Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pricing (supply-side overheads analysis) #6

Open
arjunhassard opened this issue May 9, 2019 · 2 comments
Open

Pricing (supply-side overheads analysis) #6

arjunhassard opened this issue May 9, 2019 · 2 comments
Assignees

Comments

@arjunhassard
Copy link
Member

arjunhassard commented May 9, 2019

Firstly, we confirm that, at launch, the network service will be fully commoditised. In other words, initially there will be a default, universal relationship between a policy's duration (+ # Ursulas involved) and the price of that policy, regardless of other factors (e.g. historical reliability of those Ursulas). Next, we need to narrow in on this uniform cost in real terms (i.e. in ETH or USD), through:

(1) analysing of overheads required to run a reliable Ursula
(2) comparing to existing services and their pricing models
(3) testing potential pricing (outcomes of 1 & 2) with adopter budgets
(4) taking into account other third-party costs (e.g. fiat->ETH conversion fees)

(1) Overheads
Assumptions based on network expectations:
a. Ursulas must be online (nearly) of the time – minimise interruptions
b. Ursulas should dedicate a machine or server to re-encrypting – minimise security/downtime risks
d. Ursulas will ideally have an anti-DDOS solution running – minimise censorship/downtime

Most Ursulas will achieve these requirements in one of two ways: with a cloud solution or a physical machine.

Cloud Monthly Costs

  • AWS t2 micro (1 vCPU, 1GB): $8.47
    this may be too little memory to derive a key from passphrase at bootup
  • AWS Compute Optimised Instance (2 vCPU, 4GB, Linux): $62.05
  • AWS Dedicated Instance (1 vCPU, 2GB, Linux): $1,479.71 (includes $2/h region fee)
  • Amazon Dedicated Host: $327.77
  • Google Cloud Compute Optimised (2 vCPU, 4GB, Linux): $72
  • Azure Cloud Compute Optimised (2 vCPU, 4GB, Linux): $63
  • Digital Ocean Compute Optimised (2 vCPU, 4GB, Linux): $40
  • Digital Ocean Standard (2 vCPU, 4GB, Linux): $20
  • Digital Ocean Standard (2 vCPU, 2GB, Linux): $10
    (all prices on-demand and US cheapest)

Cloud Ursulas will still need an internet connection, which varies worldwide from $10 to $150 per month, but we can assume that most nodes do not need to upgrade their internet to service the network. Given minimum memory constraints, the minimum spend for a cloud approach is at least $10/month, but more likely to be between $20-40/month.

Physical Machine Costs

  • Electricity costs vary between ~$0.33 and ~$0.04 per kwH worldwide
  • Typical CPU wattage varies between ~300 and ~100 depending on the model/usage.
  • CPUs cost between ~$80 and ~$1,000.

Assuming that Ursulas will predominantly be located in regions with cheaper energy, and that re-encryptions do not require high wattage nor an expensive machine, and that the Ursula spreads out their payments for the hardware over 1 year with 0% interest: Cost/month = ( [$0.10/kwh]/1000 * 150W * 730h ) + ($450/12m) = $10.95 + $37.5 = ~$50

Conclusion
There will be lots of variance, but we can assume that if an Ursula is earning less than $10 per month in revenue, they'll be making a loss. Or, if most Ursulas aren't making more than $10, it will make node operation unsustainable or pointless in all but a few super cheap regions. If they're earning less than $50, then they're not covering the cost of their hardware, which is significant because we may expect a dedicated machine that shouldn't be used for anything else (TBD).

It's important to note that this floor of outbound costs is largely unaffected by the size of the Ursula's stake, since the vast majority of expense goes into ensuring high availability rather than handling a big re-encryption load. In other words, we've identified the minimum cost of running a node, regardless of how much work is taken on.

(2)Pricing of alternative products
It is likely that customers will pay more for better security, trustlessness, decentralization, a wider range of operations, or the unique capabilities of Ursulas, Enricos, etc. However, our prices are still bounded to some extent by the cost of alternative providers (centralized or otherwise) and their pricing structure:

Software protected

  • AWS KMS - AES/GCM only | $1 per key per month, $0.03 / 10k decryptions
  • GC KMS - EC, others | $2.5 per key per month for first 2k keys ($1/month thereafter), $0.15 / 10k decryptions

HSM-protected

  • AWS CloudHSM | $1,058.50 per month (x2 for replication), $5,000 set up fee
    An AWS CloudHSM cluster can store a maximum of approximately 3,300 keys
  • Azure KeyVault - EC, others | $5 - $0.40 per key, $0.15 / 10k decryptions

Use case
Let's walk through hypothetical use cases and see if our nodes are profitable. We'll assume we have 500 nodes in our network. A gaming DApp has 10,000 users who play 2 games per day. In each game, 50 decryptions occur per user. We will also assume that the game developer wants to provide a semblance of trustlessness to users, so generates an individual 'master key' for each (_Note: this is a big assumption as most developers use a small number of master keys to handle access for a large population of users). In any case, using AWS KMS would cost the app $91 in decryptions and $10,000 for maintaining unique keys each month, which equals $1.01/user/month. Using GC KMS would cost $456 for decryptions and $13,000 for keys, which equals $1.35/user/month. If NC matched GC KMS on total cost, this would yield $27 in revenue for each of the 500 nodes. Looking at other use cases with the same number of users and matching GC KMS's per user price:

  • Data marketplace: (25 data buyers, 50 new data points per user per day): $31 per Ursula per month
  • Chat app (average # of groupchats/members/messages, shared secret updated every 5 minutes): $39 per Ursula per month

Other assumptions:

  • These figures assume that all stakes are equal. In reality, some Ursulas will have 5-10x less stake, and therefore far less revenue capture, but the same minimum overheads.
  • All adopters choose the same number of Ursulas for each policy. A big variance here makes choosing a price per policy more difficult.

