Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6C784414 for ; Mon, 29 May 2017 05:54:37 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qt0-f181.google.com (mail-qt0-f181.google.com [209.85.216.181]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 75378E4 for ; Mon, 29 May 2017 05:54:36 +0000 (UTC) Received: by mail-qt0-f181.google.com with SMTP id t26so43111768qtg.0 for ; Sun, 28 May 2017 22:54:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=hE4RzKP1+9Rd9RdSv9ikC89bHOLVuY4fGl6tDd8mkzI=; b=oJK4+lV32wMj5wzCRMPMRagtcLoSo6dglrZY3z1hJERM1+ttEYDFZxBpt9V8fXzcRc yeWBkpRdwoKAn+aHUG50RnhP2Z6jCt/OzzVb56V1G8VC/JNVWX32XancAzexOtLxhhaA 4rMiFT4C7PETOYU3HmqlDMCma7SqnJiDhNra3QbjRCei3m8QGSKE5UXBNDlNh0tRdvRs zIqaz65qNtUlX/nC3NhdIySywwLtHFaa63nF0DGxXwM/oj7l2sQXdPhOMHWwytCIRrVR h1TL5uKHPBueeNN2Yk9FJNw2OkQH4nSSYe0l+i8yEvtaZyPMvtGUK9uljZvP1iuWr+lk qEMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=hE4RzKP1+9Rd9RdSv9ikC89bHOLVuY4fGl6tDd8mkzI=; b=khZ8m/SP7BeZT+eRFhhO41TbkQlR55sCqfCB//CsDQIfp9+sq/6iQR/y/mEHtjMM6c I9iFVa58d6CYPW0qIxNx3LWLVErJq8OaUEsbob/C3JTp52icn7pTSTbqEF/1vrQyrpUG YYdUfcfsq7418wcZ2Ct0+Gk0OmJFz2Bd7aXXaxaS4v9b4TBeE1ZIcfc4vc3VD2N7khUZ bBXJuNbKwqb+N34z8PcyKXIrwUKsMU819CYqhADHQIECoQlYRFpNMBQF9CYjI+P6SPQT vNsSwX2NvHFJAn4WoO56j238iN7J3R1ZCnk5lxKgiZ7IKNkc7Dcm8Q7XEsmkscv9eTQB qvAg== X-Gm-Message-State: AODbwcA43C2sFoSuhtI5lZOLc7/unROJwADID4mU6THCIcMXAdrUArLa hliLZmj1kqdgLEsQlfMNaGwfDAMx7w== X-Received: by 10.237.53.70 with SMTP id b6mr16932136qte.142.1496037275642; Sun, 28 May 2017 22:54:35 -0700 (PDT) MIME-Version: 1.0 Received: by 10.237.48.102 with HTTP; Sun, 28 May 2017 22:54:34 -0700 (PDT) Received: by 10.237.48.102 with HTTP; Sun, 28 May 2017 22:54:34 -0700 (PDT) Reply-To: erik@q32.com In-Reply-To: References: <24f2b447-a237-45eb-ef9f-1a62533fad5c@gmail.com> <20170522133335.GA17194@fedora-23-dvm> <20170528210757.GA19450@fedora-23-dvm> From: Erik Aronesty Date: Mon, 29 May 2017 01:54:34 -0400 Message-ID: To: Peter Todd Content-Type: multipart/alternative; boundary="001a11c0024662b0590550a35262" X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_LOW, RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Mon, 29 May 2017 06:02:24 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Drivechain -- Request for Discussion X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 May 2017 05:54:37 -0000 --001a11c0024662b0590550a35262 Content-Type: text/plain; charset="UTF-8" Seems to me an obvious use case for drive chains are to have high speed small transactions on a side chain, eventually cleared to the main chain. Not sure why miners would want this to fail any more than any other side chain, like Liquid or lightning. On May 28, 2017 5:23 PM, "Peter Todd via bitcoin-dev" < bitcoin-dev@lists.linuxfoundation.org> wrote: On Mon, May 22, 2017 at 05:30:46PM +0200, Paul Sztorc wrote: > Surprisingly, this requirement (or, more precisely, this incentive) does > not effect miners relative to each other. The incentive to upgrade is only > for the purpose of preventing a "theft" -- defined as: an improper > withdrawal from a sidechain. It is not about miner revenues or the ability > to mine generally (or conduct BMM specifically). The costs of such a theft > (decrease in market price, decrease in future transaction fee levels) would > be shared collectively by all future miners. Therefore, it would have no > effect on miners relative to each other. That's not at all true. If I'm a miner with a better capability than another miner to prevent that theft, I have reasons to induce it to happen to give me political cover to pushing that other miner off the network. This is a very similar problem to what we had with zeroconf double-spending, where entities such as Coinbase tried to pay off miners to guarantee something that wasn't possible in a geninely decrentralized system: safe zeroconf transactions. > Moreover, miners have other recourse if they are unable to run the node. > They can adopt a policy of simply rejecting ("downvoting") any withdrawals > that they don't understand. This would pause the withdraw process until > enough miners understand enough of what is going on to proceed with it. Why are you forcing miners to run this code at all? Equally, you're opening up miners to huge political risks, as rejecting all withdrawals is preventing users' from getting their money, which gives other miners a rational for kicking those miners off of Bitcoin entirely. > Finally, the point in dispute is a single, infrequent, true/false question. > So miners may resort to semi-trusted methods to supplement their decision. > In other words, they can just ask people they trust, if the withdrawal is > correct or not. It is up to users to decide if they are comfortable with > these risks, if/when they decide to deposit to a sidechain. Why do you think this will be infrequent? Miners with a better ability to validate the drivechain have every reason to make these events more frequent. > It is a matter of comparing the costs and benefits. Ignoring theft, the > costs are near-zero, and the benefits are >0. Specifically, they are: a > higher BTC price and greater transaction fees. Theft is discouraged by > attempting to tie a theft to a loss of confidence in the miners, as > described in the spec/website. > In general the incentives are very similar to those of Bitcoin itself. This is also a very dubious security model - I would argue that Bitcoin is much *more* valuable if miners do everything they can to ensure that drivechains fail, given the huge risks involved. I would also argue that users should do user-activated-soft-forks to ensure they fail. By comparison, note Adam Back and my own efforts to ensure miners have a smaller part in the ecosystem, with things like committed (encrypted) transactions and my closed-seal-set/truth-list approach(1). We want to involve miners as little as possible in the consensus, not more. I have to ask: What use-cases do you actually see for drivechains? Why can't those use-cases be done in the much safer client-side validation fashion? 1) https://petertodd.org/2016/closed-seal-sets-and-truth-lists-for-privacy -- https://petertodd.org 'peter'[:-1]@petertodd.org _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev --001a11c0024662b0590550a35262 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Seems to me an obvious use case for drive chains are to h= ave high speed small transactions on a side chain, eventually cleared to th= e main chain.

