Harmony 2023: Uniform Scaling & Onchain Security

Harmony 2023: Uniform Scaling & Onchain Security

➡️ Technical Vision, Project Vision, Showcases, Integrations, Industry Leaders

➡️ Protocol Features, Wallet Security, Trustless Bridges, Roadmap

Harmony is a scalable and secure blockchain. Our mainnet is live with state sharding since 2019 June and with open staking since 2020 May. Harmony achieves 2-second transaction finality with 4 shards, 250 nodes each, 25.3K onchain delegators, 60% liveness slashing, and sub-second leader rotations.

Toward 2023, we are developing 1-block composable cross-shard transactions; validator resharding every 18-hour epoch with gradual state sync; and, account abstractions for smart wallets with social recovery but no central custodians or fee forwarders.

Firstly, Harmony supports uniform scaling, meaning that our shards grow linearly and boundlessly with transaction demands. Our nodes, states, transactions are each cleanly divided into shards with secure synchronization with the beacon shard.

Secondly, Harmony supports onchain security, meaning that our delegators, bridges, wallets minimize trust assumptions besides malicious validators. Our end-to-end security relies only on the core protocol and smart contract execution – without risking censorship from colluded entities, suffering any single point of backend failure, sidestepping storage of authentication credentials, or leaking identifiable information.

At peak, Harmony’s protocol achieved 500 transactions per shard per second in production, our elastic endpoints served 800M requests per day – with our network accruing $1.41B total value locked, $1.48B stakes, 162 validator pools, 120 active apps, 75 DAO governors, 371K monthly active users, and 656K total wallets.

Harmony is Ethereum-compatible and supports 1. DeFi (Aave, Curve, Frax, Sushi, Tranquil, Stably, StakeDAO); 2. games (DeFi Kingdom, DeFira, Mercury Forge); 3. NFT (Bored Apes, Animoca, Atari, MAD, .country domains), 4. DAOs (Gnosis, Snapspot, Aragon); 5. middleware (Chainlink, Graph, Covalent, DappRader, Pocket Networks, Chainsafe, Hummingbot); 6. bridges (LayerZero, Datachain, Celer, Trustless BTC); 7. gateways (Wyre, Transak, MoonPay, Simplex); 8. exchanges (Binance, Huobi, Kucoin, Crypto.com, OKX); and, 9. wallets (Metamask, Ledger, Trust, 1Wallet).

In 2023, besides protocol development mentioned above, Harmony is driving adoption via games (desktop-mobile wallet sync, tournament escrows, embedded marketplaces) – as well as impact via community (social curation, creator-fan economy, seasonal governance) and cross-chain via partners (chain-agnostic toolings, zero-knowledge-proof bridges, modular data availability).

(*We are actively writing this document and welcoming feedback. To be completed by 2023 Jan, with existing essays on leader rotation, state pruning, light clients).

Technical Vision

1. Sharding vs Modular (App Chains)

Cosmos, Polkadot.

Our base assumption is that demand for block space, similar to demand for computation, is elastic; the cheaper the block space, the more different kinds of computation are able to move on-chain. This means that no matter how fast a monolithic chain is, demand for blockspace is likely to outstrip supply, with costs rising over time. For most other dApps, we would argue asynchronous composability is fine as long as there’s strong cross-chain tooling to port assets over and make the UX of interacting with different dApps seamless.

2. Sharding vs Rollups (Layer 2)

Arbitrium, Optimism. (Briefly: other rollups.)

3. Sharding vs. ZKProofs

Polygon, Starkware. (Briefly: Mina, zkSync.)

4. Other Sharding Protocols

NearEverscale (based on Telegram’s TON). (Briefly: Elrond, Zillqa.)

5. Other Scaling Protocols

Solana, Avalance. (Briefly: Aptos, Sui, Binance, Cardano, Algorand, Fantom, Hedera, Tezos.)

Project Vision

1. Open Platform: Consensus, Staking, Development

“Open Consensus for 10B People”. That means that there will be an open platform for our future generations to create in harmony.

