1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
|
Return-Path: <earonesty@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id E4F01B7A
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 20 Jun 2017 13:39:02 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-qk0-f181.google.com (mail-qk0-f181.google.com
[209.85.220.181])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id C7BDA1F0
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 20 Jun 2017 13:39:00 +0000 (UTC)
Received: by mail-qk0-f181.google.com with SMTP id d14so57463368qkb.1
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 20 Jun 2017 06:39:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:sender:in-reply-to:references:from:date:message-id
:subject:to:cc;
bh=hSCc+JagjhmYElZFpzBddH64Vcq88ixdKNv4yyDyuHg=;
b=jnisj7YI5M3cMQqp+Daq3CafJg1T73U/Kp2wxe/DIWINtB4gSIyPplSGApjVohku2A
QGbseXsl6TVR/U3mw2STS2TUTCHBn+vEJRCAs/bz20pzvK1lqqAUBDUsMeJuz/bf4BZC
lnU6oa7fjKFcGzm31MfxG0+kt+UPAmsyW7lgxRIMD2uvknukyFMmkurSHGLXQ3mnO8WD
5otNifh+iEAw1DL8KXCvrHaf6JXrCbmrvsxKhifhrczskQ/CqibuCaMi1c98cSMOzVb4
5h3j9DogopAYBAk/z7RLBnnA54bRnYuMTXLHhHMsm08ZR0GZvRjbfrTnu1Mdm8I9Vxa9
p3uA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
:date:message-id:subject:to:cc;
bh=hSCc+JagjhmYElZFpzBddH64Vcq88ixdKNv4yyDyuHg=;
b=A2DCKL+7TWMxzfgcjDMr+qjlHtztn/fl+PsR3PAB5tGZGRYiLC6fgVZPUQ8kezcxQ5
NWuMLCkz6+2Fc61XelnfvsPfTeOoizpNfaaH5n0R00GM8edk6F2p2T5nLyek67F2aedj
ZrQz2NOFXlpKTlWdQI1BJlENMEsTgJW/tOriiL3OKeZa0GrErr1XV4rpATsBvsvgbZIf
7JlumZ6m53w5ad5ovf+hGmS5sns3PGu4Dmrm3Nmy1U6AKuP0uXFL4+xWhqfWnIoVY9r+
JoUnCDrpQ0P+MpZ/+YrgiE8HChVJUUPTo8m9P3rKyT8WDAcqoM5aJvKcnveV4bdOAXaU
7VjQ==
X-Gm-Message-State: AKS2vOwm2EPC3n/FrSTrJChnD+60P5TOz2iYzleNzQv+8XM4ZSDGjBvk
3FQtSpxkTpIp+DI4mwe28//wF+CG7Q==
X-Received: by 10.233.223.199 with SMTP id t190mr33902880qkf.247.1497965939800;
Tue, 20 Jun 2017 06:38:59 -0700 (PDT)
MIME-Version: 1.0
Sender: earonesty@gmail.com
Received: by 10.237.54.100 with HTTP; Tue, 20 Jun 2017 06:38:59 -0700 (PDT)
In-Reply-To: <33d98418-10f0-3854-a954-14985d53e04b@gmail.com>
References: <24f2b447-a237-45eb-ef9f-1a62533fad5c@gmail.com>
<83671224-f6ff-16a9-81c0-20ab578aec9d@gmail.com>
<AAC86547-7904-4475-9966-138130019567@taoeffect.com>
<6764b8af-bb4c-615d-5af5-462127bbbe36@gmail.com>
<CAJowKgLJW=kJhcN4B7TbWXLb7U51tzYU3PFOy1m8JqKXqFsU4A@mail.gmail.com>
<33d98418-10f0-3854-a954-14985d53e04b@gmail.com>
From: Erik Aronesty <erik@q32.com>
Date: Tue, 20 Jun 2017 09:38:59 -0400
X-Google-Sender-Auth: cjqb1n-Moh00nH6tCuvWjsKLbs8
Message-ID: <CAJowKgKT2rn3N3L+79JEY_uNfKDewcmgkiEB2mJYx1mg+YjGCQ@mail.gmail.com>
To: Paul Sztorc <truthcoin@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c043278ba40f40552645f9e"
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 20 Jun 2017 13:40:39 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Drivechain RfD -- Follow Up
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jun 2017 13:39:03 -0000
--94eb2c043278ba40f40552645f9e
Content-Type: text/plain; charset="UTF-8"
- a proof-of-burn sidechain is the ultimate two-way peg. you have to burn
bitcoin *or* side-chain tokens to mine the side chain. the size of the
burn is the degree of security. i actually wrote code to do randomized
blind burns where you have a poisson distribution (non-deterministic
selected burn). there is no way to game it... it's very similar to
algorand - but it uses burns instead of staking
- you can then have a secure sidechain that issues a mining reward in
sidechain tokens, which can be aggrregated and redeemed for bitcoins. the
result of this is that any bitcoins held in the sidechain depreciate in
value at a rate of X% per year. this deflation rate pays for increased
security
- logically this functions like an alt coin, with high inflation and cheap
transactions. but the altcoin is pegged to bitcoin's price because of the
pool of unredeemed bitcoins held within the side chain.
On Tue, Jun 20, 2017 at 7:54 AM, Paul Sztorc <truthcoin@gmail.com> wrote:
> Hi Erik,
>
> As you know:
>
> 1. If a sidechain is merged mined it basically grows out of the existing
> Bitcoin mining network. If it has a different PoW algorithm it is a new
> mining network.
> 2. The security (ie, hashrate) of any mining network would be determined
> by the total economic value of the block. In Bitcoin this is
> (subsidy+tx_fees)*price, but since a sidechain cannot issue new tokens it
> would only be (tx_fees)*price.
>
> Unfortunately the two have a nasty correlation which can lead to a
> disastrous self-fulfilling prophecy: users will avoid a network that is too
> insecure; and if users avoid using a network, they will stop paying txn
> fees and so the quantity (tx_fees)*price falls toward zero, erasing the
> network's security. So it is quite problematic and I recommend just biting
> the bullet and going with merged mining instead.
>
> And, the point may be moot. Bitcoin miners may decide that, given their
> expertise in seeking out cheap sources of power/cooling, they might as well
> mine both/all chains. So your suggestion may not achieve your desired
> result (and would, meanwhile, consume more of the economy's resources --
> some of these would not contribute even to a higher hashrate).
>
> Paul
>
>
>
>
> On 6/19/2017 1:11 PM, Erik Aronesty wrote:
>
> It would be nice to be able to enforce that a drivechain *not* have the
> same POW as bitcoin.
>
> I suspect this is the only way to be sure that a drivechain doesn't
> destabilize the main chain and push more power to miners that already have
> too much power.
>
>
> On Mon, Jun 19, 2017 at 12:04 PM, Paul Sztorc via bitcoin-dev <
> bitcoin-dev@lists.linuxfoundation.org> wrote:
>
>> Hi Greg,
>>
>> Responses below:
>>
>> On 6/18/2017 5:30 PM, Tao Effect wrote:
>> > In Drivechain, 51% of miners have total control and ownership over all
>> > of the sidechain coins.
>>
>> It would not be accurate to say that miners have "total" control. Miners
>> do control the destination of withdrawals, but they do not control the
>> withdrawal-duration nor the withdrawal-frequency.
>>
>> So, if miners wish to 'steal' from a sidechain, they _can_ initiate a
>> theft, but they can not change the fact that their malfeasance will be
>> [a] obvious, and [b] on display for a long period of time.
>>
>> We might draw a comparison between:
>>
>> 1. Classic Theft -- A majority hashrate reorganizes the main Bitcoin
>> chain to double-spend funds (or coordinate with someone who is
>> double-spending). This is prevented/discouraged by waiting for many
>> confirmations.
>> 2. Channel Theft -- A majority hashrate assists a Lightning-Network
>> thief, by censoring the punitive audit txn (possibly by exploiting some
>> excuse regarding fullness of blocks, or possibly induced to do so by the
>> thief provably splitting the proceeds with miners). This is
>> prevented/discouraged by using lengthy custodial periods, paying high
>> fees with your attacker's money, and using fungibility/non-communication
>> to interact with miners as little as possible (so as to frame LN-theft
>> as undermining the entire LN system, and not merely a single tragedy).
>> 3. Drivechain Theft -- A majority hashrate initiates an unrepresentative
>> withdrawal from some sidechain. This is prevented/discouraged by only
>> using 'popular' sidechains (those that [a] increase the usefulness
>> ("market price") of bitcoin, and [b] generate tx fees for miners). It is
>> also discouraged by the fact that egregious theft would probably end the
>> sidechain experiment, meaning that all present and future sidechains
>> would be forever unavailable (and unable to buoy the price or the tx
>> revenues).
>>
>> I do not think that any of the three stands out as being categorically
>> worse than the others, especially when we consider the heterogeneity of
>> use-cases and preferences. As Luke-Jr has been pointing out on social
>> media recently, the very group which is more associated with miners (and
>> explicitly more willing to trust them, ie Bitcoin Unlimited et al),
>> happens to be the same group that would be expected to make use of a
>> LargeBlock drivechain. Some can argue that one type of security is more
>> "cryptographic" than others, but I think this is misguided (how many
>> 'bits' of security does each have?) -- imho, all three security models
>> are 'game theoretic' (neither computer scientific, nor cryptographic).
>>
>> More importantly, before a miner has any "control" over the sidechain
>> coins, users must voluntarily agree to subject themselves to these new
>> rules. This is similar to how an arbitrary piece of (open source)
>> software can have "total" control over your computer...if you choose to
>> install it.
>>
>> > Thus the effect of Drivechain appears to be the creation of a new kind
>> > of digital border imposed onto the network ...
>>
>> I'm not sure it would "create a border", given that sidechains are
>> currently not accessible at all. If anything drivechain cuts a door into
>> an existing impassible border.
>>
>> > ... where everyone hands over ownership of their Bitcoins to a
>> > /single/ mining cartel when they wish to interact with /any/ sidechain.
>>
>> The qualifier "/any/ sidechain" would seem to imply that there is a way
>> to do sidechains that does not involve handing over some control to 51%
>> hashrate...I think this is false (even in the fabled case of ZK-SNARKS).
>> The first thing I do in the drivechain spec (
>> truthcoin.info/blog/drivechain ) is explain why.
>>
>> > Drivechain would be a reasonable idea if that weren't the case, but
>> > since it is, Drivechain now introduces a very real possible future
>> > where Bitcoins can be confiscated by the Chinese government in exactly
>> > the same manner that the Chinese government today confiscates
>> > financial assets in other financial networks within China.
>>
>> Yes, but money could also be confiscated from _any_ Bitcoin users
>> (Chinese or otherwise) using any of the three methods I mentioned above.
>> And confiscation could strike Chinese Bitcoin users if they decided to
>> sell their Bitcoin for Chinese Yuan, which they then deposited in a
>> Chinese bank. Or if they sold their Bitcoin for an Altcoin controlled by
>> the Chinese govt in some other way.
>>
>> It is not up to the members of this list to decide, USSR style, what
>> other people are allowed to do with their own money.
>>
>> The exceptions to this rule would be (ie, "bitcoin-dev should care about
>> what users are doing when..."):
>>
>> 1. [Unreasonable use of Reviewer Time] The user's use-case is either
>> nonexistent (ie "no one wants that"), or totally unachievable ("we can't
>> do that") thus rendering the conversation a complete waste of time /
>> reviewer attention.
>> 2. [Harmful Interference] The user's use-case would impose harm on some
>> existing use-case(s).