(3) Adopter Budgets
Our prices are also bounded our adopters' budgets, which in turn are bounded by their revenue models – e.g. how much does a DApp make per user, and does this justify the overhead of each user's sharing flows. So the next questions are:

  • How much revenue per user will typical adopters be seeking in each use case?
  • What percentage of this revenue can justifiably be spent on decentralized access control, even where it is critical to the functioning of the platform?

TBD: Changing the pricing
How easy is it to dynamically alter the price as a respond to demand (or lack of), or other factors?

@derekpierre
Copy link
Member

Thoughts (attaching a spreadsheet which clarify Arj's calculations)
NU Service - Cost Pricing.xlsx

(1) Our assumption about equal Ursula stakes is a big one, in that revenue will vary widely across the different Ursulas given their variance in size of stake.

(2) For the one-time cost of a machine, I don't think we should factor it into a monthly profit calculation. The machine is either a sunk cost if they have a machine already, or a fixed cost if they have to purchase the machine neither of which should be used in a contribution margin calculation. I agree it is a real cost, but it can be amortized over a long period of staking and can be used for other purposes if no longer staking.

(3) It is possible that Ursulas with smaller stakes/hobbyists will potentially not utilize the cloud as much as Ursulas with larger stakes, so the revenue needed to cover the cost would be different. In your calculation above, something ~$10.95 in cost - still something that needs to be covered, but smaller revenue needed.

What's interesting is that your calculations have illuminated the issue of the professional stakers (including us as a company) having a tougher time profiting from staking since this group is more likely to utilize the cloud.

(4) For pricing, we have two approaches: cost, which Arj has done clearly, and the 'willingness to pay' of adopters. As a product we are offering functionality that is unavailable elsewhere: decentralized, censorship-resistant, no single point of failure, data privacy protection. The question becomes given the current less feature-rich alternatives, the requisite centralization and data privacy issues, what are applications willing to pay for our service. For example, in the use cases above the Azure Key Vault calculation works out to a higher cost than the KMS solutions. This is presumably because of Microsoft (ugh) but also the extra functionality provided by an HSM.

We are somewhat bounded, but centralization for a decentralized application would seem to be a big deal to me. A dApp that doesn't work because Amazon was down would not bode well. I think the value of data privacy and decentralization is worth something, and charging value for that worth could be something that applications would be willing to accept.

@arjunhassard
Copy link
Member Author

arjunhassard commented May 13, 2019

@derekpierre

(1) It is a huge assumption. Between large and small Ursulas, the variance in outgoing expenses is likely to be quite low (perhaps between $10 and $100), but the variance in their income from fees and rewards will be far larger – this is pretty different to a PoW protocol for example. We want extra rewards for the risk and extra opportunity costs associated with staking greater sums, but we still need to structure prices with smaller stakers in mind, or the network will gravitate towards centralization. The service must be priced such that revenue eventually covers the absolute minimum overheads, plus we may need to legislate against undercutting by big players.

(2) I half-agree. It basically depends on whether we insist Ursulas do not use a physical machine for anything other than re-encryption work. If so, I think the cost should be included – amortised as you suggest, for whatever period the machine has this limited use. However, if this is a requirement, it might make more sense for smaller players to rent a cheap instance than buy a new machine (or give up one you already own).

(4) Definitely, Cloud HSMs may be a better reference point for pricing the NC service. Very rough comparison between the two:

  • BYOK. NC adopters can bring their own key, if they use SEK P256 k1
  • Lifecycle management. NC protects encryption keys through creation, usage (but we can't guarantee their destruction?)
  • Compatibility. NC is 'multicloud' - i.e. as agnostic as the best CHSMs with regard to where the data resides.
  • Certification. We can't get FIPS 140 i don't think, because it applies to crypto modules not software. But we are compatible with data transfer/holding compliance like HIPPA
  • Latency. If we add functionality allowing Alices to favour the m Ursulas located closest to them, then I think we can be lower-latency than CHSMs.
  • Security. Only authorised users have access to encrypted keys, same as CHSMs. We have no endpoint vulnerabilities, so safer? Better/same cryptographic protection as CHSMs that offer EC?
  • Connectivity. NC is available via public internet, like most CHSMs. Not sure about compatibility with 'cloud-friendly' APIs.
  • Availability/redundancy. it might be hard to argue that a group of independent service-providers will go down less than AWS or Azure, but with the right economic enforcement we may build a track record of reliability.
  • as you mentioned, NC has unique features and is decentralized, censorship-resistant etc.

@arjunhassard arjunhassard changed the title Market Design 3: Choosing & changing pricing Pricing (supply-side overheads analysis) Jan 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants