analyzing nomic's weighted multisig design
Another thing I find interesting: @nomicbtc
what is nomic?
Nomic is a CometBFT-based proof-of-stake blockchain. Its validator set supports an enshrined two-way peg for nBTC. nBTC is a bitcoin-backed asset that lives on Nomic.
Nomic's native token, NOM, is staked by validators. A validator's voting power is based on the amount of NOM it has staked.
nomic's multisig design
Nomic's top 20 validators, by voting power, are responsible for managing a weighted multisig that secures bitcoin backing nBTC. The script is set up to where the signers, based on relative NOM token stake, have weighted voting power in the multisig.
Basically, this means that the validator with the most voting power on Nomic will have the most voting power in the multisig. The 20th validator by voting power in Nomic has the least amount of voting power in the multisig.
Periodically, Nomic's validators checkpoint bitcoin to spend incoming deposits and process withdrawals. This checkpoint would also update the multisig if voting power has changed among the validators.
To spend funds in the multisig, two-thirds of the voting power need to sign a transaction. Remember, this isn't 14-20 signers. This is 67% of voting power based on Nomic stake. The top 9 signers/validators reach this threshold.
BUT… the NOM token isn't transferable. This means that the weights in the multisig don't really change much in practice, so you could consider the bridge "federated" in some sense. The identities of Nomic validators are available on the Nomic website.
sidechain multisig security incentives
PoS sidechain two-way pegs can rely on basically two things to deter them from stealing funds in the multisig:
Socially slashable stake: Social consensus hard forks the chain and slashes the stake of validators who stole bitcoin in the multisig
Reputation: Validators are typically run by service providers who would lose future/existing business if they stole bitcoin in the multisig
Because the NOM token has no market value, we can't assign a value to the economic penalty validators would incur if they stole the funds in the multisig. These signers would simply take a reputational hit (in practice).
But the setup is built in a way that would support (real?) economic penalties on validators in the future. Let's say we assign some threshold we find acceptable… Like the overall value of stake from the top 20 validators is 150% of the value of BTC locked in the multisig.
If some validators stole the BTC, they'd be socially slashed and lose the value of their stake and therefore would lose money doing this.
(Now, sure. You can argue that in this scenario the token would tank and BTC goes up forever, etc, etc)conclusion
I review a lot of multisigs. When someone asks "which one is the most interesting so far", I typically say Nomic.