>>
>> No reasonable person will claim the first, given today's scaling debate
>> (not to mention today's 'bitcoin dominance index'). Therefore, critics
>> must claim the second (as, for example, Peter Todd has been doing on
>> this list).
>>
>> Which is why I narrowly focus on inter-chain harms [1], leading
>> ultimately to a focus on the mining ecosystem [2,3] and the development
>> of Blind Merged Mining [4].
>>
>> [1]
>> https://www.youtube.com/watch?v=0goYH2sDw0w&list=PLw8-6ARlyV
>> ciNjgS_NFhAu-qt7HPf_dtg&index=1
>> [2] http://www.truthcoin.info/blog/mirage-miner-centralization/
>> [3] http://www.truthcoin.info/blog/mining-threat-equilibrium/
>> [4] http://www.truthcoin.info/blog/blind-merged-mining/
>> [5] http://www.truthcoin.info/blog/measuring-decentralization/
>>
>> > 1. The Bitcoin network centralizes more, because more power (both
>> > financial power and power in terms of capability/control) is granted
>> > to miners.
>>
>> I think that one has some duty to very clearly define something (like
>> "mining centralization" [2] or "centralization" [5]) before complaining
>> about it. I feel that people will occasionally use selfless complaints
>> to accomplish a selfish goal...especially when the artificial selfless
>> part is hard to discuss by virtue of its being poorly defined
>> (especially vague or abstract items like "the company", "our country",
>> etc). For example, those who take it upon themselves to "defend" "the
>> Bitcoin community" may have exactly that in mind as their primary
>> goal...but they may also end up with more visibility (and with it: more
>> influence, more job offers, more conference invites, more friends, etc)
>> and they may also end up with a megaphone for which to broadcast their
>> other views, or just a defend-able excuse for bragging loudly about how
>> great cypherpunks are and/or how devoted they-in-particular are to the
>> cypherpunk tribe, et cetera. To avoid this problem in my own technical
>> discourse, I try to avoid abstractions like "centralization" until I
>> have defined them [2,5].
>>
>> You have defined centralization above, but the definition is itself
>> vague to the point where I do not think even you actually endorse it.
>> For example, you would need to say that Bitcoin centralizes whenever the
>> exchange rate increases (as this grants additional financial power to
>> miners) or when any new user joins Bitcoin, or when tx fee revenues
>> increase for any reason. You might also be forced to say that LN
>> centralizes Bitcoin (as LN grants new capability/control to miners), and
>> probably even that Bitcoin becomes more centralized when developers
>> release new software (as this grants new capability to miners,
>> specifically the ability to deny upgrades). This probably isn't what you
>> meant, but since you did not clearly explain what you meant we have no
>> way of knowing for sure.
>>
>> It seems to me that you reject the premise that BMM [4] addresses these
>> issues. This is probably because BMM only addresses miner's interactions
>> with each other, and it does not address miner abilities as a group in
>> relation to other groups (for example, vs. users, developers,
>> investors). But, as I consistently emphasize, these groups of people are
>> free to ignore any sidechains that they do not like. In law there is a
>> saying 'volenti non fit injuria' which I would translate as "he who
>> volunteers cannot claim later to have been injured". This is a legal
>> theory, because otherwise everyone would be arbitrarily liable for
>> choices beyond their control (ie, responsible for decisions of other
>> unrelated people), which would be nonsense.
>>
>> > 3. Drivechain limits user's existing choice when it comes to who is
>> > acting as custodian of their Bitcoins, from any trustworthy exchange,
>> > down to a single mining cartel under the control of a single set of
>> laws.
>>
>> Currently no (P2P) sidechains exist, and therefore the set of choices
>> today would seem to be more "limited" than in a post-sidechain future.
