Sidechains
Paul Sztorc
https://twitter.com/kanzure/status/784767020290150400
slides https://scalingbitcoin.org/milan2016/presentations/D1%20-%209%20-%20Paul.pdf
Before we begin, we will explain how the workshops will work upstairs. There will be some topics and room numbers. Now we will start the next presentation on sidechain scaling with Paul Sztorc. Thank you everyone.
Thanks a lot. So this talk will be a little different. Scaling via strategy, not physics. This will not change the kilobytes sent over-- it will, just not in the literal sense. It's not going to reduce the information over the wire. It's not the focus. Appreciate this for what it is.
If we cut a pizza into more slices, does it weigh any less? And the answer may surprise you if you're very unintelligent, because the answer is no. Given that the answer is obviously no, then what is this talk about? It would appear to be about making copies of things that change properties of the whole. The agenda is that I am going to talk about the overview of what I'm talking about, and then I am going to talk about basic definitions associated with that. And then different ways that chains might harm each other, and that it's negligible.
The idea is that I am aiming for teamwork. I don't want the exact same thing to be copied, I want to try to get the extreme edges of those two things on some dimensions so that you hit the edges of the dimensions instead of just making a copy. We have bitcoin with properties. It has a block size. It's not really about the block size, it's more general than that. We have one meg, two meg thing, and I'm aiming for-- certain people want the size to be decreased. They feel that the current network cannot handle the load placed on it. This green would be a sidechain we create which would be effectively the same as bitcoin, just arger, with the same capacity. Right now I have it at 5.5 megabytes, for a total of 6 megabytes; there was a paper at Cornell about how many nodes would we lose and my goal is to lose almost all of them.
Transaction fees would probably be higher on the smaller chain because it's better in a number of ways. I am going to talk about this in the second half and whether it's different at all. So what this is trying to address is the concern that people have about the cost of running a bitcoin node. I'm not sure what motivates people to run a node or not run a node. It's the only way to get an objective view of the network. I only use electrum and "SPV" low-security and that's what I recommend to other people. There is cost to transmitting information and storing information. There are complaints about this, and that's what I'm aiming for here.
I'm also aiming for the loss of permissionless innovation and we aim to restore that. Aim to increase throughput but it is a quote of course as it is with all of them. This is not going to improve the physics of information transfer. We're not compressing or hiding it. It's much more similar to lightning network where things are compressed in clever ways and how people react, not the way mimblewimble works, which cuts information out, but more like lightning where information is being selectively withheld. It does not address this miner centralization concept, which is related to your ability to censor transactions or 51% attacks.
So now I've said three basic slides to establish definitions. Sidechains is just a blockchain with an alternative set of rules. I wanted to estbalish this point here is that an altcoin is an altchain with a new monetary network. A sidechain inherents an old monetary network. We want this to be open-source software where if you don't like it, you can just change it. This does not work, we get a frowny face in monetary networks because they are inherently adversarial and there's no way to make them play nice. They hate each other and they want to kill each other. There's nothing you can do to make them tolerate each other.
Is a sidechain bitcoin? I'm not sure. Not negative one, not positive one, it's more like a continuous answer. I don't know what to what extent this counts as bitcoin. Bitcoin Core developers, I don't know to what degree they would be responsible to sidechains.
Drivechain is a two-way peg for interacting with the sidechain. I want people to understand what the proposal is describing. It has been out ofr a basically a year. It's merge-mined and asymmetric. It's the same group of miners running all of these. There's a hirearchy where the sidechains need permission from their parents in order to exist. So you do have a double sidechain, you need permission. For that reason, a sidechain can just watch. It's required that the mainchain be there, the sidechain can just watch for events to happen on the mainchain, and then the mainchain can credit the sidechain with money. So if an event deposits on the mainchain, the sidechain can do... rearrange what who owns which tokens. And then to move money back from the mainchain to the sidechain is slightly difficult, but I hope to do it in a short statement in that it's all aggregated and then acknowledged by miners.
This orange line is a mainchain; and bip... they are more like metaphors, not set in stone. It could be all of September. As individual people want to withdraw, 7 coin, 1 coin, they are aggregated into a big bundle. There's this site domain where this diagram where all the money conditionally deposited to the sidechain, we take those withdrawals and match them up so that there's one large coinjoin-style transaction for all of the withdrawals of September to a period much later. They accumulate into a big thing, this WT carrot that has some id, it's just normal and short with an id, and that would be included in a mainchain coinbase transaction and it would sit there for a while maybe days or theoretically months. There would be a waiting period before miners would acknowledge a transaction. Once the miner clicks up the transactions a number of times, or it fails to go through and dies. They are all bundled up and acknowledged by miners. Miners could send money anywhere technically. All the withdrawals and all the attacks have to take an inconvenient form, which is slow and deliberate and unfriendly. So this is counter to lightning network or other usability enhancements.
