IF and WHEN we figure out whether this is even possible THEN we can debate its merits.  Before that significant debate seems premature... or feel free to go start another thread.  I was hoping to discuss technical feasibility here.  I will change the title.

@peter r: Spin-offs is a good idea, in fact it may be mine.  I posted it on the other forum on March 26 as a way to handle adding multiple currencies to bitcoin if the core devs would not add it.  But please do not sidetrack this discussion into it.

WRT transaction capacity:

The Satoshi scalability model gets us somewhere.  I haven't re-analyzed it since bitcoin was much smaller, but IIRC I think it gets us to worldwide international settlement bandwidth with a high enough tx fee to eliminate micro payments.

Regardless, the various transaction parameters: bandwidth, settlement times etc, have been significant motivators of alt-coins.  Clearly Bitcoin has either been seen deficient by some in this respect (esp the 10 minute average confirmation time), or we need blockchains with different parameters to satisfy different needs.


@benjyz: Nobody is talking about a private blockchain...

1. I'm not talking about hashing power.  I am talking about network effect, the first mover advantage.  Why MS word is STILL the standard word processor....
2. It does not move away from consensus.  Consensus is still required for any features to be added to the bitcoin blockchain.  And as an owner of a coin, its my choice whether I want to move it to the "quick&tinyCoin" sidechain (just to make something up) for use in a cloud storage solution.
3. You can have your opinion, but lots of people see the scam-coin movement as detrimental to the public image of crypto-currencies.  Additionally, let's imagine someone does create Bitcoin2 that really does have compelling features, solving lots of Bitcoin's current problems.  Let's imagine that it exceeds the Bitcoin first mover advantage.  The resulting transfer of value from Bitcoin to Bitcoin2 is not going to paint a pretty picture to the general public, potential investors, Venture Capitalists, etc.  It would set crypto-currency adoption back many years IMO.  Solving this is one purpose of the "spin-off" idea...
4. What's "the problem?" that it doesn't solve... 1 through 4?


But this is going to be my last response debating the merits rather then the technique of this feature.  It has value to many, perhaps not to you.

This is an open question AFAIK and very interesting.  The sidechain would not be allowed to create any bitcoin, so the current mining "subsidy" would not exist.  Having a tiny or zero mining reward at least would avoid Coiled Coin's fate (51%ed by a pool operator starting merged mining).

Miners could gain txn fees.  However, I think that the most likely miners would be those who benefit from the side chain in other ways.  For example, if a side chain solved the micro payment problem (high frequency, small payments), services that accept micro payments would be interested in mining the coin.  The current coin subsidy has overshadowed this possibility on the bitcoin blockchain, but look at the core devs.  They are paid by TBF which was funded by contributions from companies invested in bitcoin's future success.

@Benjyz:  the concept of "sidechains" is an attempt to allow a bitcoin to move from one blockchain to another.  Its still a bitcoin, its just hosted on a different blockchain.  So essentially the price of a bitcoin on blockchain A cannot diverge from that of a bitcoin on blockchain B because the bitcoins freely move between the blockchains.

Let us keep this topic technical in nature: whether a particular technology *should* be offered as a sidechain or as an alt-coin is a topic better discussed elsewhere.  However, let me briefly offer several possible justifications for side chains:  
1. Bitcoin may have such a strong momentum and monopoly in the digital coin space that even alt-coins with useful features are unlikely to succeed.
2. As a live proving ground for features that could be added the the Bitcoin core blockchain.  These features may be useful, but not cool enough to build a successful alt-coin around.
3. There may be a reluctance (by responsible stewards of the digital currency concept anyway) to inflate the total crypto-currency pool by creating new alt-coins.  
4. The main bitcoin chain cannot easily carry worldwide VISA/MC levels of load

try to keep your intake below 3 coffees per hour lol...