>> (The set of options may decrease later, for ecological reasons, if and
>> only if 'exchanges' are a strictly inferior option to 'sidechains' for
>> some reason...I don't see why this would be the case. I also don't
>> understand the emphasis on "exchanges" [SCs are much more like Altcoins,
>> than exchanges] in the first place, nor the dubious qualifier
>> "trustworthy".)
>>
>> --Paul
>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-dev@lists.linuxfoundation.org
>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>
>
>
>
--94eb2c043278ba40f40552645f9e
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div>- a proof-of-burn sidechain is the ultimate two-way p=
eg. =C2=A0 you have to burn bitcoin *or* side-chain tokens to mine the side=
chain. =C2=A0 the size of the burn is the degree of security. =C2=A0 =C2=
=A0i actually wrote code to do randomized blind burns where you have a pois=
son distribution (non-deterministic selected burn). =C2=A0 =C2=A0there is n=
o way to game it... it's very similar to algorand - but it uses burns i=
nstead of staking<br></div><div><br></div><div>- you can then have a secure=
sidechain that issues a mining reward in sidechain tokens, which can be ag=
grregated and redeemed for bitcoins. =C2=A0 the result of this is that any =
bitcoins held in the sidechain depreciate in value at a rate of X% per year=
. =C2=A0 this deflation rate pays for increased security</div><div><br></di=
v><div>- logically this functions like an alt coin, with high inflation and=
cheap transactions. =C2=A0 but the altcoin is pegged to bitcoin's pric=
e because of the pool of unredeemed bitcoins held within the side chain.</d=
iv><div><br><br></div></div><div class=3D"gmail_extra"><br><div class=3D"gm=
ail_quote">On Tue, Jun 20, 2017 at 7:54 AM, Paul Sztorc <span dir=3D"ltr">&=
lt;<a href=3D"mailto:truthcoin@gmail.com" target=3D"_blank">truthcoin@gmail=
.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
=20
=20
=20
<div text=3D"#000000" bgcolor=3D"#FFFFFF">
<div class=3D"m_-7917178296017049299moz-cite-prefix">Hi Erik,<br>
<br>
As you know:<br>
<br>
1. If a sidechain is merged mined it basically grows out of the
existing Bitcoin mining network. If it has a different PoW
algorithm it is a new mining network.<br>
2. The security (ie, hashrate) of any mining network would be
determined by the total economic value of the block. In Bitcoin
this is (subsidy+tx_fees)*price, but since a sidechain cannot
issue new tokens it would only be (tx_fees)*price.<br>
<br>
Unfortunately the two have a nasty correlation which can lead to a
disastrous self-fulfilling prophecy: users will avoid a network
that is too insecure; and if users avoid using a network, they
will stop paying txn fees and so the quantity (tx_fees)*price
falls toward zero, erasing the network's security. So it is quite
problematic and I recommend just biting the bullet and going with
merged mining instead.<br>
<br>
And, the point may be moot. Bitcoin miners may decide that, given
their expertise in seeking out cheap sources of power/cooling,
they might as well mine both/all chains. So your suggestion may
not achieve your desired result (and would, meanwhile, consume
more of the economy's resources -- some of these would not
contribute even to a higher hashrate).<span class=3D"HOEnZb"><font co=
lor=3D"#888888"><br>
<br>
Paul</font></span><div><div class=3D"h5"><br>
<br>
<br>
<br>
On 6/19/2017 1:11 PM, Erik Aronesty wrote:<br>
</div></div></div><div><div class=3D"h5">
<blockquote type=3D"cite">
<div dir=3D"ltr">
<div>It would be nice to be able to enforce that a drivechain
*not* have the same POW as bitcoin. <br>
<br>
</div>
<div>I suspect this is the only way to be sure that a drivechain
doesn't destabilize the main chain and push more power to
miners that already have too much power.<br>
</div>
<br>
</div>
<div class=3D"gmail_extra"><br>
