Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Y0UwP-0003HE-OY for bitcoin-development@lists.sourceforge.net; Mon, 15 Dec 2014 12:39:57 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org designates 62.13.149.101 as permitted sender) client-ip=62.13.149.101; envelope-from=pete@petertodd.org; helo=outmail149101.authsmtp.com; Received: from outmail149101.authsmtp.com ([62.13.149.101]) by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76) id 1Y0UwO-0003ZA-84 for bitcoin-development@lists.sourceforge.net; Mon, 15 Dec 2014 12:39:57 +0000 Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237]) by punt15.authsmtp.com (8.14.2/8.14.2/) with ESMTP id sBFCdmbO064626; Mon, 15 Dec 2014 12:39:48 GMT Received: from savin.petertodd.org (75-119-251-161.dsl.teksavvy.com [75.119.251.161]) (authenticated bits=128) by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id sBFCdhIR030074 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 15 Dec 2014 12:39:46 GMT Date: Mon, 15 Dec 2014 07:39:42 -0500 From: Peter Todd To: Tamas Blummer Message-ID: <20141215123942.GA28381@savin.petertodd.org> References: <417518B4-1E4D-4467-BC87-95C9EAF0C599@bitsofproof.com> <20141211120916.E912EE22B92@quidecco.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-Server-Quench: 73b030d4-8457-11e4-9f74-002590a135d3 X-AuthReport-Spam: If SPAM / abuse - report it at: http://www.authsmtp.com/abuse X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR aAdMdwcUHFAXAgsB AmIbWlZeU1R7XWU7 bA9PbARUfEhLXhtr VklWR1pVCwQmQm53 dUpGK3tydAVGf3o+ ZEVhVnkVW0codUV9 FkpJHWkDYnphaTUb TUkOcAdJcANIexZF O1F8UScOLwdSbGoL NQ4vNDcwO3BTJTpY RgYVKF8UXXNDOzMm SB0OVTAuG0wDSG06 ZwcnJlNUF0YYM0N6 Llo9WRoAKRgVBEVZ ESMFCjJDITgGQWIz BBlXW1JWGz1UQCE0 X-Authentic-SMTP: 61633532353630.1024:706 X-AuthFastPath: 0 (Was 255) X-AuthSMTP-Origin: 75.119.251.161/587 X-AuthVirus-Status: No virus detected - but ensure you scan with your own anti-virus system. X-Spam-Score: -1.5 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1Y0UwO-0003ZA-84 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Merged mining a side chain with proof of burn on parent chain X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2014 12:39:57 -0000 --mYCpIKhGyMATD0i+ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 15, 2014 at 11:21:01AM +0100, Tamas Blummer wrote: > Burn mining side chains might be one of the foundation ideas for that eco= system, enabling permission-less merge mining for > anyone with interest in a side chain. >=20 > I am puzzled by the lack of feedback on the idea. It's not a new idea actually - I outlined a system I eventually called "zookeyv"=B9 based on the notion of sacrificing Bitcoins to achieve consensus a year and a half ago on #bitcoin-wizards. The discussion started here and continued for a few days: https://download.wpsoftware.net/bitcoin/wizards/2013/05/13-05-29.log I later wrote up the idea in the context of adding Zerocoin to Bitcoin: http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg02= 472.html For key-value mapping I eventually decided that the system didn't necessarily need to be a strict linear blockchain - a directed acyclic graph of commitments had advantages as there needed to be less syncronization between transactions. This also means that the graph doesn't necessarily need to be revealed directly in the blockchain, exposing it to miner censorship. OTOH revealing it makes it easy to determine if an attacker larger than you exists. These days I'd suggest using timelock crypto to defeat miner censorship, while ensuring that in principle consensus over all possible parts of the chain can eventually be reached.=B2 Proof-of-sacrifice for consensus has a few weird properties. For instance you can defeat attackers after the fact by simply sacrificing more than the attacker. Not unlike having a infinite amount of mining equipment available with the only constraint being funds to pay for the electricity. (which *is* semi-true with altcoins!) As for your specific example, you can improve it's censorship resistance by having the transactions commit to a nonce in advance in some way indistinguishable from normal transactions, and then making the selection criteria be some function of H(nonce | blockhash) - for instance highest wins. So long as the chain selection is based on cumulative difficulty based on a fixed target - as is the case in Bitcoin proper - you should get a proper incentive to publish blocks, as well as the "total work information rachet" effect Bitcoin has against attackers. 1) In honor of Zooko's triangle. 2) This doesn't necessarily take as much work as you might expect: you can work backwards from the most recent block(s) if the scheme requires block B_i to include the decryption key for block B_{i-1}. --=20 'peter'[:-1]@petertodd.org 000000000000000018d439a78581d2a9ecd762a2b37dd5b403a82beb58dcbc7c --mYCpIKhGyMATD0i+ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iQGrBAEBCACVBQJUjtaKXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw MDAwMDAwMDAwMDAwMDAxYjE4YTU5NmVjYWRkMDdjMGU0OTYyMGZiNzFiMTZmOWU0 MTEzMWRmOWZjNTJmYTYvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0 ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfvh2QgAon14AKyxMXyOfYvDBfTkM6K/ xgI5kcy2DLLt3GtxdiWeFq/vS2ymnNZOMJswDK6R9uUkeO6gmkvTgi6hecJIq9ae 4im92l+1vnaYZ+TFN/Vcbe6AMyr7g+CREd/fdoJPeWTEQZ1tNW/e+D9xoA38LAln UL2stOiGzeZjlDD5lS8xLmj2B0wbnpfnKC4g8MFmYiR6oQ9xrsiJEZP7LGOi3jAh ougJkTr//Ln3b+bMDhHeUlqGeq0XZecNu+8RRxpUyJJv94WkDmBAz56foZxjpCGF Kwl3q12mfiugZ4KXr7FtoCXd5HXLYq3nIhHEvc3rfQGPkC4JUI9XSWk/itz5Fg== =KDQH -----END PGP SIGNATURE----- --mYCpIKhGyMATD0i+--