Clearly bull trap "recoveries" are fueled by the idea that the prior dip may have been THE bottom and by the historical observation that no matter how well you did selling BTC or shorting it, you are not going to do do better than buy and hold unless you also catch the bull market.

So its important to buy near the bottom.  Personally, I have been thinking that that is now for the last few weeks  .  What will indicate the turn for you?

There is none, its in bits and pieces... hang on, updating 2nd reply now with links.  EDIT: updated

Terminology:

SPV: Simplified Payment Verification.  How non-fully-validating wallets have trust in your balance.  Basically a chain of block headers that proves that a certain amount of work has happened after a particular txn was posted.   https://en.bitcoin.it/wiki/Scalability#Simplified_payment_verification

SPV proof of burn:  Someone who wants to "reanimate" coins on the bitcoin blockchain (chain A) needs to submit proof that the coins were spent on chain B into the 1chainAxfer (well known unspendable address -- i.e. the coins were "burned" on that chain) AND that sufficient work has been done subsequently to make it unlikely that a fork will unroll this spend.  Rather than force the chain A miners to access the chain B blockchain, the entity who wants to "reanimate" the coin gathers all this information into a "proof" and submits it as part of the "reanimate" transaction.

Security Firewall: Ensure that no matter what happens on side-chains, people/coins that have only been used on the main chain remain unaffected.  Most importantly, no accidental inflation.

1-way peg:  This refers to moving bitcoins to a sidechain.  To understand the term, note that if it is possible to move bitcoins to the sidechain, the price of the sidechain coins cannot exceed that of 1 bitcoin.  The price is "pegged".  If ever did exceed 1 bitcoin did people would simply move bitcoins to the sidechain and sell them...

2-way peg:  This refers to moving bitcoins to a sidechain and back.  This functionality "pegs" the price of the sidechain coin to that of bitcoin because any deviation simply allows people to move coins to the lower priced chain and sell them.

References:

This chat is really the best description: http://download.wpsoftware.net/bitcoin/wizards/2013-12-18.txt