<div class=3D"gmail_quote">On Mon, Jun 19, 2017 at 12:04 PM, Paul
Sztorc via bitcoin-dev <span dir=3D"ltr"><<a href=3D"mailto:bi=
tcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitcoin-dev@lists.<w=
br>linuxfoundation.org</a>></span>
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bord=
er-left:1px #ccc solid;padding-left:1ex">Hi Greg,<br>
<br>
Responses below:<br>
<span><br>
On 6/18/2017 5:30 PM, Tao Effect wrote:<br>
> In Drivechain, 51% of miners have total control and
ownership over all<br>
> of the sidechain coins.<br>
<br>
</span>It would not be accurate to say that miners have
"total" control. Miners<br>
do control the destination of withdrawals, but they do not
control the<br>
withdrawal-duration nor the withdrawal-frequency.<br>
<br>
So, if miners wish to 'steal' from a sidechain, they _c=
an_
initiate a<br>
theft, but they can not change the fact that their
malfeasance will be<br>
[a] obvious, and [b] on display for a long period of time.<br>
<br>
We might draw a comparison between:<br>
<br>
1. Classic Theft=C2=A0 =C2=A0-- A majority hashrate reorganizes=
the
main Bitcoin<br>
chain to double-spend funds (or coordinate with someone who
is<br>
double-spending). This is prevented/discouraged by waiting
for many<br>
confirmations.<br>
2. Channel Theft -- A majority hashrate assists a
Lightning-Network<br>
thief, by censoring the punitive audit txn (possibly by
exploiting some<br>
excuse regarding fullness of blocks, or possibly induced to
do so by the<br>
thief provably splitting the proceeds with miners). This is<br>
prevented/discouraged by using lengthy custodial periods,
paying high<br>
fees with your attacker's money, and using
fungibility/non-communication<br>
to interact with miners as little as possible (so as to
frame LN-theft<br>
as undermining the entire LN system, and not merely a single
tragedy).<br>
3. Drivechain Theft -- A majority hashrate initiates an
unrepresentative<br>
withdrawal from some sidechain. This is
prevented/discouraged by only<br>
using 'popular' sidechains (those that [a] increase the
usefulness<br>
("market price") of bitcoin, and [b] generate tx fees=
for
miners). It is<br>
also discouraged by the fact that egregious theft would
probably end the<br>
sidechain experiment, meaning that all present and future
sidechains<br>
would be forever unavailable (and unable to buoy the price
or the tx<br>
revenues).<br>
<br>
I do not think that any of the three stands out as being
categorically<br>
worse than the others, especially when we consider the
heterogeneity of<br>
use-cases and preferences. As Luke-Jr has been pointing out
on social<br>
media recently, the very group which is more associated with
miners (and<br>
explicitly more willing to trust them, ie Bitcoin Unlimited
et al),<br>
happens to be the same group that would be expected to make
use of a<br>
LargeBlock drivechain. Some can argue that one type of
security is more<br>
"cryptographic" than others, but I think this is misg=
uided
(how many<br>
'bits' of security does each have?) -- imho, all three
security models<br>
are 'game theoretic' (neither computer scientific, nor
cryptographic).<br>
<br>
More importantly, before a miner has any "control" ov=
er the
sidechain<br>
coins, users must voluntarily agree to subject themselves to
these new<br>
rules. This is similar to how an arbitrary piece of (open
source)<br>
software can have "total" control over your computer.=
..if
you choose to<br>
install it.<br>
<span><br>
> Thus the effect of Drivechain appears to be the
creation of a new kind<br>
</span>> of digital border imposed onto the network ...<br>
<br>
I'm not sure it would "create a border", given th=
at
sidechains are<br>
currently not accessible at all. If anything drivechain cuts
a door into<br>
an existing impassible border.<br>
<br>
>=C2=A0 ... where everyone hands over ownership of their
Bitcoins to a<br>
<span>> /single/ mining cartel when they wish to
