Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191]
	helo=mx.sourceforge.net)
	by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <pete@petertodd.org>) id 1Y0UwP-0003HE-OY
	for bitcoin-development@lists.sourceforge.net;
	Mon, 15 Dec 2014 12:39:57 +0000
Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of petertodd.org
	designates 62.13.149.101 as permitted sender)
	client-ip=62.13.149.101; envelope-from=pete@petertodd.org;
	helo=outmail149101.authsmtp.com; 
Received: from outmail149101.authsmtp.com ([62.13.149.101])
	by sog-mx-1.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1Y0UwO-0003ZA-84 for bitcoin-development@lists.sourceforge.net;
	Mon, 15 Dec 2014 12:39:57 +0000
Received: from mail-c237.authsmtp.com (mail-c237.authsmtp.com [62.13.128.237])
	by punt15.authsmtp.com (8.14.2/8.14.2/) with ESMTP id sBFCdmbO064626;
	Mon, 15 Dec 2014 12:39:48 GMT
Received: from savin.petertodd.org (75-119-251-161.dsl.teksavvy.com
	[75.119.251.161]) (authenticated bits=128)
	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id sBFCdhIR030074
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
	Mon, 15 Dec 2014 12:39:46 GMT
Date: Mon, 15 Dec 2014 07:39:42 -0500
From: Peter Todd <pete@petertodd.org>
To: Tamas Blummer <tamas@bitsofproof.com>
Message-ID: <20141215123942.GA28381@savin.petertodd.org>
References: <417518B4-1E4D-4467-BC87-95C9EAF0C599@bitsofproof.com>
	<CA+s+GJAe9MeO+Sr0+2BRwu3q-Be5JQt_s_xdnBBEcquXqOyxcA@mail.gmail.com>
	<20141211120916.E912EE22B92@quidecco.de>
	<B8D7AE7E-567E-4656-9231-17EEAD6ED603@bitsofproof.com>
	<AEDF060A-17E7-4519-950A-30974D1520E3@bitsofproof.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="mYCpIKhGyMATD0i+"
Content-Disposition: inline
In-Reply-To: <AEDF060A-17E7-4519-950A-30974D1520E3@bitsofproof.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 73b030d4-8457-11e4-9f74-002590a135d3
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aAdMdwcUHFAXAgsB AmIbWlZeU1R7XWU7 bA9PbARUfEhLXhtr
	VklWR1pVCwQmQm53 dUpGK3tydAVGf3o+ ZEVhVnkVW0codUV9
	FkpJHWkDYnphaTUb TUkOcAdJcANIexZF O1F8UScOLwdSbGoL
	NQ4vNDcwO3BTJTpY RgYVKF8UXXNDOzMm SB0OVTAuG0wDSG06
	ZwcnJlNUF0YYM0N6 Llo9WRoAKRgVBEVZ ESMFCjJDITgGQWIz
	BBlXW1JWGz1UQCE0 
X-Authentic-SMTP: 61633532353630.1024:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 75.119.251.161/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1Y0UwO-0003ZA-84
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Merged mining a side chain with proof of
 burn	on parent chain
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 15 Dec 2014 12:39:57 -0000


--mYCpIKhGyMATD0i+
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 15, 2014 at 11:21:01AM +0100, Tamas Blummer wrote:
> Burn mining side chains might be one of the foundation ideas for that eco=
system, enabling permission-less merge mining for
> anyone with interest in a side chain.
>=20
> I am puzzled by the lack of feedback on the idea.

It's not a new idea actually - I outlined a system I eventually called
"zookeyv"=B9 based on the notion of sacrificing Bitcoins to achieve
consensus a year and a half ago on #bitcoin-wizards. The discussion
started here and continued for a few days:

https://download.wpsoftware.net/bitcoin/wizards/2013/05/13-05-29.log

I later wrote up the idea in the context of adding Zerocoin to Bitcoin:

http://www.mail-archive.com/bitcoin-development@lists.sourceforge.net/msg02=
472.html

For key-value mapping I eventually decided that the system didn't
necessarily need to be a strict linear blockchain - a directed acyclic
graph of commitments had advantages as there needed to be less
syncronization between transactions. This also means that the graph
doesn't necessarily need to be revealed directly in the blockchain,
exposing it to miner censorship. OTOH revealing it makes it easy to
determine if an attacker larger than you exists. These days I'd suggest
using timelock crypto to defeat miner censorship, while ensuring that in
principle consensus over all possible parts of the chain can eventually
be reached.=B2

Proof-of-sacrifice for consensus has a few weird properties. For
instance you can defeat attackers after the fact by simply sacrificing
more than the attacker. Not unlike having a infinite amount of mining
equipment available with the only constraint being funds to pay for the
electricity. (which *is* semi-true with altcoins!)

As for your specific example, you can improve it's censorship resistance
by having the transactions commit to a nonce in advance in some way
indistinguishable from normal transactions, and then making the
selection criteria be some function of H(nonce | blockhash) - for
instance highest wins. So long as the chain selection is based on
cumulative difficulty based on a fixed target - as is the case in
Bitcoin proper - you should get a proper incentive to publish blocks, as
well as the "total work information rachet" effect Bitcoin has against
attackers.


1) In honor of Zooko's triangle.

2) This doesn't necessarily take as much work as you might expect: you
   can work backwards from the most recent block(s) if the scheme
   requires block B_i to include the decryption key for block B_{i-1}.

--=20
'peter'[:-1]@petertodd.org
000000000000000018d439a78581d2a9ecd762a2b37dd5b403a82beb58dcbc7c

--mYCpIKhGyMATD0i+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQGrBAEBCACVBQJUjtaKXhSAAAAAABUAQGJsb2NraGFzaEBiaXRjb2luLm9yZzAw
MDAwMDAwMDAwMDAwMDAxYjE4YTU5NmVjYWRkMDdjMGU0OTYyMGZiNzFiMTZmOWU0
MTEzMWRmOWZjNTJmYTYvFIAAAAAAFQARcGthLWFkZHJlc3NAZ251cGcub3JncGV0
ZUBwZXRlcnRvZC5vcmcACgkQJIFAPaXwkfvh2QgAon14AKyxMXyOfYvDBfTkM6K/
xgI5kcy2DLLt3GtxdiWeFq/vS2ymnNZOMJswDK6R9uUkeO6gmkvTgi6hecJIq9ae
4im92l+1vnaYZ+TFN/Vcbe6AMyr7g+CREd/fdoJPeWTEQZ1tNW/e+D9xoA38LAln
UL2stOiGzeZjlDD5lS8xLmj2B0wbnpfnKC4g8MFmYiR6oQ9xrsiJEZP7LGOi3jAh
ougJkTr//Ln3b+bMDhHeUlqGeq0XZecNu+8RRxpUyJJv94WkDmBAz56foZxjpCGF
Kwl3q12mfiugZ4KXr7FtoCXd5HXLYq3nIhHEvc3rfQGPkC4JUI9XSWk/itz5Fg==
=KDQH
-----END PGP SIGNATURE-----

--mYCpIKhGyMATD0i+--