The Nakamoto Coefficient of Polkadot is At Most 25

Recently I went down the rabbit hole to calculate Polkadot’s Nakamoto Coefficient number.

The reliable approach

The methodology is simple:

  • Validators are grouped by their on-chain identity (sub-identities as well as obvious common names).
  • Each anonymous validator is considered an independent one.

We then check for how many operators we need to reach 33% of bonded stakes.

The data:

  • 374 validators are anonymous.
  • The rest are validators with identities. Grouped by their sub-identities, there are 94 independent operators in total.

With this data, the Nakamoto Coefficient of Polkadot is 25.

Anonymous clustering

You may have seen above that we assume each anonymous validator is independent, this means that 25 is still just the upper bound.

To dig into the anonymous validators, we then must use some clustering approach. My clustering approach, grouping validators by their transaction counter-parties, gives me the Nakamoto Coefficient of Polkadot at 14.

The often cited value of 178 is wrong

So there you have it. If we use only hard, cold, reliable data (the reliable approach), then we have the Nakamoto Coefficient of Polkadot at 25. If we additionally group anonymous validators (anonymous clustering), then the number will likely be lower.

In any case, the often cited value of 178 is almost certainly wrong. Citing Polkadot’s NC as 178 is the same as citing Ethereum’s NC as 300000.

Verify my data

If you want to verify my data, and have been an old guy like me, to avoid unnecessary detours for you, just two things to take note:

  • The identity data is now on the “People Parachain”, not on relay chain.
  • Four operators do not (completely) use sub-identities. Just pattern match their names: Binance, Figment, RockX, ChainSafe.

An also likely interesting reading for you is Validators running multiple identities and flipping commissions in same day - #51 by Megadot

The Nakamoto Coefficient can still be lower if that fact is considered.

Where did 178 come from?

Flipping commissions and misrepresenting identities is poor sportsmanship and generally a “dick move” but does that directly represent a threat to the security of the network? So long as the validators are building valid blocks and assuming the risk of slashing their stake if they misbehave, it shouldn’t matter too much.

Also, keep in mind that the validators are grouped randomly, so assuring all their fellow validators are also interested in collusion of block production may still be statistically improbable at 25.

Still worthwhile to increase independent, individual validators, though.

Flipping commissions and misrepresenting identities are not yet considered. If they are considered, we’ll get an even lower NC.

I don’t think the “grouping” you mentioned makes any difference – it’s how parachains are validated. If the relay chain is already compromised (>33%), everything stops working already.

As of today, Nakaflow does not cite the old values any more: https://nakaflow.io/

So that’s good news.

But official Polkadot account still posts the utterly wrong data: https://x.com/Polkadot/status/2054529556028023210

am I reading this right? did they completely remove Polkadot from Nakaflow?

We have different security goals here, but I’ll start from liveness since you picked up the term Natamoto coefficient.

Yes, liveness could be violated by 1/3rd like all chains who require Byzantine agreement. It’s worse really: All blockchains remain vulnerable to simple denial-of-service (DoS) attacks, so really the true liveness level for all blockchains is zero validators, because none of us can build infrastructure like CloudFlare. Now major DoS attack could require burning a couple zeros days for some popular IoT devices, so wild guess this attack costs maybe $250k, and requires some networking knowledge and a well oiled botnet. Against proof-of-work chains you’ve much cheaper options, so zero feels excessive here.

Although Elves weakens liveness, we’ve actually taken liveness much more seriously than others overall: Our gossip topologies do balance these liveness considerations, even if not perfectly. We carefully limit the blast radius for cross chain messaging attacks. Alistair Stewart and Rob Habermeier tool liveness seriously in Grandpa. Rob Habermeier & others worked hard weaving “politeness” into our protocols. Aside, JAM has not done this yet, so that’ll add some time onto their deployment timelines, but they can see how Polkadot achieved politeness. We should’ve much stronger liveness than most of our peers.

Now soundness & safety are much more important properties than liveness, which includes events like double spending. As a rule, Byzantine agreement protocols have only 1/3rd margin here too, but they allow different 1/3rds in different places. This major improvement seems like the big reason why Ethereum switch away from proof-of-work, with a bullshit-ish 50% margin, to proof-of-stake with a more defensible 1/3rd margin.

We have safety & soundness against 1/3rd actively malicious, like other Byzantine agreement protocols, because ELVES costs us almost nothing there, unlike say EPFL’s OmniLedger. Aside: If we’re eventually successful enough to go beyond say 500-1000 parachains/services doable on one relay chain, then we’d likely weaken soundness to 80% of 1/3rds or 26% overall, in order to have multiple relay chains ala EPFL’s OmniLedger and ensure less than 1/3rd malicious lands on any one relay chain.

Anyways, there is a human factor behind all these numbers: Who are the people really? Why do we think they are distinct? Do we think they know what they’re doing?

In our case, the 1KV and DN programs have helped us diversify the validator operator pool, including by having affirmative action for validators in under represented jurisdictions. In fact, we lowered our raw DOT vulnerability threshold for years by running 1KV and DN, but this built up quite a few validator operations across different jurisdictions, so longer term this made us much stronger.