That frees us up to ignore what the sidechain is doing. If you hate the idea of the larger chain, you don't have to upgrade ot it. The network needs an opt-in soft-fork, which would add the option for users to miners to activate the sidechain as they choose, so it's almost like a checkbox if you want potentially cheaper transactions and paying the hgiher node costs, but if you don't want it then you don't have to check the box. Some people prefer one version over another or sometimes they don't prefer to do anything at all. The miners have to upgrade with a soft-fork, and they have to merge mine with a sidechain, if the sidechain is generating transaction fee revenue. The only compulsion is that they would be less profitable if they didn't do this. Even though there are costs associated with this, they are reimbursed with transaction fees. Say you hate this idea, and all your miners are doing it, but all your miners are doing this and you hate that. So it's a question of whether this harms miners in any way. I did a giant talk on this, and concluded that it does not harm miners. The centralization pressures are tiny compared to problems we already have, like the shared mempool. It's like a ship of sail. So it doesn't make that any worse.
I'm using sidechains as a giant large subjective lightning hub. The hub isn't bitcoin itself; it would slowly sink big aggregate net amounts to the settlement layer. That was the end of the first half where I tried to convince you this would not break anything you love. So I didn't have a lot of time obviously to go through everything, but that was kind of the sketch of it. Now I will talk about some other things. This part is very unlike bitcoin, so you wonder about the security about it. Even if you hate the idea, you wonder of the other people who are doing it, are they going to get anything out of it?
... and then blue sends to orange, and then orange is the blue. They all use the same n, but they use a totally different path. The point there is that, on the lightning network website, interchangeable from bitcoin at large under most conditions which I am now going to talk about a little bit more. I am going to address this question of what is the nature of this weakness of having expensive nodes. We want redundancy and security, and how can this combination of items help with that. Well, the reason you want to know to go back quickly, you want a node because it protects you if someone tries to attack you. The node will protect you. You could have a big node, the big node can die, but the small node could still protect the money you have on the big chain. This depends on a variety of circumstances. There's lots of different circumstances for doing this. You already have a lot of channels open to miners, where you have not channels open with them directly, but some lightning path you would try to make, but the miners could buy large bitcoin capital with small bitcoin as I described over here, and then the miners since the drivechain concept they could pay them the balance themselves, and then they could get their money out of hte large node network even if it's shutoff, that's just one example of an attack and how to respond to it. You could have emergency mode where the miners sync with themselves, because the lightning network requires that you... and you could do other things like only allow the lightning network, it looks different from intermediate channels, all kinds of stuff to talk about there. The point is that you would be able to get your money out even if the network died. You might get price gouged, but probably most people would get their money out. The attack is pointless, there's probably no point in attacking, which I am going to maybe explain.
Bittorrent where a VPN allows sophsticated people to avoid detection. So when someone unsophisticated does it, they get a letter in the mail. Opposite effect in alcohol prohibition, it didn't work, created a black market and the mafia. I am going to go back to the slide I skipped--- the pizza metaphor might not be good, but this weed might be better. There's a weed beneath ground, if you google for grow weed on the ground you get other things it turns out, but anyway the investment is slow and made deliberately. But then you have this other part above where the sunlight is. So if you only; if you kill just the first part, you have to kill the whole thing otherwise it regenerates the upper part from the lower part, you have a lot of hopelessness in removing weeds or killing the blockchain. You can kill the blockchain, but it will grow back. You can do a lot of fun stuff off-chain. That's the core of this idea.
The benefit is that you get more scale. I don't emphasize the actual numbers. What I really emphasize is that you keep one as small as possible and the other one as large as possible. Then we can check and see what horrible tihngs happens to the large version and it's your only hope if - again I mentioned a few individuals would like to reduce the capacity so that we're stressed on this throughput decentralization tradeoff where we feel that we're not already decentralized enough; and this is the only way that I have heard anyone has proposed anything like that. Four is in my appendix slides. Then five I have these ulterior motives slides, I think sidechains are great, they do a lot of things and one of those things is that I'm working on a sidechain and it's my primary motivation for my interest in them at all. I was doing so much on my sidechain called hivemind that I had to go back and work on sidechain technology itself. So that's the talk. There's some time for questions.
Q&A
Q: Who would run the full nodes on the sidechain and what do they get for it?
A: I would imagine that, I think htat's a good question. I think there would be different modes. This last mode would be the one we know about bitcoin. But not really, it's hard to compete with decentralized systems. I would imagine companies like Coinbase... those people have a relationship with the government and they do KYC/AML and they have more -- they might lobby for our own protection. They have more defense against harassment. Does that answer your question? Anyway...
Q: How's it going Paul? Good presentation. What happens on the mainchain if the sidechain forks?
A: The sidechain is actually allowed, the scheme that I advocate, the sidechain is allowed to soft-fork, but if it hard-forks, then the money that... okay, sorry. I keep doing this. This blue thing is... that blue thing is defined by the protocol when it's added. That's set in stone, very much like bitcoin. If you hard-fork the sidechain, then you have to re-add it again to the main chain. Each sidechain you add to the mainchain is actually a soft-fork. Sidechains transform hard-forks into soft-forks. It's totally ignored, in the same way that someone is producing an invalid block, they could be doing that all day and it's just rejected you wouldn't even know.
https://blockstream.com/sidechains.pdf
http://www.rootstock.io/blog/sidechains-drivechains-and-rsk-2-way-peg-design