  • Open. A platform is open if anyone can join its development, create values together, and set the rules as a community.
  • Consensus: A platform of consensus make transactions with understanding and agreement, not just of majority, as a human protocol in harmony.
  • 10B People: A platform is for ten billion people, as the human population is converging to in coming decades, if inclusive for everyone including those in the future.

2. Trust Dilemma: Scalability, Security, Decentralization

”To build tools and users for developers, bring the best research to production, and create wealth together among communities.”

  • Build Tools: We provide infrastructure including developer tools and service endpoints, as well as give grant incentives and launch campaigns for user growth.
  • Research Production: We publish and implement state-of-the-art consensus algorithms, cryptographic data structures, tokeneconomics design, and wallet security.
  • Create Wealth: We help communities issue tokens with a liquid market, share collectibles to drive engagement, and sustain common goals together over long terms.

3. Web3 Ownership: Assets, Collectibles, Governance

“To Scale Trust and Create a Radically Fair Economy”. That means building a decentralized, scalable and secure blockchain to settle any transactions without trusted parties. Here, fairness in radical markets promises everyone opportunity for creating meaningful wealth. Or, “To create cooperation for global communities, and scale their digital economies”.

  • Scale Trust: A blockchain decentralizes coordindation among global communities – by enforcing contracts without trusting third parties or prior rules.
  • Radically Fair: A blockchain is fair if everyone has, if not fully equal chance and rewards, meaningful participation against the power of cumulative wealth.
  • Create an Economy: A blockchain, as a marketplace full of incentives, allows anyone to create tokens, secure transactions between parties, and accrue values from serving utility.


  • ⏳ 1Wallet (social mobile wallet) is open source and stores private keys on your mobile device instead of custodial servers. Its Apple Keychain integration and multi-party computation for recovery eliminate the security risks of seed phrases. Gen Z use 1Wallet to curate communities around chats with NFT airdrops, gated content access, and generative 3D avatars. Currently the 1000s users on Harmony engage daily over newsfeed with event discovery, street fashion, collegiate sports, and other cultural experience.
  • 🦸 DeFi Kingdom (yield farming game), or DFK, is a RPG (role play game) experience as idle quests for farming DeFi yields. At peak, its transaction volume ranked the top among games of all blockchains, accruing $1.02B locked assets and 317K monthly users on Harmony.
  • 🪙 Trustless BTC (onchain bridge)
  • 🌉 Trustless Ethereum (onchain bridge) -
  • 🌳 Blue Forest (ZKProof strategy game) is a Play-to-Earn version of Dark Forest, which is gas-expensive even on Gnosis Chain (sometimes queuing up into weeks for a game turn). Also, Blue Forest allows tournament betting for cash prizes as well as for no-loss options.
  • 🛰️ Mercury Forge (space exploration game)
  • 0️⃣ zkDAO (ZKProof scholars)
  • 🌐 Quick Node (node endpoints)
  • 🌐 Pocket Networks (node endpoints) -
  • 👨‍🎤 MAD (NFT marketplace)
  • 💵 Tranquil (multi-asset staking)
  • 💬 SMS Wallet (text message wallet)
  • 🦋 Blu3 (women DAO) -
  • 🎸 dj3n (creator-fan NFT)
  • 🤖 Hummingbot (market making)
  • 🔎 Search Protocol (ads keyword staking)

Integrations & Partners



Protocol Features

Milestones: overview, report, whitepaper, privacy report.

1. Secure, Random State Sharding

Harmony has transcended the blockchain trilemma by bringing the best research to production. Sharding is proven to scaleblockchains without compromising securityand decentralization.‍We divide not only our network nodes but also the blockchain states into shards, scaling linearly in all three aspects of machines, transactions and storage.‍To prevent single shard attacks, we must have a sufficiently large number of nodes per shard and cryptographic randomness to re-shard regularly. Each shard has 250 nodes for strong security guarantee against Byzantine behaviors. We use Verifiable Delay Function (VDF) for unbiasable and unpredictable shard membership.

