustainably successful companies as well as nations have good governance. Also blockchains and the economic and social activity in the metaverse will depend on such. As people shift attention, time and value from the physical realm to the metaverse, the question of governance will become more pressing. Projects with sound governance will win over competitors which lack governance. Its open-source architecture allows other metaverse projects to integrate with Q, thereby boosting user trust and project value.

Issues with L1 governance

Uncertain governance

L1 governance is often ill-defined and non-formalized, which creates uncertainty over the intent and outcomes of governance initiatives, which prevents traditional players from building on chains.

Implicit power structures

Powerful stakeholders such as exchanges and large stablecoins can have significant leeway in defining which version will be the “official” version in case of forks (see e.g. on the unforkability of Ethereum).

Lack of sustainable economic security guarantees

The market capitalizations of application specific tokens could outgrow the L1 tokens, if there is no direct enough value capture mechanism that lets the L1 benefit from application layer growth. As a result, economic attacks on L1 governance could become feasible in order to exploit application level mechanisms. While chains such as Ethereum currently boast immense market capitalizations, due to monetary premia as well as significant fee revenues (due to constrained block space and thus high gas fees), it is not guaranteed that this will persist.

Governance in the metaverse

It is becoming increasingly apparent that people will spend large amounts of time in the metaverse which will also increasingly merge with regular reality. While there is debate about its exact definition (maybe it’s just the internet), it is likely that a global network of spatially organized, predominantly 3D content will be available to all without restriction, for use in all human endeavors — a new and profoundly transformational medium, enabled by major innovations in hardware, human-computer interface, network infrastructure, creator tools and digital economies.

Especially when thinking about games and virtual worlds it should become clear that people will more and more be able to choose which governance framework they want to operate in, independent of geographical location.

While many aspects will be governed deterministically (e.g. did a player score a goal?) users will also need a governance system that defines and enforces agreed-upon rules that are not only deterministic but take into account qualitative judgements in cases such as discrimination or hate speech.

Complete vs. incomplete contracts & residual governance

Institutional economics finds that in many instances it is impossible to write complete contracts that cover all future possible states of the world. To cover these unknowns, there need to be residual governance rights, which is a premier reason why firms exist and not all economic activity is organized through market interactions among peers. While it is probably increasingly possible to write complete contracts through sophisticated software libraries or elegant designs (see e.g. Liquity), many governance settings will still require ambiguous interpretation of contracts, dispute resolution as well as residual governance rights and in many cases qualitative limitations of such (e.g. minority shareholder protections).

Potential Use-cases and Applications

The Q constitution and its ability to act as an official document used in real world arbitration makes Q a suitable platform to deploy applications which require:

  • Interacting with or bridging to the real world (financial and legal system), where code-is-law approach is not applicable and more flexibility/interpretation is required. This includes tokenization of off-chain assets such as real estate or loans with real-world legal entities & enforceable claims in case of default.
  • Long-term oriented use-cases (e.g. insurance) which are too dependent on long-term predictability in their design to sustain the common L1 governance volatility and uncertainty.
  • Governance-heavy decision-making for protocols like e.g. treasury management, where a legal back-stop might be required.
  • Handling of hacks and exploits as well as addressing protocol changes/hot-fixes that might be sped up via the governance process on the L1 level.

Integrated applications can extend the scope of the Q Constitution to cover the applications as well which would allow for dapps to have a tailored governance allowing to create applications like a no-MEV DEX, where a certain governance feature or attribute is only applied to a certain protocol.

Some ideas of crypto-native use-cases which might make more sense on Q as opposed to existing L1s:

  • Non-MEV DEX — not allowing monopolistic MEV extraction on the level of constitution (if extracted, should be democratized)
  • A toolkit/framework for DAO creation with a legal backstop — ability to do dispute resolution in a real court
  • Tokenization of real world assets with an option to subsequently use them as collateral to mint the native collateralized stablecoin QUSD. Additional feature might be the ability to bridge these assets to Ethereum to integrate in e.g. Maker
  • DAO bond issuance

Enter Q’s governance framework

Q represents a L1 blockchain protocol that specifically provides a solution for complex as well as ambiguous governance requirements and economic scalability while building on proven technical standards (e.g. Ethereum Virtual Machine — EVM).

The Q team understands blockchains essentially as a social technology. They aim to foster the adoption of decentralized systems by creating a universal governance framework that combines the benefits of a public, permissionless and decentralized ledger with governance concepts that have proven themselves in other established legal and social systems.

As defined in the paper on the state of blockchain governance, one can separate between 1.) governance of the infrastructure and 2.) by the infrastructure in the context of blockchain protocols. Q mainly tackles these two major issues in a distinct way: 1.) They clearly define the intent and values of Q as well as L1 governance processes with checks and balances to reduce uncertainty regarding changes and upgrades of the infrastructure as well as the constitution itself. 2a.) Validator nodes that operate the blockchain are kept in check by root nodes which are kept in check by each other and the constitution 2b.) applications either build on Q in a permissionless fashion with pure code-based governance (based on the EVM) or they can integrate deeply with Q by amending the constitution, in order to apply legally enforceable governance and dispute resolution services to their use-case.

