gmaxwell
Moderator
Legendary
Offline
Activity: 4270
Merit: 8805
|
|
April 12, 2014, 01:48:08 AM |
|
The sidechain would not be allowed to create any bitcoin, so the current mining "subsidy" would not exist.
Thats not strictly true. In that a side-chain could have a subsidy created by stashing coins in compulsory fees on coins crossing the boundary, or by not having a 1:1 value relationship with Bitcoin, or by issuing credits for future fees or other mechanisms. I don't list these things to suggest that any of them or good or that I've considered them in depth— I'm just pointing out that there are more possibilities than you may have considered. Miners could gain txn fees. However, I think that the most likely miners would be those who benefit from the side chain in other ways. For example, if a side chain solved the micro payment problem (high frequency, small payments), services that accept micro payments would be interested in mining the coin.
Absolutely, the one example of a MM alt in bitcoin failing was CLC which can be perceived as being overtly hostile (they took the pre-release bitcoin op_eval/p2sh code, complete with nasty exploits, and rushed it to market: announcing a new altcoin + exchange on the same day, basically trying to monetize other people's code, saying it would replace bitcoin, etc). Services provided by sidechains enhance the value of the Bitcoins miners receive. There are a number of things miners could do if they were short term greedy rational— esp considering that we have parties with >25% hashrate that they aren't doing— they'd have a 5% success rate at a 6 block reorg.. could make for some pretty nice theft. This isn't to say that security is a non-issue, but the nice thing with the sidechains is that you can always choose to not use them. For whatever level of security arises out of any particular sidechains mix of internal incentives and redemption rules there are applications which would find that level of security acceptable. Esp when you start talking about things like high volume micro transaction-ish stuff there is some interesting tradeoff: if you hardfork bitcoin to allow gigantic blocks to make those things even remotely viable, you end up potentially pushing more and more bitcoin users to an SPV model. Given the choice between all of Bitcoin being more SPV like security and just regional microtransaction networks being more SPV like, the latter is a lot more attractive.
|
|
|
|
hoffmabc
Newbie
Offline
Activity: 15
Merit: 0
|
|
April 12, 2014, 02:52:20 AM |
|
Whats interesting now that this has had some press coverage is that people have piped up and pointed out places where they'd invented substantially similar things in the past. So we're now up to ~5 independent inventions of the core idea... perhaps a good sign. I've heard that Dorian actually coined the concept of a sidechain as a "free lunch" off Bitcoin.
|
|
|
|
benjyz
|
|
April 12, 2014, 09:20:40 AM Last edit: April 12, 2014, 09:55:00 AM by benjyz |
|
Here is an interview with Adam on the matter: http://letstalkbitcoin.com/e99-sidechain-innovation/#.U0kCJPh4ib4What we really want is a market principle, so that people value alternative coins. Why one would want to remove this fundamental pricing and incentive mechanism is beyond me. Anway, people will continue to seek profit, no matter what you do. the question is how to design protocols which frame that profit-seeking motive.
|
|
|
|
maaku
Legendary
Offline
Activity: 905
Merit: 1012
|
|
April 12, 2014, 07:21:17 PM |
|
Here is an interview with Adam on the matter: http://letstalkbitcoin.com/e99-sidechain-innovation/#.U0kCJPh4ib4What we really want is a market principle, so that people value alternative coins. Why one would want to remove this fundamental pricing and incentive mechanism is beyond me. Anway, people will continue to seek profit, no matter what you do. the question is how to design protocols which frame that profit-seeking motive. Alt currencies are not seeking profits, they are seeking rents. That is an important distinction that should not be lost.
|
I'm an independent developer working on bitcoin-core, making my living off community donations. If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
|
|
|
benjyz
|
|
April 12, 2014, 07:40:43 PM Last edit: April 12, 2014, 09:21:31 PM by benjyz |
|
Here is an interview with Adam on the matter: http://letstalkbitcoin.com/e99-sidechain-innovation/#.U0kCJPh4ib4What we really want is a market principle, so that people value alternative coins. Why one would want to remove this fundamental pricing and incentive mechanism is beyond me. Anway, people will continue to seek profit, no matter what you do. the question is how to design protocols which frame that profit-seeking motive. Alt currencies are not seeking profits, they are seeking rents. That is an important distinction that should not be lost. who makes that decision? and who is to say that nobody should/can invent something that is better than Bitcoin? clearly that hasn't happened yet. the argument for side-chains is that everyone should use the hashing-power of Bitcoin. I think it would be interesting to see some actual competition on the hashing. would miners destroy a serious alt-coin? I doubt it. I believe they would choose to try and make money off of it, instead of destroying it. so this profit-argument against attacks applies to smaller coins just as well.
