Firstly, we confirm that, at launch, the network service will be fully commoditised. In other words, initially there will be a default, universal relationship between a policy's duration (+ # Ursulas involved) and the price of that policy, regardless of other factors (e.g. historical reliability of those Ursulas). Next, we need to narrow in on this uniform cost in real terms (i.e. in ETH or USD), through:
(1) analysing of overheads required to run a reliable Ursula
(2) comparing to existing services and their pricing models
(3) testing potential pricing (outcomes of 1 & 2) with adopter budgets
(4) taking into account other third-party costs (e.g. fiat->ETH conversion fees)
(1) Overheads
Assumptions based on network expectations:
a. Ursulas must be online (nearly) of the time – minimise interruptions
b. Ursulas should dedicate a machine or server to re-encrypting – minimise security/downtime risks
d. Ursulas will ideally have an anti-DDOS solution running – minimise censorship/downtime
Most Ursulas will achieve these requirements in one of two ways: with a cloud solution or a physical machine.
Cloud Monthly Costs
- AWS t2 micro (1 vCPU, 1GB): $8.47
this may be too little memory to derive a key from passphrase at bootup
- AWS Compute Optimised Instance (2 vCPU, 4GB, Linux): $62.05
- AWS Dedicated Instance (1 vCPU, 2GB, Linux): $1,479.71 (includes $2/h region fee)
- Amazon Dedicated Host: $327.77
- Google Cloud Compute Optimised (2 vCPU, 4GB, Linux): $72
- Azure Cloud Compute Optimised (2 vCPU, 4GB, Linux): $63
- Digital Ocean Compute Optimised (2 vCPU, 4GB, Linux): $40
- Digital Ocean Standard (2 vCPU, 4GB, Linux): $20
- Digital Ocean Standard (2 vCPU, 2GB, Linux): $10
(all prices on-demand and US cheapest)
Cloud Ursulas will still need an internet connection, which varies worldwide from $10 to $150 per month, but we can assume that most nodes do not need to upgrade their internet to service the network. Given minimum memory constraints, the minimum spend for a cloud approach is at least $10/month, but more likely to be between $20-40/month.
Physical Machine Costs
- Electricity costs vary between ~$0.33 and ~$0.04 per kwH worldwide
- Typical CPU wattage varies between ~300 and ~100 depending on the model/usage.
- CPUs cost between ~$80 and ~$1,000.
Assuming that Ursulas will predominantly be located in regions with cheaper energy, and that re-encryptions do not require high wattage nor an expensive machine, and that the Ursula spreads out their payments for the hardware over 1 year with 0% interest: Cost/month = ( [$0.10/kwh]/1000 * 150W * 730h ) + ($450/12m) = $10.95 + $37.5 = ~$50
Conclusion
There will be lots of variance, but we can assume that if an Ursula is earning less than $10 per month in revenue, they'll be making a loss. Or, if most Ursulas aren't making more than $10, it will make node operation unsustainable or pointless in all but a few super cheap regions. If they're earning less than $50, then they're not covering the cost of their hardware, which is significant because we may expect a dedicated machine that shouldn't be used for anything else (TBD).
It's important to note that this floor of outbound costs is largely unaffected by the size of the Ursula's stake, since the vast majority of expense goes into ensuring high availability rather than handling a big re-encryption load. In other words, we've identified the minimum cost of running a node, regardless of how much work is taken on.
(2)Pricing of alternative products
It is likely that customers will pay more for better security, trustlessness, decentralization, a wider range of operations, or the unique capabilities of Ursulas, Enricos, etc. However, our prices are still bounded to some extent by the cost of alternative providers (centralized or otherwise) and their pricing structure:
Software protected
- AWS KMS - AES/GCM only | $1 per key per month, $0.03 / 10k decryptions
- GC KMS - EC, others | $2.5 per key per month for first 2k keys ($1/month thereafter), $0.15 / 10k decryptions
HSM-protected
- AWS CloudHSM | $1,058.50 per month (x2 for replication), $5,000 set up fee
An AWS CloudHSM cluster can store a maximum of approximately 3,300 keys
- Azure KeyVault - EC, others | $5 - $0.40 per key, $0.15 / 10k decryptions
Use case
Let's walk through hypothetical use cases and see if our nodes are profitable. We'll assume we have 500 nodes in our network. A gaming DApp has 10,000 users who play 2 games per day. In each game, 50 decryptions occur per user. We will also assume that the game developer wants to provide a semblance of trustlessness to users, so generates an individual 'master key' for each (_Note: this is a big assumption as most developers use a small number of master keys to handle access for a large population of users). In any case, using AWS KMS would cost the app $91 in decryptions and $10,000 for maintaining unique keys each month, which equals $1.01/user/month. Using GC KMS would cost $456 for decryptions and $13,000 for keys, which equals $1.35/user/month. If NC matched GC KMS on total cost, this would yield $27 in revenue for each of the 500 nodes. Looking at other use cases with the same number of users and matching GC KMS's per user price:
- Data marketplace: (25 data buyers, 50 new data points per user per day): $31 per Ursula per month
- Chat app (average # of groupchats/members/messages, shared secret updated every 5 minutes): $39 per Ursula per month
Other assumptions:
- These figures assume that all stakes are equal. In reality, some Ursulas will have 5-10x less stake, and therefore far less revenue capture, but the same minimum overheads.
- All adopters choose the same number of Ursulas for each policy. A big variance here makes choosing a price per policy more difficult.
(3) Adopter Budgets
Our prices are also bounded our adopters' budgets, which in turn are bounded by their revenue models – e.g. how much does a DApp make per user, and does this justify the overhead of each user's sharing flows. So the next questions are:
- How much revenue per user will typical adopters be seeking in each use case?
- What percentage of this revenue can justifiably be spent on decentralized access control, even where it is critical to the functioning of the platform?
TBD: Changing the pricing
How easy is it to dynamically alter the price as a respond to demand (or lack of), or other factors?