Blue lips fish and chips exmouth market
47 commentsBitcoin exchange regulation canada
With sidechains, altcoins are obsolete, Bitcoin smart contracts are possible, Bitcoin Core and BitcoinXT can coexist, and all hard forks can become soft forks. Cool upgrades to Bitcoin are on the way! This project now has its own website! See the literature page for the latest changes. Sidechains allow Bitcoin to be fully programmable. This combines the best of both worlds: You could take 3 BTC, use them to purchase 3 side-Litecoin at a fixed 1: I will first describe the problem and then my solution.
We want to satisfy two constraints: It is easy, because the two chain-types have different advantages: Recall that our original problem statement included: A hard fork directly affects existing BTC, and an Altcoin indirectly affects existing BTC; so, neither extreme meets our definition of sidechain.
Instead, we need something which is just aware enough: If 12 coins go in to Sidechain X, only 12 can come out. Only one hard problem remains: To be protocol-compatible, someone who installed Bitcoin in and never updated it, and refuses to update it for us must be able to tell if these transactions are valid or not!
So, we must do all of this, without creating any new validation rules. We can only use the existing ones. So, a sidechain is only useful if it allows a Bitcoin to change ownership.
It can only do this if it knows that the withdrawals are valid which, by definition, requires us to know that we are on a valid chain. How do we validate the chain, without validating its transactions? Well, we take something that we already do, and we use it a few more times. By trusting miners to act just-selfishly-enough , we can sacrifice a little security to gain a lot of flexibility.
However, the cool thing is: How will Bitcoin learn about the status of a non-Bitcoin chain? Well, now is the time to return to the subject which we previously deferred: These mainchain-coins are sent to a special address, such that they can only be spent with a certain type of information. In Appendix B of their whitepaper, the sidechain-authors describe one thing that the box might be programmed to accept.
It involves a big Bitcoin transaction which itself includes actual block-headers of a different blockchain. Miners can, for free, steal all the coins. Bitcoin blocks are SPV proofs. Fundamentally, a feature of any SPV proof is that miners can fake the proof, and steal all of the sidechained-coins. As the SPV proof must rely on miner approval, I propose that we allow the proof to represent approval directly: For security and space-efficiency, the withdrawals and hence, the votes are infrequent, and slow, such that there is plenty of time to detect fraud and react to it.
Please do not worry about the speed. There would be one such address per sidechain and this address may as well be permanent, and it need not literally be an address. This might sound risky, but P2SH was successfully rolled out the same way. How likely are they to do that? What factors influence their decision? This would make the sidechain just as secure as the mainchain.
The only way that miners could attack either chain would be to rewrite and reorganize them both, which bears an economic cost of wasted energy. The cost of this is that users are obligated to run both nodes, which is as operationally burdensome as a mandatory hard fork both logistically [debating and coordinating the change] and technically [bandwidth, CPU, storage, …] , but preserves the ironclad security of a soft fork where all upgrades are optional, firewalled, and can be freely enabled and disabled].
This is one benefit of the 3 day waiting period, and of a length confirmation process in general: Some users may politely decline to forward any block that maliciously disrupts the sidechain process. Even the option to introduce this policy or introduce new mining hardware with this policy , would tend to dissuade miners from attempting to attack the sidechain in the first place.
All variables would be a statistical expectation of present value , and we can assume that miners always want to maximize this return. Thanks to the ongoing difficulty adjustments, miners who fail to optimize their returns will eventually be operating at a loss. Attack Revenues would be all the stolen money, m-discounted: Hopefully, it is clear that safety will increase if [1] the sidechain is producing tons of fees for miners to enjoy, and [2] miners are forward-looking and really care about those fees.
This eliminates the costs half of the equation completely. What does this formula mean? If the nukes would be triggered by any intentional military action, then there would be no intentional military action. Well, it depends on the sidechain. The threat alone, if credible, is just as good as the real thing. There is already something which permits 2-way transfers, and, while this technique does not 1: We do this by providing users with a credible threat which they never have to execute to use Drivechain.