interact with /any/ sidechain.<br>
<br>
</span>The qualifier "/any/ sidechain" would seem to =
imply
that there is a way<br>
to do sidechains that does not involve handing over some
control to 51%<br>
hashrate...I think this is false (even in the fabled case of
ZK-SNARKS).<br>
The first thing I do in the drivechain spec (<br>
<a href=3D"http://truthcoin.info/blog/drivechain" rel=3D"norefe=
rrer" target=3D"_blank">truthcoin.info/blog/drivechain</a>
) is explain why.<br>
<span><br>
> Drivechain would be a reasonable idea if that weren'=
t
the case, but<br>
> since it is, Drivechain now introduces a very real
possible future<br>
> where Bitcoins can be confiscated by the Chinese
government in exactly<br>
> the same manner that the Chinese government today
confiscates<br>
> financial assets in other financial networks within
China.<br>
<br>
</span>Yes, but money could also be confiscated from _any_
Bitcoin users<br>
(Chinese or otherwise) using any of the three methods I
mentioned above.<br>
And confiscation could strike Chinese Bitcoin users if they
decided to<br>
sell their Bitcoin for Chinese Yuan, which they then
deposited in a<br>
Chinese bank. Or if they sold their Bitcoin for an Altcoin
controlled by<br>
the Chinese govt in some other way.<br>
<br>
It is not up to the members of this list to decide, USSR
style, what<br>
other people are allowed to do with their own money.<br>
<br>
The exceptions to this rule would be (ie, "bitcoin-dev
should care about<br>
what users are doing when..."):<br>
<br>
1. [Unreasonable use of Reviewer Time]=C2=A0 The user's use=
-case
is either<br>
nonexistent (ie "no one wants that"), or totally
unachievable ("we can't<br>
do that") thus rendering the conversation a complete waste
of time /<br>
reviewer attention.<br>
2. [Harmful Interference] The user's use-case would impose
harm on some<br>
existing use-case(s).<br>
<br>
No reasonable person will claim the first, given today's
scaling debate<br>
(not to mention today's 'bitcoin dominance index').
Therefore, critics<br>
must claim the second (as, for example, Peter Todd has been
doing on<br>
this list).<br>
<br>
Which is why I narrowly focus on inter-chain harms [1],
leading<br>
ultimately to a focus on the mining ecosystem [2,3] and the
development<br>
of Blind Merged Mining [4].<br>
<br>
[1]<br>
<a href=3D"https://www.youtube.com/watch?v=3D0goYH2sDw0w&li=
st=3DPLw8-6ARlyVciNjgS_NFhAu-qt7HPf_dtg&index=3D1" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.youtube.com/watch?<wbr>v=3D0goYH2sDw0w&lis=
t=3DPLw8-6ARlyV<wbr>ciNjgS_NFhAu-qt7HPf_dtg&index=3D<wbr>1</a><br>
[2] <a href=3D"http://www.truthcoin.info/blog/mirage-miner-cent=
ralization/" rel=3D"noreferrer" target=3D"_blank">http://www.truthcoin.info=
/blog<wbr>/mirage-miner-centralization/</a><br>
[3] <a href=3D"http://www.truthcoin.info/blog/mining-threat-equ=
ilibrium/" rel=3D"noreferrer" target=3D"_blank">http://www.truthcoin.info/b=
log<wbr>/mining-threat-equilibrium/</a><br>
[4] <a href=3D"http://www.truthcoin.info/blog/blind-merged-mini=
ng/" rel=3D"noreferrer" target=3D"_blank">http://www.truthcoin.info/blog<wb=
r>/blind-merged-mining/</a><br>
[5] <a href=3D"http://www.truthcoin.info/blog/measuring-decentr=
alization/" rel=3D"noreferrer" target=3D"_blank">http://www.truthcoin.info/=
blog<wbr>/measuring-decentralization/</a><br>
<span><br>
> 1. The Bitcoin network centralizes more, because more
power (both<br>
> financial power and power in terms of
capability/control) is granted<br>
> to miners.<br>
<br>
</span>I think that one has some duty to very clearly define
something (like<br>
"mining centralization" [2] or "centralization&q=
uot; [5]) before
complaining<br>
about it. I feel that people will occasionally use selfless
complaints<br>
to accomplish a selfish goal...especially when the
artificial selfless<br>
part is hard to discuss by virtue of its being poorly