L1 governance

Public L1 blockchains are supposed to be maximally resilient infrastructure in order to represent highly reliable institutions for governing economic and social activity. The resilience of the infrastructure is usually heavily dependent on the types of consensus and incentive mechanisms employed. In the case of proof of stake, nodes usually run client software that implement the protocol specification that include aspects such as slashing for mis-behavior including more severe punishment for executing invalid state transitions or less severe punishment for going off-line which is important to incentivize actors operating the network according to the intended standard. Protocols are trust-minimized and usually define certain assumptions regarding the amount of malicious actors as part of the whole set of nodes (e.g. ⅔+1 honest and reliable participants in BFT). Decentralization serves the purpose to decrease the likelihood that such assumptions are broken, since it becomes increasingly harder for individuals or sets of individuals to start coordinated attacks in case of malicious intent, the more actors are participating in general. In addition, a network also becomes more resilient against non-malicious failures such as natural catastrophes, the more distributed it is.

Q employs a novel approach as to how it creates robustness and resilience beyond technical means, through a multi-layered consensus and governance model.

Generally, Q token holders have the power to elect root nodes & stake on validators as well as to change the constitution (with supermajority requirements). The constitution defines the basic principles, the rights and responsibilities of different node types, penalties for misbehaviors, arbitration processes as well as processes and requirements to alter the constitution itself.

As such, the constitution itself defines a protocol that governs network behavior (governance by the infrastructure), while the amendment process can be viewed as governance of the infrastructure.

High level governance overview: checks and balances — source: Q

Multi-layered consensus

In order to build a more robust and secure system, Q is based on several layers of defense that should cover different edge cases and gain resilience as a result. 1.) a permissionless delegated proof of stake consensus system provides byzantine fault tolerance (resilient with ⅔+1 honest participants), 2.) identified and diverse root nodes enforce the constitution and can slash validator nodes, while 3.) the constitution provides the basis for the whole protocol, with a dispute resolution mechanism as a last resort with legal enforcement. However, token-holders can ultimately change the constitution (with 75% majority requirements for fundamental changes).

Multi-layer consensus schematic — source: Greenfield One analysis @madewithtea

Delegated proof-of-stake consensus

The underlying consensus of the validator network is a custom delegated proof of stake (dPos) consensus which originated from the proof-of-authority Clique consensus, which has been used in Ethereum testnets. It’s important to note that the modifications change the consensus rules from a proof-of-authority consensus, which comes with a fixed/static set of validators, to a delegated proof-of-stake consensus in which validators have to stake a minimum stake and Q token holders can delegate additional tokens to a validator’s stake. This consensus acts as a first line of defense. The validator set is permissionless and anybody who is able to stake the minimum staking amount can potentially become an active validator in the set. The set consists of active, standby and backup validators. The set is ranked to an active shortlist by ordering descending by staked Q tokens.

On-chain governance through system contracts

In contrast to other delegated proof-of-stake chains the list of validators and their staked balances is maintained in system contracts that are deployed on-chain. Also, other consensus rules of the Q full node and validator, such as dynamic parameters, are dependent on on-chain governance. This approach allows for parameter changes taking direct effect on the consensus without upgrading full nodes or validators. The contract registry acts as a special contract that points to the current versions of governance and system contracts. Currently, the owner is a multi-signature wallet of trusted entities. Proposed upgrades of the contract registry require ratification by the root node panel, ensuring that changes to core consensus mechanisms of Q are executed only if they are in line with the Q Constitution.

First, second, and third line of defense

The delegated proof-of-stake consensus acts as a first line of defense against malicious actors. The consensus is byzantine fault tolerant (BFT). If validators act maliciously or are not performing their duties Root Nodes (as a second line of defense) are able to slash validators or remove them from the set of validators entirely (in line with the constitution). For the attack scenario where more than 1/3 validators are malicious, no new blocks can be produced. In this scenario the root nodes can/should step in (as a second line of defense) and disallow the malicious validators using the authority of the Q constitution. Root nodes have the power to slash stake on-chain, while root node decisions can be disputed by way of private arbitration (based on the constitution). Unreliable or malicious root nodes can be voted out by token-holders and since they are known with their real-world identity, off-chain legal enforcement further deters malicious behavior.

Root Nodes and Validators

Root nodes and validators are functionally separated in order to allow for specialization which should lead to efficient operations as well as resilience due to diverse sets of participants. The validator set is permissionless, which means anybody who has sufficient Q tokens delegated to them (with a certain amount of Q tokens staked themselves to ensure skin in the game) can join the shortlist. The validators and the delegated proof-of-stake consensus acts as the first line of defense, signing blocks in an operative manner (24/7 uptime requirement). Root nodes are distributed across jurisdictions, diverse known entities (criteria are e.g. geography and industry) and are voted into the set of root nodes by Q governance according to the constitution. Such diversity should result in a lower likelihood of collusion or common failure modes, which contributes to resilience, while having real-world reputation on the line should deter from any misbehavior (since legal recourse is possible). Root nodes enforce the constitution, while disputes can be escalated to the ICC, the most prominent international arbitration court.

