*Note: This review and score is purely based on the information disclosed by the validator service and the scoring rubric.
Last Updated: Oct 8, 2019
Chorus One operates on both Cosmos and the Loom Network. The company was founded by the COO of Tendermint and co-hosts of the Epicenter Podcast, and differentiates itself with a focus on security, long-term sustainability, and Cosmos SDK blockchains. Chorus One presently offers 15% commission validation services, and is based in Rockville, Maryland.
Team Background (75/100)
- Full-Time/Part-Time (10/10)
- Prior Blockchain Dev/Impact (5/10)
- Systems Experience (5/10)
- Recognizability (10/10)
Current Voting Power (60/100)
- Total Staked: (8/10)
- Unique Self-Bonders: (10/10)
- Commissions: (0/10)
Historical Metrics (80/100)
- Uptime (8/10)
- Proposals (8/10)
- Legal Compliance/Insurance (0)
- Innovations (+5)
Chorus One was founded by Brian Fabian Crain and Meher Roy in February 2019. The two founders are currently part-time on the project – both hosting the Epicenter podcast (link here).
Brian Fabian Crain possesses a background in economics, game theory, and operations – previously earning his MSc in Economics from the London School of Economics and acting as COO of Tendermint, Inc. Meher, on the other hand, comes from a background in Supply Chain and biotechnology – previously acting as a manager for supply chain effectiveness at GSK.
Outside of Brian and Meher, Chorus One has five full time employees. These employees come from a traditional IT background; acting as network engineers, devops engineers, cryptographers, and more. An interesting note is that one Chorus One employee previously designed a key management system (KMS) that allows individuals to shard ownership of a key across multiple parties. This system has now been repurposed into a KMS that Chorus One uses to shard its validator keys today.
Chorus One is presently the #7 validator on the Cosmos Hub with ~6.85M atoms delegated, and the #5 validator on Loom Network with ~19.75M LOOM delegated. At time of writing, this translates to approximately $44M USD and $1.6M USD, respectively. Worth noting is that ~44% of all atoms staked by Chorus One have come from a single address (presumed to be Chorus One’s own address or the address of one of Chorus One’s investors).
Chorus One additionally boasts a strong delegator community, with over 29 addresses staking 19,000 atoms or more (~$100,000 USD). This is presumed to originate from Brian and Meher’s roles as public faces of the Tendermint/Cosmos project and Epicenter podcast.
Chorus One has maintained 100% uptime since its entrance into the active validator set in the Cosmos genesis block. The company has, however, had three instances where they have missed 50 out of 1000 precommits (triggering a warning on block explorers like Hubble). The company has 4.81% of the network’s voting power, and has proposed ~5.2% of blocks to date. Of the eight proposals on the Cosmos Hub thus far, Chorus One has voted on four and proposed zero. The company has voted in accordance with popular opinion on each proposal.
One of Chorus One’s differentiators is their focus on education and content-generation. The company maintains an active “Staking Economy” blog, and frequently posts research on staking yields, testnets, governance proposals, its own architecture, and more (link to blog here).
Chorus One is also unique in that it functions more like a startup than other validator services. The team has openly vocalized that it may be interested in raising a round in the future, and is actively looking to scale through new hires and capital additions.
The team also competed in Cosmos’ Game of Stakes – finishing as one of twenty-seven teams to never be jailed (experience penalizations as a result of downtime).
Chorus One’s service expects delegators to understand the risks of staking atoms. The service does not provide an insurance policy to cover losses due to slashing or service downtime.Terms of service can be located here.
- Failover (30/30)
- Private Peering (10/10)
- Agreements with other Validators (10/10)
- Sentry Scaling (5/10)
- Backup Strategy
Chorus One operates two validator nodes across different data centers in the UK and the United States. These nodes share a single private key, and possess identical validating machines, logging machines, monitoring machines, and connectivity tools. The nodes communicate with each other through a distributed database; where commitments to sign new blocks are published in advance of block signing. This enables automatic failover and prevents double-sign slashing penalties.
Validator nodes are structured in an active-active format, which, in their opinion, solves the coordination problem found when previously-active validators reboot in active-passive failovers.
*Active-Passive Problem: If an active validator were to go down, and a passive validator were to become the new leader, how would the previously passive validator know when the active validator has become healthy again?
Chorus One sees this architecture as both secure and scalable long-term – suggesting that this design could go as far as to support a network of redundant validator nodes and potentially the introduction of validator consensus layers.
Chorus One employs standard sentry architecture, with a couple customizations. For one, Chorus One adopts multiple layers of sentries, with some sentries communicating over a public p2p network, and others privately peered to trusted third party validators/partners. Internally, all validator nodes are privately peered to their own sentries.
Chorus One additionally implements load-balancing on all requests, and has configured autoscaling to rapidly spin up new sentries.
All of the failover mechanics described in the Validator Architecture section above have been customly implemented by the Chorus One team. The team has additionally built their own KMS, described in the Key Management section below. These solutions are intended to be open-sourced in the future, but are closed-source at the time of writing.
Chorus One additionally provides custom tooling for delegating atoms, withdrawing atoms, and participating in governance proposals on their website using Ledger Nano S wallets.
Monitoring Tools (83 /100)
- Network Level (10/10)
- Hardware Level (5/10)
- Paging (10/10)
Single Point of Failure (100/100)
- Multi-Cloud (10/10)
- Multi-Region (10/10)
Key Management (75/100)
- HSM Selections (10/10)
- Smart Key Management (5/10)
Validator Access (100/100)
- Physical/Remote (10/10)
Chorus One uses standard monitoring tools, specifically looking at their validator and sentries global resource stats. Event triggers include but are not limited to: CPU triggers, memory triggers, inbound connections, latency, blocks missed, mempool size, and spam attacks. Notifications are triggered throughout the company, across slack channels, the tech team, and a core dashboard in Grafana.
Single Points of Failure
Chorus One sentries operate across both AWS and Google Cloud. Within each provider, Chorus One uses multiple regions. Upon communication with the Chorus One team, further connection in Asia is one area that is of present focus. The company is currently well-connected in Europe and the US primarily.
Chorus One has modeled their internal key management system off of the guidelines of NIST (The National Institute of Standards and Technology). As described in a recent post, some of the key features of Chorus One include:
- Separation of the related KMS duties into different roles inside the company. For example, cryptographic officers generate sensitive key material, cryptographic auditors ensure faithful execution of signing events, cryptographic administrators prepare software for key handling and key material custodians store keys in multi-sig configurations.
- The usage of the YubiHSM2 for validation signing. This device is specialized for the purpose of key storage and signing on servers (vs Ledgers, whose design was for the cold storage of crypto assets).
- Customly-designed, geographically distributed key storage and recovery. This configuration does not depend on a single person for recovery. No employee carries or sees the whole key. Shards stored in bank vaults
- Automatic backup and recovery keys. All operations that handle keys are performed using repeatable software on air-gapped machines.
Chorus One’s validators are located in tier 4 data centers, in their own rack under lock and key. With the company’s distributed key storage and recovery procedures, perpetrators are unable to move funds, and with multiple validator redundancy, killing liveness becomes additionally difficult.