defined<br>
(especially vague or abstract items like "the company"=
;, "our
country",<br>
etc). For example, those who take it upon themselves to
"defend" "the<br>
Bitcoin community" may have exactly that in mind as their
primary<br>
goal...but they may also end up with more visibility (and
with it: more<br>
influence, more job offers, more conference invites, more
friends, etc)<br>
and they may also end up with a megaphone for which to
broadcast their<br>
other views, or just a defend-able excuse for bragging
loudly about how<br>
great cypherpunks are and/or how devoted they-in-particular
are to the<br>
cypherpunk tribe, et cetera. To avoid this problem in my own
technical<br>
discourse, I try to avoid abstractions like "centralizatio=
n"
until I<br>
have defined them [2,5].<br>
<br>
You have defined centralization above, but the definition is
itself<br>
vague to the point where I do not think even you actually
endorse it.<br>
For example, you would need to say that Bitcoin centralizes
whenever the<br>
exchange rate increases (as this grants additional financial
power to<br>
miners) or when any new user joins Bitcoin, or when tx fee
revenues<br>
increase for any reason. You might also be forced to say
that LN<br>
centralizes Bitcoin (as LN grants new capability/control to
miners), and<br>
probably even that Bitcoin becomes more centralized when
developers<br>
release new software (as this grants new capability to
miners,<br>
specifically the ability to deny upgrades). This probably
isn't what you<br>
meant, but since you did not clearly explain what you meant
we have no<br>
way of knowing for sure.<br>
<br>
It seems to me that you reject the premise that BMM [4]
addresses these<br>
issues. This is probably because BMM only addresses miner's
interactions<br>
with each other, and it does not address miner abilities as
a group in<br>
relation to other groups (for example, vs. users,
developers,<br>
investors). But, as I consistently emphasize, these groups
of people are<br>
free to ignore any sidechains that they do not like. In law
there is a<br>
saying 'volenti non fit injuria' which I would translat=
e as
"he who<br>
volunteers cannot claim later to have been injured". This =
is
a legal<br>
theory, because otherwise everyone would be arbitrarily
liable for<br>
choices beyond their control (ie, responsible for decisions
of other<br>
unrelated people), which would be nonsense.<br>
<span><br>
> 3. Drivechain limits user's existing choice when it
comes to who is<br>
> acting as custodian of their Bitcoins, from any
trustworthy exchange,<br>
> down to a single mining cartel under the control of a
single set of laws.<br>
<br>
</span>Currently no (P2P) sidechains exist, and therefore
the set of choices<br>
today would seem to be more "limited" than in a
post-sidechain future.<br>
(The set of options may decrease later, for ecological
reasons, if and<br>
only if 'exchanges' are a strictly inferior option to
'sidechains' for<br>
some reason...I don't see why this would be the case. I als=
o
don't<br>
understand the emphasis on "exchanges" [SCs are much =
more
like Altcoins,<br>
than exchanges] in the first place, nor the dubious
qualifier<br>
"trustworthy".)<br>
<span class=3D"m_-7917178296017049299HOEnZb"><font color=3D"#88=
8888"><br>
--Paul<br>
</font></span>
<div class=3D"m_-7917178296017049299HOEnZb">
<div class=3D"m_-7917178296017049299h5"><br>
______________________________<wbr>_________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" ta=
rget=3D"_blank">bitcoin-dev@lists.linuxfoundat<wbr>ion.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listin=
fo/bitcoin-dev" rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfou=
ndation.<wbr>org/mailman/listinfo/bitcoin-d<wbr>ev</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<p><br>
</p>
</div></div></div>
</blockquote></div><br></div>
--94eb2c043278ba40f40552645f9e--
|