We’ve shut down 1KV and DN for the moment, because we’re reworking the staking notions. We’ll incorporate related diversification ideas into whatever nomination system emerges here. In fact, we’re doing the staking redesign because we no longer believed the nominators were doing their job correctly, aka nominators were not assessing competence, independence, and character.

Anyways all of our peers have exactly the same problem, but afaik few of them seem take these questions seriously like we do, not that we have perfect answers either, and ETH going PoS sure earns them points.

Also..

The term Nakamoto coefficient was designed to conflate liveness and safety, because Bitcoin stupidly conflates them, and Bitcoiners can more easily argue for liveness.

I suppose the Nakamoto coefficient of bitcoin has improved from one guy at each of 2 mining pools to one guy at each of 4 mining pools over the last several years, no? It’s mining pools you need for double spending, not miners.

In fact, Bitcoin has stupidly kept liveness and soundness both at claimed 50%, but not requiring Byzantine agreement. Yet, really various attacks that drop bitcoin into the low 20%s, which gives them a Nakamoto coefficient of maybe 1 even for soundness, aka double spending. lol

I’ll refrain from criticising ETH too much here, but our nugget BLS paper was exactly a criticism of how BLS signatures forced some centralisation upon them.

Anyways..

We could easily justify much lower estimate for every blockchain by taking more factors into consideration, but the 178 remains a handy guesstimate. Yes, other measures would look better for us. Imho our time would be better spent trying to deploy applications and attract users, rather than counting validators on the head of a pin.

At the same time, Nakamoto coefficient remains a handy criticism for chains who really fuck up their consensus and cannot even run 300-1000 validators, like Cosmos or ICP. Yet, the truth winds up much more complex, so if you take Nakamoto coefficient too seriously, and if you’re at all honest, then you’ll end up going nihilist and argue everybody has Nakamoto coefficient zero.

Anyways, if you see concrete community or security measures being taken by another ecosystem, then please do tell us. Jonas, Alistar, me, etc would think about if & how to integrate their ideas, like we’ve done many times before.

You did not read the forum post at all. It’s honestly disheartening to see a researcher behave like this.

We’re not actually discussing any underlying security properties, but just the NC number itself.

Read the post again, and feed it to any AI agent if you don’t want to do the calculation by hand.

178 is not a “handy guesstimate”. It’s a lie.

My point: We can compute many similar numbers. All blockchains have zero under one reasonable method.

You picked some new method, but you did not apply the same methodology to other chains.

Polkadot would look good if you account for many factors, like the long term benefits of 1KV and DN. Imho any reasonable method would assign Bitcoin a Nakamoto coefficient between 1 and 4, because of how mining pools work. lol

We did not pick a new method. We picked the commonly accepted method: how many operators it takes to form the critical share.

If we use your logic and actually apply it to other chains, Ethereum would have a NC of 92,766. You seem to be critical of Ethereum, would you accept that as well?

Is there any academic integrity left in Polkadot? Should we start to question all research produced in this community?

I went ahead and did the calculation. Ethereum’s precise NC, according to your logic, would be 92,766.

If you find that number absurd, yes, then so is Polkadot’s NC of 178.

Honestly, this interaction makes me question deeply about Polkadot’s academic integrity. If you have made more security decisions like this, which tries to just plainly boost Polkadot’s “standing”, rather than from a genuine desire to increase security, then a lot of the research results must be questioned.

We were planning to reference certain things in JAM and ELVES, and now I think it’s a necessity that we must take a critical look of them.

Afaik there is no real standard because the bitcoiners dislike being assigned numbers like 1-3, but they have the political power to ensure that number does not appear often in public, well not outside anti-crypto-currency forums anyways.

Agreed, ETH’s numbers look wack there, but I only claimed the Nakamoto coefficient was useful for excluding really shitty systems like Cosmos and ICP. It’s quickly a bottom-less rabbit hole though, because issues like topologies become extremely important fast too, not that you could sanely compare these features. Is Ethereum 13,900 or 23?

As for the number you computed, we’ll hopefully improve that somewhat in the staking redesign, but that’s some political struggle. Yet, I’m not overly stressed there, because we’ve put in more work than others do on these problems.

I’ll reiterate my comment above: If you know concrete practices that other ecosystems do that appear to offer real benefits, then please do relay them and we’ll think about them.

We do not subgroup validators like ETH does, but that’s another topic: Yey concentration inequalities.

Aside form NPoS picking the validator set, we have (a) small backing groups who should occasionally fail, (b) lone relay chain block producers, much like Cardano, etc, (c) approval committees who can fail but the ELVES paper proves cannot fail in exploitable ways, and (d) grandpa uses everybody in the current validator set.

We have made a new infographic on why the number 178 is a lie.

Another update on this: we found an address cluster, with master proxy 12iz6aJ, which controls 92-105 validators since at least Dec 2025. We all have our own educated guesses who that is.

This means we can confidently state: the Nakamoto Coefficient of Polkadot is no more than 4.