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
April 12, 2014, 07:55:29 PM |
|
the argument for side-chains is that everyone should use the hashing-power of Bitcoin.
That is not really the argument. The argument is for other developers to adopt the scarcity model of bitcoin, or alternately for the population of developers who have adopted the scarcity model of bitcoin to be able to innovate in a larger space (compared to the status quo where it is very hard to innovate anything in bitcoin).
|
|
|
|
maaku
Legendary
Offline
Activity: 905
Merit: 1012
|
|
April 12, 2014, 09:01:06 PM |
|
who makes that decision?
No one does. It's a definitional difference: http://en.wikipedia.org/wiki/Economic_rentand who is to say that nobody should/can invent something that is better than Bitcoin?
They certainly can. But there is no justification for creating another p2p issued currency ( unless there is some intrinsic economic difference in the construction of the currency itself -- this is not the case with just about every alt out there except one or two). the argument for side-chains is that everyone should use the hashing-power of Bitcoin.
No, the argument is that people should be bitcoin as the currency no matter what chain they are on. Merged mining is just an implementation detail.
|
I'm an independent developer working on bitcoin-core, making my living off community donations. If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
|
|
|
benjyz
|
|
April 12, 2014, 09:17:34 PM |
|
the argument for side-chains is that everyone should use the hashing-power of Bitcoin.
That is not really the argument. The argument is for other developers to adopt the scarcity model of bitcoin, or alternately for the population of developers who have adopted the scarcity model of bitcoin to be able to innovate in a larger space (compared to the status quo where it is very hard to innovate anything in bitcoin). well, you still need consensus for a new potential feature which carries risk. and those who have a stake in bitcoin likely don't want to take too much risk. whether those features are on a separate chain or side-chain doesn't change that dynamic. also, the process is such that there is a certain team structure ("developer consensus" if you will) that moves the project in a certain direction. if a different team would develop new features, who is to say that the bitcoin dev team would approve of them? if N sidechains compete for features, who decides which features are to be ported? these decisions are very far from trivial and straightforward. Bitcoin is not just a sum of features. I'm not sure what you mean by scarcity model. If somebody issues any coin the market values that coin. Alt-Coins are not inflationary at all. there are 100+ coins and most of them are worthless bits. But there is no justification for creating another p2p issued currency I don't see a release of clones as a problem at all. The license of Bitcoin is pretty clear. So nobody has the (legal) authority to make such claims. Basically we have different chains, and then markets to move between them. The market is currently not very sophisticated but is going to be much more so in the future. There will be a cross-section of protocols along these lines. Bitcoin doesn't have an auction mechanism and it's impossible to build one on top of it.
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
April 12, 2014, 09:33:25 PM |
|
the argument for side-chains is that everyone should use the hashing-power of Bitcoin.
That is not really the argument. The argument is for other developers to adopt the scarcity model of bitcoin, or alternately for the population of developers who have adopted the scarcity model of bitcoin to be able to innovate in a larger space (compared to the status quo where it is very hard to innovate anything in bitcoin). well, you still need consensus for a new potential feature which carries risk. and those who have a stake in bitcoin likely don't want to take too much risk. That's not how the proposal works. There needs to be one change to bitcoin to support all side chains but then you can have as many side chains as you want and the side chains can do whatever they want, including risky things. People who don't participate in the side chain are not exposed to the risk. In theory. I'm not sure what you mean by scarcity model. The scarcity model meaning the total supply is limited to 21 million tokens (bitcoins). With side chains, those 21 million tokens can be used in all sorts of different ways, without creating new tokens (coins). If somebody issues any coin the market values that coin. Alt-Coins are not inflationary at all. there are 100+ coins and most of them are worthless bits.