00:24:30 <BlueMatt> are there any serious or semi-serious proposals for how to fix an altcoin 1:1 to bitcoin without a large cost to bitcoin miners given some hardfork changes to bitcoin?
00:26:38 <gmaxwell> if not for the disabled operators you could probably do it without hardfork changes to bitcoin, though you would only have SPV security in the altcoin-bitcoin direction.
00:27:16 <BlueMatt> even getting spv security in the altcoin-> bitcoin direction is non-trivial, no?
00:27:26 <BlueMatt> (given hardfork to reenable opcodes)
00:27:54 <BlueMatt> you'd have to have the whole chain history, or some subset starting from the time of the bitcoin->altcoin transfer
00:28:03 <BlueMatt> well, whole block-header-chain-history
00:28:27 <gmaxwell> yea, you just write a script that can do a spv validation and then takes a chunk of headers of a prespecified sufficient difficulty.
00:28:44 <gmaxwell> the proof can start at the point the txn of interest was mined.
00:28:45 <BlueMatt> that gets pretty expensive?
00:28:57 <gmaxwell> I mean, it's 80 bytes per header. so not really.
00:29:02 <BlueMatt> very expensive if you hold the alt for an extended period...
00:29:21 <BlueMatt> well, no miner is gonna mine a tx that is 80 bytes*N where N is a few weeks/months of headers
00:29:24 <gmaxwell> BlueMatt: oh no, you don't do it over the life of the alt.
00:29:32 <gmaxwell> crazy no no thats not how it works.
00:30:25 <gmaxwell> you take some coin and assign it to a scriptPubKey that can be redeemed by anyone who provide a SPV fragment from the altcoin showing any of those coins being reassigned back to bitcoin, with a sum difficulty of at least X.
00:30:47 <adam3us> gmaxwell, BlueMatt: a 1:1 peg - doesnt that import security risk from the alt into bitcoin? (i suggested a 1 way peg "bitcoin staging" only so bitcoin is security firewalled) are we talking about the same area of feature
00:31:39 <gmaxwell> adam3us: only to the limit of the alt. say the alt was somehow totally insecure... you could then steal all the bitcoins that had been assigned to the altcoin.
00:31:44 <gmaxwell> but no more.
00:32:01 <adam3us> gmaxwell: hmm that might be ok
00:32:18 <BlueMatt> adam3us: what gmaxwell said (if you decide to put your btc in the alt, sucks for you)
00:32:43 <gmaxwell> BlueMatt: one problem there is that isn't really spv security, its "spv transcript" security, in that the bitcoin network isn't going to go out and find a longer chain.
00:32:48 <adam3us> BlueMatt: yes that is an acceptable trade off and already at risk with a 1-way peg
00:33:20 <gmaxwell> BlueMatt: But I did come up with a way to boost that to more like real SPV security with a bit more script power.
00:33:33 <BlueMatt> gmaxwell: well, ok, sum difficulty is one way...but very non-ideal
00:34:18 <gmaxwell> (you make the relase of coins back into bitcoin two phase. The first phase you do a header proof for the release.. and that gets mined.. but it can only output to a special holding script with the following rules:
00:35:13 <gmaxwell> after N blocks the releasing party can grab the coins. OR at any point, any party can show a longer chain to prove the release was bogus. and then they can only be redeemed with a new release on a chain longer than that one.
00:35:55 <gmaxwell> In any case I think most of the stuff thats been said of any technical substance on this is in the coinwitness thread (where I suggest using SNARKs for C to compact the proofs, though its not essential): https://bitcointalk.org/index.php?topic=277389.0
00:36:17 <gmaxwell> obviously if you compact the proofs things start sounding more interesting from a scaling perspective.
00:37:04 <gmaxwell> also if the headers of the altcoin form a MMR (insertion ordered binary tree) it may be cheaper to prove long spans of difficulty.
00:37:09 <BlueMatt> yea, though depending on cutting-edge crypto is ugly...
00:38:02 <gmaxwell> BlueMatt: well there are less ambitious (efficiency wise) ways to construct these proofs, but they're larger... though I'm not sure if we could get the direct proofs down with special support. Maybe.
00:38:08 <gmaxwell> SPV fragments can be pretty small.
00:39:02 <BlueMatt> yea, its all a bit expensive, really
00:39:23 <BlueMatt> it would be fun to be able to peg arbitrary altcoins to bitcoin as it really addresses the issues altcoins cause
00:40:02 <BlueMatt> allows them to innovate (ie risk people's money) while not costing bitcoin's digital scarcity/competing on store-of-value
00:40:51 <gmaxwell> BlueMatt: one way is easy— just have them validate bitcoin too.
00:40:55 <adam3us> BlueMatt: agreed
00:41:57 <gmaxwell> BlueMatt: one point is that you could coinjoin your cross chain merges perhaps, to make them smaller. e.g. one proof and then a dozen transactions hop the gap.
00:44:18 <BlueMatt>  gmaxwell sure, but if you only peg one-way its really not particularly useful
00:44:40 <BlueMatt> well, it is, but not as useful
00:44:54 <BlueMatt> gmaxwell: sure, you could limit to like 1 coinjoin'd alt->btc tx per day
00:45:03 <BlueMatt> but even that could be expensive
00:45:29 <gmaxwell> I dunno, I mean, it's a seralized transaction and spv proof, plus some additional headers.
00:45:43 <BlueMatt> well, if you have 100 alts all doing that, it does
00:46:04 <adam3us> BlueMatt: I like 1:1 peg idea, I only suggested 1-way peg to insulate security, if you can insulate security to the coins in the alt, thats even better
00:47:41 <BlueMatt> as long as you limit it to the people who transferred their coins...
00:47:49 <BlueMatt> gmaxwell: hmm...
00:47:57 <gmaxwell> lets say there are 2^12 txn per altcoin block, ... lets imagine you make the altcoin txn themselves hashtree so you can get to only their outputs.. so say maybe 64 bytes for the altcoin output, 384 bytes for the spv tree. 4 bytes for a spv index, and 12 80 byte headers = 1.4k.
00:48:15 <gmaxwell> it's bigger than a typical ecdsa signature, but not murderous.
00:48:48 <gmaxwell> and if they coinjoin the biggest parts (960 bytes of headers, 384 bytes of hashes) can be shared.
00:49:56 <gmaxwell> adam3us: yea,  I don't think there is a security need to make it one way. If you can never "pull back" more from an altcoin than was sent to it, then only the holders of the altcoin are at risk.
00:50:43 <adam3us> gmaxwell: seems plausible indeed, i just didnt think of it in those terms at the time.  good
00:51:22 <gmaxwell> the altcoin is also a bitcoin node, and monitors bitcoin for coins assigned to the altcoin, and then permits someone on the altcoin to emerge those coins from thin air.. and then when you want to send them back you make a special transaction in the altchain and prove you did it to bitcoin.
00:51:23 <adam3us> gmaxwell: i suppose the other thing is it itself requires bitcoin changes, perhaps non-trivial ones, and that is part of the reason for the exercise.
00:51:46 <gmaxwell> yea, unfortunately it requires changes to bitcoin.
00:52:18 <gmaxwell> we could _almost_ do it in script without the disabled opcodes, but there are enough little corners that I suspect we can't.


