Vote weight,earned in public.
Proof of Useful Attestation is the consensus mechanism for Ligate Chain. Validator vote weight is stake times reputation. Reputation accrues from useful, non-slashed attestation work. The chain's security is tied to doing the chain's actual job, not to holding the token.
- Version
- v0.7
- Status
- External review
- Reviewers
- 25 external
- Simulator
- M1 to M5 built
- Activation
- v3 mainnet genesis
- Audit
- Planned, pre-mainnet
- License
- CC BY 4.0
In 90 seconds.
Standard Proof of Work rewards energy. Standard Proof of Stake rewards capital. Neither rewards the chain's actual work. For a chain whose primitive is attestation, that gap matters: a validator with the biggest stake and no attestation history is indistinguishable in consensus from a validator that has signed ten thousand correct receipts.
Proof of Useful Attestation closes that gap. Validators stake $LGT as in standard PoS. They also accrue an on-chain reputation score (r_v) from useful, non-slashed attestation work over time. At v3 mainnet, vote weight in the consensus tally is the product: w_v = s_v × r_v. A whale with no attestation history has limited influence. A small validator that consistently signs honest receipts grows into the security set without buying its way in.
The mechanism is bootstrapped through a curated PoS phase (v0 through v2), then activates from v3 mainnet genesis via a soft-fork governance transaction. A warmup period accrues reputation before vote weight flips on, so the consensus does not face a discontinuity. The paper covers the cost-to-attack model, the parameter sensitivity (κ, ρ), reputation accrual rules, non-transferability invariants, and the formal activation path.
This page is the canonical HTML explanation. The full mathematical treatment lives in the PDF.
Six pieces, one tally.
PoUA is not novel cryptography. It is a vote-weighting rule that sits on top of a standard BFT consensus core. The novelty is where the weight comes from.
Stake (s_v)
Validators bond $LGT to participate. Same as standard PoS at this layer. Stake is the entry filter, and the capital that gets slashed when a validator misbehaves. Stake alone, however, does not determine consensus weight.
Useful work
The chain's actual work is signing schemas, attestor sets, and write-once attestations. Every successful signature is a public, verifiable artefact. Every slashable misbehaviour is also public. PoUA reads from both sides of the ledger.
Reputation (r_v)
A bounded, non-transferable score derived from a validator's history of useful attestations and slashing events. Reputation accrues slowly and decays under inactivity, so it cannot be farmed in a burst then abandoned. Crucially, reputation is not transferable: it cannot be sold or delegated like stake.
Vote weight (w_v = s_v × r_v)
In the consensus tally, a validator's vote weight is stake multiplied by reputation. Two validators with identical stake but different reputations carry different influence. Two validators with identical reputations but different stakes carry different influence. Neither dimension dominates.
Slashing inheritance
Misbehaviour slashes both stake and reputation. Reputation cannot be repaired by adding more stake. A bad actor with a large bond can buy back into the validator set but cannot buy back into the security set. Recovery is a function of time, not capital.
Cost-to-attack
An attacker needs both capital and reputational history. The latter is not for sale and cannot be acquired faster than the protocol's accrual schedule. The cost-to-attack model formalises this and is the section that gets the most attention from external reviewers.
Where PoUA actually differs.
The honest comparison. PoUA inherits most of its machinery from standard PoS. The wedge is the vote-weight rule, and what it does to the cost-to-attack model.
| Axis | PoW | PoS | PoUA |
|---|---|---|---|
| What is rewarded | Hash work | Capital bond | Useful attestations over time |
| Who tends to dominate | Largest hashrate | Largest holder | Largest reputation × stake |
| Can security be bought? | Yes (hardware) | Yes (tokens) | Partially. Reputation cannot. |
| Recovery from misbehaviour | Buy more hardware | Buy back in | Wait. Reputation accrues on a schedule. |
| Aligns with chain function? | No | No | Yes. Doing the work earns the weight. |
Soft-fork, not big bang.
PoUA does not arrive on day one. The chain operates as standard PoS through v0 to v2, accruing the history that makes reputation-weighted consensus meaningful. At v3 mainnet, a single governance transaction flips the rule.
Curated attestor set with stake-only PoS. Reputation tracking is live but does not enter vote weight. The chain accumulates a real history of attestations and slashing events so reputation at activation is meaningful, not seeded.
Reputation continues to accrue. A public counter on the chain shows the readiness signal. Operators can preview their post-activation vote weight before the switch flips.
A single governance transaction flips the vote-weight rule from w_v = s_v to w_v = s_v × r_v. No hard fork. No chain split. Validators with no attestation history see their consensus weight drop. Validators that have done the work see theirs hold or grow.
The validator set opens to permissionless entry. Sequencer decentralisation follows on its own track. Reputation continues to accrue and decay according to the schedule in the paper.
Where the paper is now.
The paper is at v0.7, draft external review. Twenty-five external reviewers have the PDF open right now, with feedback feeding into the v0.8 cut. The cost-to-attack model and the parameter sensitivity sections (κ for accrual rate, ρ for decay) get the most attention.
The reference simulator is implemented through milestone M5. It exercises the reputation accrual schedule, slashing inheritance, and the consensus-weight tally under a range of validator-population scenarios. The simulator lives in the same ligate-research repo as the paper.
External audit is scheduled before v3 mainnet, gated on the paper closing external technical review. The audit scope is published on /audits. The chain operates under standard PoS through v0 to v2, so PoUA does not gate devnet.
Want to review the paper? Pull the PDF, send notes to hello@ligate.io. Substantive feedback gets a public acknowledgement in v0.8.
Read the paper end-to-end.
Full mathematical treatment, parameter tables, cost-to-attack model, soft-fork activation specification. PDF, share freely (CC BY 4.0). Citations appreciated if you reference it in research.