That's a different scarcity model from the side chain model. I'm not placing a value judgement on the matter, just explaining it.
|
|
|
|
benjyz
|
|
April 12, 2014, 09:47:08 PM |
|
There needs to be one change to bitcoin to support all side chains but then you can have as many side chains as you want and the side chains can do whatever they want, including risky things. Who would define which chains are those which allowed to inter-operate? bitcoin-devs would have to select side-chains / teams who are allowed to participate (otherwise one would have side-chain scams). Its hard to imagine a scenario in which it makes sense to integrate such a selection process into Bitcoin.
|
|
|
|
smooth
Legendary
Offline
Activity: 2968
Merit: 1198
|
|
April 12, 2014, 09:57:24 PM |
|
There needs to be one change to bitcoin to support all side chains but then you can have as many side chains as you want and the side chains can do whatever they want, including risky things. Who would define which chains are those which allowed to inter-operate? bitcoin-devs would effectively have to select side-chains / teams who are allowed to participate. There hasn't been a comprehensive white paper, etc. so it is unclear what the requirements will be. It has been promoted as allowing freer exploration, and it has been stated that the security firewall will be that no more coins will ever be allowed to return from the side chain than were sent to the side chain. If that requirement is enforced within the bitcoin chain, then allowing free (or nearly free) experimentation in side chains may be possible. Beyond that we will have to see, unless one of the developers is prepared to explain this aspect of the model here.
|
|
|
|
thezerg (OP)
Legendary
Offline
Activity: 1246
Merit: 1010
|
|
April 12, 2014, 10:05:12 PM |
|
There needs to be one change to bitcoin to support all side chains but then you can have as many side chains as you want and the side chains can do whatever they want, including risky things. Who would define which chains are those which allowed to inter-operate? bitcoin-devs would have to select side-chains / teams who are allowed to participate (otherwise one would have side-chain scams). Its hard to imagine a scenario in which it makes sense to integrate such a selection process into Bitcoin. @benjyz: Are you a software engineer? No disrespect; I'm just trying to figure out how to couch the idea. Nobody would define which chains are allowed. We are talking about a distributed system here. Essentially there is a protocol (an API, if you will) and any chain that can talk that protocol can join. But that protocol is going to be requiring specific information that some services (sidechains) may not be able to meet. Its similar to you asking who defines what services run over the web? The answer is ANY service that can be defined in HTTP. For example, a forum can be defined in HTTP, an Auction site. A virtual computer. But the act of skiing cannot be. Yes you can advertise and sell skiing tickets over the web, but you can't sell actual skiing.
|
|
|
|
thezerg (OP)
Legendary
Offline
Activity: 1246
Merit: 1010
|
|
April 12, 2014, 10:11:46 PM |
|
And so there would be free-market merged mining of the sidechains? Choose a sidechain you wish to mine, and pay the additional storage cost for maintaining the chains you perceive as valuable?
Correct. To put some numbers on that, the namecoin chain is currently about 4GB of data, and its mined by >80% of Bitcoin's hashrate. Though I'd like to see something deployed that didn't force merged mining. I think having the flexibility to do other things is good. Whats interesting now that this has had some press coverage is that people have piped up and pointed out places where they'd invented substantially similar things in the past. So we're now up to ~5 independent inventions of the core idea... perhaps a good sign. If I'm not one of your 5 you can add me to the list :-) [emphasis added] .... If the bitcoin protocol evolved into a fractal blockchain, where the larger, slower, blockchains do not verify every transaction of the smaller, faster ones it will solve both interplanetary (extremely slow) and regional (high frequency) transactions. Note that on a single planet, "regional" would not have to refer to a physical region -- it could be any social network; in fact "regional" blockchain membership could be created automatically by looking at transaction history of the parent blockchain.
Essentially we'd end up creating blockchains both slower and faster then the current one.
It would be possible to do this with multiple independent "coin" chains but then you'd have the friction of independent markets that trade these different coins. Just like we have today with gold -> USD. This is what "litecoin" is attempting to do. A "better" solution would be to allow the same bitcoin commodity to transfer into and out of the slower and faster blockchains and have the greater blockchain verify some invariants (such as total quantity) of the lesser blockchain -- but not verify every transaction on it. An additional advantage is that periodically the leaf (final state) of every account in the lesser blockchain could be "committed" to the greater chain, and then that entire chain (the entire history of transactions within that chain) could be restarted.
If you are confused, imagine a "tree" of blockchains...
This architecture relies on the premise the the network has the "scale" property. That is the premise of localization of payments (i.e. that the majority of payments happen locally); if the average user paid randomly across the entire network (a "scaleless" network), the largest blockchain would see more traffic then the local ones and there would be little point in a fractal design. I think that bitCoin is "scaleless" as used today, but will become very scaled if mobile payments take off.
A big problem with shoehorning this into the existing system today is the BTC mining award. There is no way today's blockchain could recognize coins "mined" on other blockchains... so the lesser and greater chains would have to rely entirely on transaction fees.