2. Fast Consensus w/ Instant Finality

Harmony has innovated on the battle-tested Practical Byzantine Fault Tolerance (PBFT) for fast consensus of block transactions. Our Fast BFT (FBFT) leads to low transaction fees and 1-block-time finality in Harmony Mainnet.‍ We use Boneh–Lynn–Shacham (BLS) constant-sized signatures to commit blocks in a single round of consensus messages. We achieve 2-second block time with view changes in production against adversarial or unavailable leaders.‍Harmony Mainnet was launched in June 2019. Our network has produced 30M+ blocks with 450k+ transactions in publicly traded, native ONE tokens.

3. Effective PoS & Token Economics

Harmony has designed a novel Proof-of-Stake (PoS) mechanism for network security and economics. Our Effective Proof-of-Stake (EPoS) reduces centralization and distributes rewards fairly to thousands of validators. Our staking mechanism supports delegation and reward compounding. To support 100% uptime but fully open participation, EPoS slashes validators who double-sign and it penalizes elected but unavailable nodes.Harmony Economics Model caps the annual issuance at 441 million tokens (about 3% rate in long term). Our model gives validators a simple and predictable return. All transaction fees are burnt to offset the issuance, naturally leading to zero inflationwhen our network usage becomes high.

From Zeta Avarikioti and Dionysis Zindros's technical report: Harmony is a Proof-of-Stake sharded blockchain system that aims for high scalability. The system is implemented in practice and has a market cap of about $1 billion at the time of writing… We document the current protocol as it is implemented in the code base, with all its details. We also describe, and explicitly separate, the current state of the code base from any future plans that the team has. Contrary to the code base, which sets the reference implementation, the aim of the current paper is to describe both the how and the why behind every technical decision. Next, we pinpoint security issues with the current implementation. For each potential security issue, we give a detailed description, and put forth solutions that can ensure better security, towards a provably secure ecosystem.

From Common Prefix’s technical report: Being one of the few blockchains that combine proof of stake with the account model, solutions that were built with Bitcoin in mind require reworking. At the same time, falling back to centralized solutions that condition privacy on trusted parties would be less than ideal. So then, does Harmony support solutions that are as simple as a small ring signature or as complex as a SNARK-based proof system? The answer (to both questions) is yes. Harmony provides an EVM-compatible smart contract environment that can host a number of privacy solutions such as Tornado Cash, Zether, Möbius and more. Even better, the low fees of Harmony enable developing a wide range of solutions, giving more freedom to developers as well as researchers. At the same time, this does not mean that there is no scope for improvements: ease of use and user education remain important, as is the ability to privately invoke contract execution.

Wallet Security

Milestones: research paper, 1Wallet mobile, 1Wallet Web.

1. Social (People)

  • Resilient. Funds are recoverable through time locks and multiple safety nets. No single point of failure such as thefts, cracks, loss, censorship or coercions is catastrophic.
  • Sufficient. All steps are well defined without delegating to hardware devices or seed phrases in safety boxes. Users do not need any passwords or rely on biometrics.
  • Anonymous. An account is a fresh cryptographic hash, not tied to existing systems or real-world identity. Derived paths support multiple public keys to protect privacy.

2. Smart (Code)

  • Composable. One-time or low-entropy passwords are useful for small funds. Multiple authentications can independently boost protection thresholds against brute-force.
  • On-chain. A decentralized network with high stakes and fast finality validates all transactions. Its platform has sustainable incentives and open governance to evolve.
  • Programmable. Operations can call third-party contracts, store history of states, or upgrade its code. Complex applications may use oracles of time, locations and events.

3. Hard (Math)

  • Self-Sovereign. No third parties, government documents, designated guardians, backup servers or hardware enclaves are necessary. Users have full custody and self control.
  • Air-Gapped. Key-loggers and man-in-the-middle attacks are minimized. The full parameters of transactions are easy to verify and approve without cables or cameras.
  • Verified. Trusted are only open source and hardened cryptography. Formal verification, through logical frameworks, assures end-to-end security beyond tests and audits.

From Dionysis Zindros's research paper "Keyless Cryptocurrency Wallets”: We put forth a keyless wallet, a cryptocurrency wallet in which money can be spent using a password alone, and no private keys are required. It requires a smart contract blockchain. We propose two schemes. In the first, the user sets a short wallet password and can spend their money at a prespecified maturity date using the password alone. Using this as a stepping stone, we propose a second scheme, in which the user uses an OTP authenticator seed to generate a long series of time-based OTP passwords for the foreseeable future. These are encrypted and organized in a Merkle tree whose root is stored in a smart contract. The user can spend funds at any time by simply visually providing the current OTP password from an air gapped device. These OTPs can be relatively short: Just 6 alphanumeric characters suffice.

