In the initial phases of the network, Hedera is a permissioned network, meaning one in which an entity or person must have permission from Hedera to host a node. Currently, all nodes in the Hedera network are operated by Hedera and Council members. Hedera is currently in the process of transitioning full operation of the nodes to the Council members.
In the future, Hedera expects to allow other entities and persons to be able to host nodes on the Hedera network. Through Hedera’s planned proof-of-stake consensus model, hbars will play a key role in protecting the network against certain forms of cyberattacks.
In any permissionless DLT network, anyone can run a node that participates in consensus. In addition, it is trivial to stand up numerous virtual nodes. As a result, there is a need to guard against malicious actors that seek to disrupt the network and prevent it from reaching consensus on transactions. Hackers can disrupt consensus (in any permissionless network) by obtaining control of one-third of the network’s total consensus voting power. permissionless DLT networks need a scarce resource to secure the network against such attacks.
In “proof-of-stake” DLT systems, the network’s native cryptocurrency serves as that scarce resource. Rather than each node having an equal vote, a node’s ability to influence the consensus order of transactions is proportional to the amount of coins the node holds (i.e., its “stake”). The particular manner in which a node’s stake relates to achieving consensus varies from platform to platform, but it always occurs through the platform’s algorithm and is in some way proportional to a node’s stake of cryptocurrency. In typical proof-of-stake systems, all of the platform’s coins are created at the launch of the network (e.g., all 50 billion hbars were created at the time of the Hedera network’s launch). In Hedera’s proof-of-stake system, hbars function as the limited resource to protect the network. Any distributed ledger using the hashgraph consensus algorithm will achieve consensus on a transaction when the voting involves more than two-thirds of the network’s voting power. A malicious attacker, then, would need to attain one-third of the total voting power over consensus to disrupt the network.