The sidechain would not be allowed to create any bitcoin, so the current mining "subsidy" would not exist.
Thats not strictly true. In that a side-chain could have a subsidy created by stashing coins in compulsory fees on coins crossing the boundary, or by not having a 1:1 value relationship with Bitcoin, or by issuing credits for future fees or other mechanisms. I don't list these things to suggest that any of them or good or that I've considered them in depth— I'm just pointing out that there are more possibilities than you may have considered. Yes, maybe it was unclear but by "subsidy" I was referring exclusively to the coinbase txn, not the txn fees or myriad other ways...
|
|
|
|
thezerg (OP)
Legendary
Offline
Activity: 1246
Merit: 1010
|
|
April 12, 2014, 10:33:24 PM |
|
ok technical discussion: Though I'd like to see something deployed that didn't force merged mining. I think having the flexibility to do other things is good.
When I first read the chat transcript proposal my first concern was as follows: Coins are spent from bitcoin to chain A. Attacker has some service that briefly owns coins on chain A and spends them to someone else (maybe a mixer, but exactly what does not matter) Now the coins are floating around chain A, for a very long time, potentially forever. Attacker has this entire amount of time to privately generate a completely fake 100 or even 1000 deep SPV proof, starting from his ownership of the coins. Attacker submits it to bitcoin blockchain. I believe that this attack fails due to merged-mining. Or in other words, the bitcoin blockchain should only accept the merged-mined blocks found on the bitcoin blockchain as evidence of difficulty. Because the bitcoin blockchain miners cannot be sure that the non-merged mined blocks are real or even that the represent meaningful work if chain A uses a different and unknown (to the bitcoin blockchain) mining algorithm. This has ramifications on how often blocks can be moved from the sidechain back to the main blockchain. If you have 1% merged mining, you will get 1 merged-mined block on the bitcoin chain every 1000 minutes (16 hrs). However, with the strength of the bitcoin blockchain and my supposition that both chains will be unwound if the bitcoin blockchain unwinds a fork, I do not think you need 100+ confs as suggested in the email. What do you think? Does this analysis make sense?
|
|
|
|
maaku
Legendary
Offline
Activity: 905
Merit: 1012
|
|
April 12, 2014, 10:46:21 PM |
|
The attack fails because of the quieting period during which anyone can step forward and provide a reorg proof showing that the claimed return peg is not the most-work chain. The attacker would have to either overpower the honest chain, or by some magical mechanism DoS every single observer of the honest chain, preventing them from telling bitcoin about the real chain.
|
I'm an independent developer working on bitcoin-core, making my living off community donations. If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3080
|
|
April 12, 2014, 10:51:27 PM |
|
And so there would be free-market merged mining of the sidechains? Choose a sidechain you wish to mine, and pay the additional storage cost for maintaining the chains you perceive as valuable?
Correct. To put some numbers on that, the namecoin chain is currently about 4GB of data, and its mined by >80% of Bitcoin's hashrate. Though I'd like to see something deployed that didn't force merged mining. I think having the flexibility to do other things is good. Whats interesting now that this has had some press coverage is that people have piped up and pointed out places where they'd invented substantially similar things in the past. So we're now up to ~5 independent inventions of the core idea... perhaps a good sign. So the fundamental qualification for a side-chain would be direct, chain verified transference of coins between the primary chain and sidechains? Could there be a case for writing the extension in a way that lets coins be transferred between sidechains, without the need for re-entering the main chain? I suspect yes, but is this technically possible? And so Namecoin doesn't qualify as a sidechain now, but could (although a Namecoin functional clone introduced as a sidechain sounds more likely). Purpose-specific alts could indeed become usurped by a successful sidechain targeting the same purpose. Services that squat on the main chain could also become redundant. I very much like the idea. It permits experimentation with non-money information services that work as a part the existing system, and yet it's structured in a way that the data from the experiments don't become co-mingled as they have been up to now. And of course purely money-based services with different characteristics could also be created. Furthermore, a chain with a purpose that works under a certain set of real-world circumstances can continue as long as those real-world circumstances exist, and if/when the real-world changes, the chain can either change, remain, or be discontinued, driven by market forces. Very powerful idea. And so the case for tightening rules for arbitrary data in (what may henceforth be referred to as "main-chain") transactions can be made more convincingly, without overriding the arguments that innovations are being stifled. This could add alot more nuance to the work of a miner too, depending on what applications are developed as side-chains. Potentially very far reaching. All sorts of regulatory angles, and all the moral issues associated with processing data that is informative about actual humans.
|
Vires in numeris
|
|
|
maaku
Legendary
Offline
Activity: 905
Merit: 1012
|
|
April 12, 2014, 11:03:23 PM |
|
So the fundamental qualification for a side-chain would be direct, chain verified transference of coins between the primary chain and sidechains? Could there be a case for writing the extension in a way that lets coins be transferred between sidechains, without the need for re-entering the main chain? I suspect yes, but is this technically possible?