Arbitrageurs would then be able to sit as middlemen, doing Drivechain behind-the-scenes and AtomSwaps for customers. These swaps would be at prices which are nearly-pegged, such that the arbitrageurs can collect a commission for their services. How small is this commission likely to be? Well, the modern risk free rates are nearly zero, even negative in some countries. My rough calculation is that, currently, 1 USD discounted by a year is To buy a dollar next month, it would then cost about These four values are nearly identical.
Of course, these bargan prices are only achievable if there actually is a risk-free alternative. The only source of risk would be that the miners might coordinate to steal sidechained BTC. It is a little like saying: Drivechain is only reliable if Miners are honest, yet it would only need to be used if Miners are dishonest! This paradox is no accident, as I stated above, it necessarily follows from the game theory exploited in the AtomSwap alternative.
As thanks to AtomSwaps there really is no convenience tradeoff, merely the risk-free rate one of the most forgiving tradeoff rates possible , we want a lengthy transfer period perhaps totaling two weeks or more. The clear implication, of such brazen theft, is that an SPV peg will never work, and that Bitcoin can never have sidechains ever and instead must use [centralizing] hard forks or ShapeShifted Altcoins.
Either that or Bitcoin will just need to wait for new technology. Such an outcome would teach us all to reconsider Altcoins as laboratories of innovation, and would encourage bright minds to work on the problem of mining centralization.
This alters incentives such that, if miners plan to steal, they may as well steal everything. First, notice that miners are those who are most likely to offer AtomSwaps to users. AtomSwaps are just cheaper if the Miners do them. As their holdings increase, rival miners have more to gain by stealing from them. If coins are attempting to move side-to-main, the payoffs sum to if the miners act dishonestly and steal everything , and 5 if the miners act honestly assuming, arbitrarily, that they charge 1 for an AtomSwap service which moves 20 coins.
Hence, miners have an incentive to sell CoinSwaps in proportion to their hashing power. This helps to avoid incentive-imbalances among miners. This outcome is overwhelmingly rewarding to miners, and will only be secure at Pessimism Level 4 if m is very low. Scenario D is, of course, the most salient concern. The allure of the 10, coins requires a low m, but what if m is not low?
Well, we will have to become optimistic in a different way retreat to Level 3 , and assume that miners do, in fact, care slightly about the future. For starters, we can consider the transaction fees paid by users of the sidechain, which will fall to zero if miners attack the chain. How high are these transaction fees likely to be?
If a sidechain, in steady-state, achieved similar transaction revenues as present-day Bitcoin, we can expect millions of dollars of future trading fees to be lost in the event of an attack.
Of course, chains with more transactions are likely to also contain more coins. However, I conclude the security analysis by noting that there will always be some PV of trading fees, encouraging miners to protect the network. This is because they intend to use a side-to-main Withdrawal Transaction to shift the coins back to the Bitcoin mainchain, which facilitates the 1: By charging you a fee, these individuals can be compensated for the inconvenience of locking their BTC into an uncertain process for a few days.
The definition of sidechain implies the use of SPV proofs, which implies trusting miners. Maybe something crazy like zk-snarks will be invented, but that would probably involve an upgrade to Bitcoin which would make it substantially different from what it is today. What can be done is to arrange circumstances to make miners maximally unlikely to choose to steal your money. One way is to arrange things such that miners never have an excuse for allowing funds to be stolen: Such brazen theft would indicate [1] that Bitcoin would be in the near future without sidechains of any kind, and [2] that Bitcoin itself may be in danger from the miners and we may need to consider using an alternate proof-of-work hash function.
In addition, we lump sidechain-transactions together, and deny miners the option of selectively attacking: For certain extra-important sidechains, we can increase pre-commitment by having sidechain-users selfishly refuse to forward malicious Bitcoin blocks, increasing orphan risk for malicious miners but leaving regular miners unaffected. We can even consider destroying sidechained-coins, just before they are stolen a threat which is reasonably credible and thus never needs to be executed.
The symmetric transfers described in BV take over 2 to 4 days.