Not sure why min= ers would want this to fail any more than any other side chain, like Liquid= or lightning.



On May 28,= 2017 5:23 PM, "Peter Todd via bitcoin-dev" <bitcoin-dev@lists.linuxfoundation.o= rg> wrote:
On Mon, May 22, 2017 at 05:30:46PM +0200, Paul Sztorc wr= ote:
> Surprisingly, this requirement (or, more precisely, this incentive) do= es
> not effect miners relative to each other. The incentive to upgrade is = only
> for the purpose of preventing a "theft" -- defined as: an im= proper
> withdrawal from a sidechain. It is not about miner revenues or the abi= lity
> to mine generally (or conduct BMM specifically). The costs of such a t= heft
> (decrease in market price, decrease in future transaction fee levels) = would
> be shared collectively by all future miners. Therefore, it would have = no
> effect on miners relative to each other.

That's not at all true. If I'm a miner with a better capabili= ty than another
miner to prevent that theft, I have reasons to induce it to happen to give = me
political cover to pushing that other miner off the network.

This is a very similar problem to what we had with zeroconf double-spending= ,
where entities such as Coinbase tried to pay off miners to guarantee someth= ing
that wasn't possible in a geninely decrentralized system: safe zeroconf=
transactions.

> Moreover, miners have other recourse if they are unable to run the nod= e.
> They can adopt a policy of simply rejecting ("downvoting") a= ny withdrawals
> that they don't understand. This would pause the withdraw process = until
> enough miners understand enough of what is going on to proceed with it= .

Why are you forcing miners to run this code at all?

Equally, you're opening up miners to huge political risks, as rejecting= all
withdrawals is preventing users' from getting their money, which gives = other
miners a rational for kicking those miners off of Bitcoin entirely.

> Finally, the point in dispute is a single, infrequent, true/false ques= tion.
> So miners may resort to semi-trusted methods to supplement their decis= ion.
> In other words, they can just ask people they trust, if the withdrawal= is
> correct or not. It is up to users to decide if they are comfortable wi= th
> these risks, if/when they decide to deposit to a sidechain.

Why do you think this will be infrequent? Miners with a better abilit= y to
validate the drivechain have every reason to make these events more frequen= t.

> It is a matter of comparing the costs and benefits. Ignoring theft, th= e
> costs are near-zero, and the benefits are >0. Specifically, they ar= e: a
> higher BTC price and greater transaction fees. Theft is discouraged by=
> attempting to tie a theft to a loss of confidence in the miners, as > described in the spec/website.
> In general the incentives are very similar to those of Bitcoin itself.=

This is also a very dubious security model - I would argue that Bitco= in is much
*more* valuable if miners do everything they can to ensure that drivechains=
fail, given the huge risks involved. I would also argue that users should d= o
user-activated-soft-forks to ensure they fail.

By comparison, note Adam Back and my own efforts to ensure miners have a smaller part in the ecosystem, with things like committed (encrypted)
transactions and my closed-seal-set/truth-list approach(1). We want to invo= lve
miners as little as possible in the consensus, not more.

I have to ask: What use-cases do you actually see for drivechains? Why can&= #39;t
those use-cases be done in the much safer client-side validation fashion?
1) https://petertodd.org/2016= /closed-seal-sets-and-truth-lists-for-privacy

--
http= s://petertodd.org 'peter'[:-1]@petertodd.org

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev


--001a11c0024662b0590550a35262--