The process can be made entirely symmetrical such that you'd be able to transfer value between any two chains, if the chains are setup to support that in the first place. However coins of the form BTC -> A -> B would be technically treated as a different asset class than BTC -> B coins, so I don't think this would have quite the semantics you are looking for.
|
I'm an independent developer working on bitcoin-core, making my living off community donations. If you like my work, please consider donating yourself: 13snZ4ZyCzaL7358SmgvHGC9AxskqumNxP
|
|
|
thezerg (OP)
Legendary
Offline
Activity: 1246
Merit: 1010
|
|
April 13, 2014, 01:05:37 AM |
|
The attack fails because of the quieting period during which anyone can step forward and provide a reorg proof showing that the claimed return peg is not the most-work chain. The attacker would have to either overpower the honest chain, or by some magical mechanism DoS every single observer of the honest chain, preventing them from telling bitcoin about the real chain.
the quieting idea has issues as I understand it. Intuitively relying on an altruistic third party or require coin owners to be online 24/7 to protect a spend to sidechain seems dangerous. specifically, an attacker colluding with a bitcoin miner could choose to not relay the reanimate txn until it solves it in a block. another issue this raises is what happens if it happens? There are now fewer backing btc on the blockchain than on the sidechain. like musical chairs the last one to spend back into btc blockchain loses. this could trigger a run on the sidechain.
|
|
|
|
TierNolan
Legendary
Offline
Activity: 1232
Merit: 1104
|
|
April 13, 2014, 09:33:57 AM |
|
The process can be made entirely symmetrical such that you'd be able to transfer value between any two chains, if the chains are setup to support that in the first place. However coins of the form BTC -> A -> B would be technically treated as a different asset class than BTC -> B coins, so I don't think this would have quite the semantics you are looking for.
It could be setup so that the chains group multiple cross chain transfers together. If there was 100 transfers between 2 chains, then the chain that ends up losing money could transfer some of its "reserve" to the other chain. This would be like where banks do 1 transfer each day no matter how many of their customers send money between the 2 banks.
|
1LxbG5cKXzTwZg9mjL3gaRE835uNQEteWF
|
|
|
benjyz
|
|
April 13, 2014, 12:14:20 PM Last edit: April 13, 2014, 12:57:22 PM by benjyz |
|
The analogy would be roughly as follows: when you enter a casino you transfer dollars into chips. Each chip has a definite value, and there is a 1:1 correspondence. you can move chips into dollars if you enter or leave the casino, but you can't use dollars to play in the casino. The chips in the casino can represent anything, as long as the movement in and out are 1:1. Now, that is all well and fine. However, when you think about it more you come to realize that the casinos have to able to convert dollars into chips. Because chip amounts are usually small compared to the overall money supply of the casino this is not a problem. But if someone comes in with 10M$ to convert dollars into chips, that is going to be a problem if the casino is small. likewise if somebody wants to cash out 10M$ that might bust the casino.
what you need is supply and demanding matching, so that people can move between different alternatives. what markets do, they establish a function of supply and demand to clear the outstanding balances. this function is the price of a currency. with pegged fiat currencies, a central bank will offset, i.e. manage, demand and supply. the price fixing results in a need to manage a balance sheet by some authority. for someone to move out of a network/currency, you need someone moving in. if I want to use XYZ-Coin and I own BTC, I have find someone who owns XYZ and wants BTC.
as an example: if one sidechain has a bug and all state / coins are lost. how does Bitcoin know that those coins are not re-spendable? if an Alt-Coin has a fatal bug, coins become worthless rather quickly. or say it is rumored that one chain has a fatal bug. now half of the coins rush out. who loses in this transaction? some value (BTC) was destroyed. burning dollar bills has an effect on your balance sheet. I don't see where these questions, which are the interesting ones, are even being addressed. for this to work you would basically have to prove that sidechain doesn't lose state (is perfectly safe), or that if state is lost that will be a known quantity or more abstractly that risk exposure is linear. all kinds of assumptions you don't want to make in robust systems.
|
|
|
|
|