Our OTP scheme can work in proof-of-stake as well as static and variable difficulty proof-of-work blockchains. The low-entropy in the passwords and OTPs in our scheme is protected from brute force attempts by requiring that an adversary accompany any brute force attempt by a transaction on the chain. This quickly incurs enormous economic costs for the adversary. Thus, we develop the first decentralized rate limiting scheme. We use Witness Encryption (WE) to construct a timelock encryption scheme in which passwords are encrypted from past into future blocks by leveraging the NP-language expressing proof-of-work or proof-of-stake performed as the witness. Witness Encryption is a currently impractical cryptographic primitive, but our scheme may become practical as these primitives are further developed.

From Ivan Homoliak’s research paper “SmartOTPs: An Air-Gapped 2-Factor Authentication for Smart-Contract Wallets”: With the recent rise of cryptocurrencies' popularity, the security and management of crypto-tokens have become critical. We have witnessed many attacks on users and providers, which have resulted in significant financial losses. To remedy these issues, several wallet solutions have been proposed. However, these solutions often lack either essential security features, usability, or do not allow users to customize their spending rules.

In this paper, we propose SmartOTPs, a smart-contract wallet framework that gives a flexible, usable, and secure way of managing crypto-tokens in a self-sovereign fashion. The proposed framework consists of four components (i.e., an authenticator, a client, a hardware wallet, and a smart contract), and it provides 2-factor authentication (2FA) performed in two stages of interaction with the blockchain. To the best of our knowledge, our framework is the first one that utilizes one-time passwords (OTPs) in the setting of the public blockchain. In SmartOTPs, the OTPs are aggregated by a Merkle tree and hash chains whereby for each authentication only a short OTP (e.g., 16B-long) is transferred from the authenticator to the client. Such a novel setting enables us to make a fully air-gapped authenticator by utilizing small QR codes or a few mnemonic words, while additionally offering resilience against quantum cryptanalysis. We have made a proof-of-concept based on the Ethereum platform. Our cost analysis shows that the average cost of a transfer operation is comparable to existing 2FA solutions using smart contracts with multi-signatures.

Trustless Bridges

From our technical report with Mahdi Zamani: We propose a gas-efficient, cross-chain bridge protocol to transfer assets from a BFT blockchain to another blockchain (e.g., Ethereum) which supports basic smart contract execution. To achieve this, our paper makes the following contributions:

  • We construct a super-light client for BFT chains that allows a client to prove to any external entity that a transaction has been recorded on the BFT chain by providing cryptographic proof that is constant size in the length of the chain.
  • We construct a bridge smart contract on the destination chain for atomic verification of super-light client proofs that guarantee a certain amount of tokens are locked on the BFT chain. The contract also can unlock/mint an equal amount of tokens on the destination blockchain once the verification succeeds.
  • We construct a relay node that periodically transmits to the contract constant-size, check-point information as commitments to the BFT chain. This information allows the contract to later verify super-light client proofs submitted by the client to the contract. While the total amount of information submitted by the relay to the contract for all checkpoints is linear to the chain length, the frequency of checkpoints could be adjusted in practice to curb this overhead.
  • We propose an efficient chain commitment mechanism that allows the client to prove inclusion of a block in a blockchain with a constant-size commitment and logarithmic blockchain inclusion proofs.
  • We further propose a stateless bridge contract design that allows the client to send a small, self-sufficient cross-chain transaction to the contract that does not require any pre-relayed checkpoint information. Our solution requires the client to include only a logarithmic-size (in the chain length) inclusion proof in its message, making it the first BFT bridge protocol that requires logarithmic-size, cross-chain proofs.