2-peg side chain links:

2-way pegging, Adam Back: http://sourceforge.net/p/bitcoin/mailman/message/32108143/

Description of skip-lists that can space-efficiently prove difficulty (SPV proof of burn):

The High-Value Hash Highway: https://bitcointalk.org/index.php?topic=98986.0
Compact SPV proofs via block header commitments: http://sourceforge.net/p/bitcoin/mailman/message/32111357/

Let us centralize and clarify discussion on bitcoin sidechains.  

The basic idea has been around since at least mid-2012 (any earlier references?) and is to allow value to be moved from the bitcoin network into a separate blockchain and back.  But a possible implementation has only emerged relatively recently (gmaxwell).

First, if both blockchains "see" each other then side chains are easy.  Let's say you want to move value from chain A to chain B.  The owner spends bitcoins on chain A from any address (say 1Me) into a well-known unspendable address (let's pretend the address prefix is 1chainBxfer).  Nodes on chain "B" are watching chain A, perhaps only as a SPV node to see txouts going to 1chainBxfer.  When a suitable transaction is found and sufficiently confirmed, a coinbase txn is allowed on chain B that grants coins to the same addresses as the txins on chain A (1Me).

And you can spend back from B to A in the same way.

Basically, a similar technique was used to fund mastercoins, except that the mastercoin bitcoin address IS spendable (which therefore inflates the TOTAL crypto-currency (MC+bitcoin) supply) and the transfer was a one-time "kickoff" deal.


The real question is how to spend in both directions (2-peg is what people have been saying) when chain A is not aware of chain B?  I think that the general consensus is that this is impossible which is why the sidechain idea languished for 2 years.  

However, the real question is "what is the MINIMUM amount of information that chain B requires and how can that be provided to B with the smallest, safest API changes to B?"

The first requirement is to ensure that the total number of bitcoins will never exceed the amount mined, regardless of errors or antagonistic players on the side chains.  This ensures that errors on a side chain will never inflate the total number of bitcoins on the bitcoin blockchain.  This is easily solved by requiring only allowing "reanimations" of coins on the bitcoin blockchain.  That is, an output transaction was created to an "unspendable" address in the bitcoin blockchain to transfer the coin to chain B.  To transfer value back to the bitcoin blockchain, this txo must be "spent".  It probably does not matter which TXO gets spent to reanimate a coin (in fact choosing a random one will help anonymity), it only matter that the size of the "reanimating" txins = the spending txo's (miner's fees will need to come from a normal txin).

