In Explanation series - Waku Service Marketplace I hinted that RLN membership’s “deposit to play” model is the vanilla version of membership acquisition.
Let’s expand on this.
Why do we need a cost to membership?
RLN’s membership system is a rate limiting strategy to ensure that no user can come in and DoS other users out of Waku Relay. You can learn more about it in Explanation series - RLN Relay
The cost to acquire an RLN membership is a security measure to ensure that an attacker does not flood the network for a cheap price.
It is used in lieu of PIIs traditionally employed to protect Internet systems (phone number, IP address, email address), which are usually invasive to user’s privacy (as originally explained in Privacy-preserving p2p economic spam protection in Waku v2 | Vac Research).
Other strategies such as CAPTCHA are inherently centralized, which does not align with our principles either.
Finally, the total number of RLN memberships are capped on the smart contract at any point in time - more on that at the end.
tl;dr:
- we don’t want to use centralized or intrusive privacy to DoS protect Waku networks
- so we ask people to put a deposit down to get a RLN membership
- We prevent potential attackers to flood the network
- We prevent potential attackers to hog all the memberships
Phase 1: Deposit
In phase 1, users deposit an amount, proportional to the rate limit they get, in the RLN smart contract to get a membership for a period of time.
Proposed parameters are:
- $0.05 per message in the rate (e.g. $5 for 100 msgs per 10 min)
- For 180 days
- After 180 days, they can either withdraw their deposit, and renew the membership by sending a transaction that would re-use the existing deposit.
Phase 2: Diversify
The deposit is a deliberate friction so that potential attackers don’t just “grab all memberships”. However, we can easily imagine how many kind of off-chain action could be warrant access to a RLN membership:
- User staked X SNT token. This could allow a short term membership (e.g. 1 month); membership rate limit could be related to number of staked token;
- User owns an ENS on Ethereum L1 or ENS chain; and proves it; the membership length could even be related to ENS expiry time;
- User has bridged tokens on Status chain
- User has some sort of other onchain history; e.g. Funds were added more than a year ago
- User swapped assets in Status wallet within the past month
- User owns a farcaster account
- User spent $100 on Codex storage
- User used dApps on Status chain
- User deposited assets to a RAILGUN smart contract
- etc
Of course, each of those needs to be carefully reviewed to ensure that potential attackers cannot cheaply accumulate entry tickets to potential attack the network
Conclusion
While the initial RLN model involves users depositing assets to get a membership, we understand that onboarding friction is undesired.
This model is the first version of RLN, and as RLN integration progresses in application, we expected a diversification in the requirements to acquire an RLN membership.
global rate limit
The global rate limit is tightly linked to the network capacity, which itself is linked to the number of shards in the network.
The intent isn’t to cap the total number of user per se. But instead, to be able to predict and plan network capacity increase by monitoring the memberships in the smart contract, actual traffic on thje network and eventually increase the number of used shards.