On PoW-to-BFT Transfers. Our bridge protocol further allows a client to transfer assets from a PoW chain (such as Bitcoin or Ethereum) to a BFT chain using FlyClient logarithmic-size proofs. This, however, requires certain chain commitments (in the form of Merkle roots) already being included in every block header, which unfortunately, is not possible until a soft fork on Bitcoin and Ethereum includes these commitments in all future block headers. Until then, our bridge protocol adopts the SPV approach of Rainbow bridge, where the relay node periodically sends all recent Bitcoin/Ethereum block headers to the smart contract on the BFT chain. While this incurs a significantly higher storage and computation overhead on the contract, we expect the significantly lower gas cost of most BFT chain (such as Harmony and NEAR) could justify such overhead until chain commitments become available on Bitcoin and Ethereum.

Zero-Knowledge Proofs & Research

From our zkDAO (Succinct, Private, Fair) with Prof Hakwan Lau on zero-knowledge proofs, cryptographic primitives, and privacy: That's where the 100x benefits and the magical use cases come in. We are focusing on ZK innovations that are the most likely to reach millions of users in coming years. We are most interested in universal ZK constructs that are the building blocks for Web3.

In particular, here are six ZK products that already have prototypes on mainnet. The first is compressing computations and states to succinct representations – namely, low-fee zkEVM rollups, trustless Flyclient bridges, and stateless Non-Interactive-PoPoW clients. The second is protecting privacy across multiple chains and Web2-to-Web3 actions. For example, cross-chain coin mixers like Tornado – which is a top use case with 35K users and $6M revenue; Ethereum Foundation's Semaphore Project now enables anonymous authentication and voting. Lastly, fairness is now guaranteed on blockchain. Verifiable Delay Functions (VDF) will be a key primitive for randomness in games and lotteries; anti-collusion for quadratic funding will be critical for anonymous and open grants.

From our Research DAO with Dionysis Zindros:

  • Cryptography: deploy succinct proofs for privacy & performance
  • Security: use mechanical verification for audits, strongly typed languages for prototyping
  • Decentralization: scale transactions across protocols, on-chain staking & delegation across light clients

Project Roadmap

We are a Day-1 startup. Blockchains are becoming the foundation of the global economy, yet their adoption is at only 1%. That means that you as a pioneer and developer are shaping the future with 10X impact. Harmony is a community-driven project, a network with hundreds of applications, and a team wearing crazy ambitions on their sleeves. Because the invincible summer awaits!

2022 Q4

  1. Launch Layer Zero as Ethereum Bridge
  2. Launch 1Wallet at San Francisco Blockchain Week
  3. Save transaction fees for middleware costs & dev growth
  4. Technical comparisons with other scaling protocols

2023 Q1

  1. Harmony 2023 Whitepaper & 10 Sharding Fellows (4 mentors)
  2. Single-block composable cross-shard transactions
  3. 20% matching traffic to Shard 1 (whereas 80% to Shard 0)
  4. Games: wallet integrations for desktop-mobile sync & approvals

2023 Q2

  1. Validator resharding every 18-hour epoch with gradual state sync
  2. Games: onchain ecrows for tournament prizes (esports, sport betting)
  3. Cross-chain: chain-agnostic toolings and shard-independent interface
  4. Community: social curation (reputation), creator-fan economy (events)

2023 Q3

  1. Account abstractions for smart wallets with social recovery
  2. Community: seasonal governance (quadratic stakes with recency bias)
  3. Games: embedded marketplaces (minting editorials, trading analytics)
  4. Cross-chain: zero-knowledge-proof bridges, modular data availability

For engineers, we value your deep understanding of how bytes work. You are a tool maker, a system hacker, and a math nerd all in ONE. Your typical day involves prototyping a top-conference research paper, debugging and profiling in hexdecimal, or writing updates to coordinate asynchronouly with tens of engineers in the open. Building a blockchain is like jumping off the cliff while assembling the plane engine on the fly – but, if you can thrive in chaos, why NOT?

For creatives, we approve your obsession with user experience. You are a product designer, a brand manager, and an industry analyst all in ONE. Your typical day involves studying what delights and what hurts through hard metrics, writing long-form narratives on the why's and the do's, or scrumming tasks for a product launch to iterate with millions of users. Building a community is like sharing your blue heart while keeping the culture alive for decades – but, if this is your dream of 50 years, start NOW?

See our callingTo Yearn for the Vast and Endless Web3”.