Now, the worst case scenario is that someone will be able "reanimate" all the coins transferred to another chain, stealing them.  This could cause the sum of the spendable "bitcoins" on the bitcoin blockchain and the sidechain to exceed 21M.  But the 21M limit is not broken, on the bitcoin blockchain (presumably the other chain dies a horrible gox-like death at this point :-( because its coins are no longer "backed")...


To stop that, we need to prove ownership of a off-chain coin to the bitcoin blockchain...

BRB :-)

Thanks for the advice, I noticed last night that it does look like side chains are gaining some renewed attention, due to gmaxwell's clever "spend back" solution that takes advantage of merged mining.  This feature really would allow services to be layered on top of bitcoin in a manner more analogous to TCP/IP, including a chain with the multi-currency features that I am proposing.  In fact, I'm thinking of making a summary topic here since the information about this idea is hard to find and not cohesive.

thanks for your replies.  I am not advocating for any small feature but for the ability to exchange which is fundamental to economics.   Since the technology already exists in ethereum there is little value in making another altcoin tool unless there is an intention to merge to bitcoin.  but the list was certainly not meant as demands just discusssion points to explore the issue. sorry for any misunderstandings there.

gmaxwell: I am not aware of existing solutions with non parasitic bitcoin blockchain use.  can you send me link or quick summary.

That's a long road full of uncertainty for both Bitcoin and Bitcoin2.  Bitcoin the code is freely available, and Bitcoin the network is decentralized, but Bitcoin the product is very much controlled by those with commit access to the github repository.  Better to persuade them first. 

Frankly I don't see how much persuasion is needed.  Exchange is the essential part of the economy.  Alt-coins are implementing it.  Bitcoin must keep up or become obsolete.  The valley of the hype cycle is a good time to work on this kind of thing...

 

I'm wondering what the core devs' opinion is of adding multiple units of account, atomic transfers etc to Bitcoin?  Think Colored Coins+. 

This is what I think:

It seems like the greatest risk of an alt-coin replacing bitcoin is that bitcoin does not handle different units-of-account.  This seems to be a key feature of most if not all of the non-copycat alt-coins.  The foundation of economic behavior and contract law is exchange, not transfer and so bitcoin seems very deficient.  To truly capture economic activity, and live up to its "electronic cash" moniker, Bitcoin needs atomic exchange between different units-of-account. 

The ongoing (and recent) failures of centralized exchanges have shown the difficulty of centralized approaches.  And even without failure, they had significant issues in terms of choice (can't exchange any pairs), price-and-time efficiency, and regulatory load.  This is why bitcoin was decentralized in the first place.

I understand the reluctance to make changes that would cause a fork in clients that have not updated, but this can be and has been managed.  It will be especially manageable when it becomes generally understood that the real question is not "to fork or not to fork", but whether the fork that brings the promise of digital currencies to full fruition is Bitcoin v0.9.5 or SomeOtherCoin v0.1.0.  I think that we should be confronting this today.  Once an alt-coin has made significant strides, IT will have the network-effect advantage, not Bitcoin.


Yes I know all about colored coins.  Its a good start but the key feature is exchange, not coloring.  Colored coins do not really support anonymous atomic exchange.

1. We need colored coins+ natively in the Bitcoin core wallet (satoshi client) to send the message that this concept is officially supported.
2. We need EVERY wallet to at least respect (and not touch the coins of) colored designations.
3. We need 1 satoshi transfers.  Either make an exception for color designated coins, or use the size of the txn fee to decide to relay.  The txn fee is the "right", market based way, if I'm willing to spend 1000 Satoshis to transfer 1 Satoshi, why should miners deny me?
4. We need colored annotation on every txout.  Today, wallets can operate on just the txout set.  They don't need the entire blockchain history.  We need to keep it that way or even make it simpler to help hardware wallets.
5. We need script primitives that support atomic exchange and a colored spend fee (like a miner's fee, but to the colored coin creator).  These details are better described in a full spec.