Vision for 1 person 1 vote governance through Q ID

There will be an integrated identity solution based on the W3 DID standard for Q ID, which should allow users to voluntarily prove their unique identity. Initially through centralized 3rd party providers and later potentially through more decentralized alternatives.

In the future, Q ID holders should have a veto right regarding constitutional decisions by Q token holders, which should lead to holistic consideration of all stakeholders in governance, which is crucial in systems that aim to represent decentralized autonomous organizations as argued in the paper on the state of blockchain governance.

Further there is a vision for Q ID holders receiving a share of Q fee revenues as a form of UBI.

Interoperability with other L1 chains through OmniBridge

The OmniBridge was initially developed by the team behind xDai to bridge any ERC20 token from Ethereum to the xDai chain, see documentation. The Q team decided to employ the OmniBridge for bridging between the Q blockchain and Ethereum. The redundant bridge operators are elected by Q governance. On the Q side of the bridge, bridge transactions are signed by validators. On the Ethereum side, for now, a proof-of-authority consortium is signing transactions on Ethereum. The team works on a solution to integrate this set of signers with Q governance.

Application layer governance

By amending the constitution, applications can become integrated into the governance and dispute resolution system of Q. As a result, smart contracts would have accompanying natural language contracts that would clarify their intent, resolving some of the issues of incomplete contracts, which poses several advantages and opportunities:

  • The intent of smart contracts can be well defined in natural language, while making them subject to dispute resolution in the case of unintended failures, bugs or exploits (there have to be grace periods as well as escrow accounts implemented that allow transactions to be disputed)
  • Legally enforceable contracts can be constructed in tandem with smart contracts, which would facilitate use-cases such as real-world asset tokenization (debt agreements incl. undercollateralized loans, real-estate, IP etc.)
  • Qualitative conditions can be included as well as enforced in smart contracts. Examples include minority token-/ share-holder protections or criteria for treasury spending.

Expert panels

Industry as well as use-case specific expert panels will be appointed by token holders and will be in charge of regular operational decisions and disputes.

In order to enjoy the dispute resolution services of the Q DAO, integrated applications are expected to enter into revenue or profit sharing agreements with Q stakeholders.

Economic scalability

Integrated applications demonstrate an important pillar for Q’s economic scalability. Revenue sharing with Q token holders creates tangible cash-flows that scale with application growth, which leads to proportional increases in token value and thus economic security.

An attacker who wants to compromise the integrity of an application such as a collateralized stablecoin system that is implemented as an integrated application would need to attack the Q layer 1 blockchain. Since the value of Q exceeds the value of its individual applications that are built on top of it, this is orders of magnitude more expensive, rendering any attempt of an attack economically unattractive. As a result, integrated applications exhibit a higher level of resilience against economic attacks compared to traditional decentralized applications.

Economics security visualization — source: Q whitepaper

Core team

The Q team consists of serial entrepreneurs with a strong track in international law, corporate governance as well as investing, advisory and technical execution in/of crypto projects. Martin & Nicolas have been working together for many years, incl. executing several M&A transactions together with corporate governance & private arbitration exposure. Together, they have initiated the crypto fund/advisory firm Postera Capital in 2017, while collaborating with Andrei as well as other Q team members on a project with Wikipedia in 2019 regarding their blockchain strategy with a governance angle (how to increase decentralized participation in governance).

Stakeholder onboarding

Q has developed a dashboard for users to interact with Q by participating in governance and staking. This dashboard provides an overview over the root node panel, validators and ongoing governance proposals. Users can access Q’s core functions, including its integrated decentralized borrowing & stablecoin system. So far root nodes from diverse and strategic backgrounds, such as law firms, universities, VCs, government-related bodies, enterprises and validators have been confirmed. Validators include Chainlayer, T-Systems and Hashkey.

Participate in governance, check and manage stake in HQ: https://hq.q.org/

Existing infrastructure

Significant infrastructure to onboard various stakeholder groups is ready:

  • Live mainnet with validators and root nodes
  • Bridge to Ethereum
  • Metamask integration
  • Lending/borrowing Maker-like dapp with an own stablecoin
  • iOS and Android wallets
  • Governance dashboard
  • Block explorer

Get involved

To learn more about Q, the website is a good place to start. You will find links to the Q Constitution, the White Paper and more.

If you are interested in building on Q, check out the documentation and the project repo. The documentation also provides information on what you need to know if you are interested in supporting the Q protocol as a validator, root node or expert.

If you have any questions regarding Q, or just want to get to know the Q community and chat to the team, make sure to join the project’s Discord server.

Greenfield One is actively engaged in providing infrastructure to Q by running both a Validator Node as well as a Root Node in the network. In the case you think that our vision for Q outlined in this post is aligned with yours, you can support us by delegating your Q tokens to our Validator address: 0x207157E38B380AF3890D88E78F851dfFb15419AA.