With these features companies could issue their stocks, bonds, etc natively on the blockchain.  Other companies could "back" crpyto-<thing> with real <thing>, and receive a small fee for their service. 

With these features, Bitcoin can actually DO everything the pundits have been promising...

Yes trust is still involved, but it is significantly reduced.  This is ok.  Trust is intrinsically involved for many units-of-account.  For example, holders of a mortgage instrument are trusting that the owner won't trash the house.  There is no way to avoid this.  In fact, its hard to argue that bitcoin-the-currency won't out-compete every trustless (and therefore unbacked) colored coin.  What do these other coins have that bitcoin does not?  So I think that bitcoin & coins based on some degree of trust will be the only ones with economic significance on the bitcoin blockchain.

BUT basic exchanges become places where buyers and sellers meet; they actually never touch the money.  At the same time, there is still a niche for centralized, high frequency trading.  This mirrors what is good about our economic system today.  I CAN exchange stock by hand with a random person on the street, but a centralized exchange makes it more convenient.

This is not an overlay network that is a parasite on bitcoin-the-network at the expense of Bitcoin-the-currency.  Bitcoin remains the fundamental digital crypto-currency facilitating the exchange of special-purpose units-of-account. 

The devs of the new coin could use the bitcoin blockchain as you describe but give themselves half of the unmoved 2009 coins (satoshi coins).  Additionally, adding a limit-in-the-blockchain for the spending of these coins to no more than 10% of them per year would show that the devs are in it for the long haul, not making a scam coin.  This would perhaps fairly compensate the new devs for their effort, while still acknowledging SN's original contribution.  But I believe it also reasonably reduces SN's stake in the new coin -- commensurate with his lack of ongoing contribution to the digital currency space.   By using some fraction of the existing count of early coins it kind of simulates the first-mover mining advantage that the new coin devs should have received.  This allows the new coin to use the strongest POW network (SHA-256 ASICs) but still give the devs "early" coin.

bull up bear down universal investing terminology

sell your game items for bitcoin!  virtual currency for virtual items.

I have no experience with bitcoin-central, but given all the recent coin losses on exchanges I'm ok with daily BTC withdrawals.  If some exchange wants to essentially have a hot wallet of size zero, and personally humanly, OK distributions from a cold wallet once a day then I think that's probably a good idea. 

You shouldn't be holding your coins on an online exchange anyway.  You can still spend coins that you are holding personally instantly so the only people this will inconvenience are arbitragers.

orobtc: yes lots of btcers hold PMs.  read gold collapsing bitcoin up thread
ken: wrt phys vs. paper its not just a SHTF event;  the USD is valid for "ALL debts public and private".  In a gold deflation event you'll either get your USD equivalent or get a chapter 11 headline.  if you get usd I bet it will be quite hard due to various shenanigans to ACTUALLY then buy an equiv amount of phys.

stocks like to trade between 10 and 100.  in no way is that too expensive because you can buy just 1 even though investors like to buy in blocks of 100.  I care about moral barriers but this one does not exist.  you should realize this too unless you think all brand name recognition and goodwill advertising is morally corrupt and ads should be dry feature recitals.  and a million other aspects of today's world like wearing a suit to an interview and combing hair.  that is -- presenting the thing in a manner more compatible with the consumer.

its not like we would hide it.  in fact we would announce it as far and wide as possible.  And clueless grannies have plenty of other barriers.

you should consider the "moral hazard" of attempting to protect people from every imagined danger.

dont be silly.  stock splits are par for the course.  you want to push an agenda that nothing else in the world follows do it with something else.  its just easier for people to think of 25635 when buying a car than it is for them to think of .000025831 to buy a pencil.

im sure there machinery in media outlets to handle this because it happens with stocks all the time.  we would just need to pick a date and get major exchanges and charting sites onboard.