Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id D35DB258 for ; Thu, 22 Jun 2017 20:30:43 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qt0-f172.google.com (mail-qt0-f172.google.com [209.85.216.172]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id F0B4F3F2 for ; Thu, 22 Jun 2017 20:30:42 +0000 (UTC) Received: by mail-qt0-f172.google.com with SMTP id i2so21005680qta.3 for ; Thu, 22 Jun 2017 13:30:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=iYU8SQvyhZ01zT6jHnIS6BRFOIXoY5O226K72BQhT5s=; b=ixdThDrg/0lbVlAN21pOV6fL9/bKYv7sg4pv+wEF0sQq4FQm1llqOnGklEy4iU2jTs WW06lWD+QMi5GYULVE9AzcC6hd5DpU7QdBOeWVp/CQnbjBECqlfYNlK+yJsOkRsE9ZNv ivkFqwuZ1xu4sOfCm9cr6q7YAncfes3lmvlwb8xeL2LPZlxk2/PRfI1VQCSD+UPcHV2Z 6+NaoyChWMW8xMRg4cZDWoDsmpEW6WvwO65thzEJfc2xQb0k3QZU8/5t/U1YzKpCr+IK nLGDBYA4YRrjtIqulSf25pUBj6PR1M0n7/hhxyY9d2IOZ4Muh8lMEYgX/wUALLd0HLLg 8DAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=iYU8SQvyhZ01zT6jHnIS6BRFOIXoY5O226K72BQhT5s=; b=dD62QbKuF/GNFEmYe999zLSqMzTKi0WZ3MxCBtbyd6HbuKUQ23gbXnu9BQBA4pOcvc +tnKHCPltFGj8ny340v5LpoY7/tGdtJPjarSfhm2AtxIkCTHORw0MhVzKnMCW5BaQRB9 rE7k4ncXuxMM705YiBx/6L1CTb7Oj2vt5Dwi3RL2rhhIK5OrunJgaP4w+U89B0S7QIaj IelX7IniKerMZgueIzixjz7ePYVAQd+gktZ0pPjudpmjLTwBbAYXa5k1gZESRmME86QG XOKodyNRtSIr5NBX1NI2pEjb4an9PEhhAIVJSMGu6/fgqMYZTlcbGKdZbxQr6EK5D8JO TIEg== X-Gm-Message-State: AKS2vOyUhJ5hs+46NvAfnQwsQSLSK7OS/d6a3EgnAfO1AtQ/mTHAk+lU 8nSkMo5QOAszb3RJ X-Received: by 10.200.39.178 with SMTP id w47mr5088659qtw.87.1498163441262; Thu, 22 Jun 2017 13:30:41 -0700 (PDT) Received: from [192.168.1.101] (ool-45726efb.dyn.optonline.net. [69.114.110.251]) by smtp.googlemail.com with ESMTPSA id o76sm1626209qke.7.2017.06.22.13.30.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Jun 2017 13:30:39 -0700 (PDT) To: Erik Aronesty References: <24f2b447-a237-45eb-ef9f-1a62533fad5c@gmail.com> <83671224-f6ff-16a9-81c0-20ab578aec9d@gmail.com> <6764b8af-bb4c-615d-5af5-462127bbbe36@gmail.com> <33d98418-10f0-3854-a954-14985d53e04b@gmail.com> From: Paul Sztorc Message-ID: Date: Thu, 22 Jun 2017 16:30:39 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------E555BAA90A8066BA4B831A59" Content-Language: en-US X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] Drivechain RfD -- Follow Up X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jun 2017 20:30:43 -0000 This is a multi-part message in MIME format. --------------E555BAA90A8066BA4B831A59 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Responses inline. On 6/22/2017 9:45 AM, Erik Aronesty wrote: > Users would tolerate depreciation because the intention is to have a > cheap way of transacting using a two-way pegged chain that isn't > controlled by miners. Who cares about some minor depreciation when > the purpose of the chain is to do cheap secure transactions forever? Thus far you've claimed that these transactions would be "cheap", "[not] controlled by miners", and "secure". They would certainly not be cheap, because they are relatively more expensive due to the extra depreciation cost. I also doubt that they would be free of control by miners. 51% hashrate can always filter out any message they want from anywhere. For the same reason, I don't understand why they would be any more or less secure. So I think your way is just a more expensive way of accomplishing basically the same result. > > Add in UTXO commitments and you've got a system that is cheap and > secure-enough for transfer. storage and accumulation of a ledger... > before moving in to the main chain. As I posted to bitcoin-discuss last week, I support UTXO commitments for sidechains. > Seems better to me than messing with the main chain's incentive > structure via merged mining. I don't think that blind merged mining messes with the main chain's incentive structure. Miners are free to ignore the sidechain (and yet still get paid the same as other miners), as are all mainchain users. Paul > > On Thu, Jun 22, 2017 at 9:27 AM, Paul Sztorc > wrote: > > Hi Erik, > > I don't think that your design is competitive. Why would users > tolerate a depreciation of X% per year, when there are > alternatives which do not require such depreciation? It seems to > me that none would. > > Paul > > On 6/20/2017 9:38 AM, Erik Aronesty wrote: >> - a proof-of-burn sidechain is the ultimate two-way peg. you >> have to burn bitcoin *or* side-chain tokens to mine the side >> chain. the size of the burn is the degree of security. i >> actually wrote code to do randomized blind burns where you have a >> poisson distribution (non-deterministic selected burn). there >> is no way to game it... it's very similar to algorand - but it >> uses burns instead of staking >> >> - you can then have a secure sidechain that issues a mining >> reward in sidechain tokens, which can be aggrregated and redeemed >> for bitcoins. the result of this is that any bitcoins held in >> the sidechain depreciate in value at a rate of X% per year. =20 >> this deflation rate pays for increased security >> >> - logically this functions like an alt coin, with high inflation >> and cheap transactions. but the altcoin is pegged to bitcoin's >> price because of the pool of unredeemed bitcoins held within the >> side chain. >> >> >> >> On Tue, Jun 20, 2017 at 7:54 AM, Paul Sztorc > > wrote: >> >> Hi Erik, >> >> As you know: >> >> 1. If a sidechain is merged mined it basically grows out of >> the existing Bitcoin mining network. If it has a different >> PoW algorithm it is a new mining network. >> 2. The security (ie, hashrate) of any mining network would be >> determined by the total economic value of the block. In >> Bitcoin this is (subsidy+tx_fees)*price, but since a >> sidechain cannot issue new tokens it would only be >> (tx_fees)*price. >> >> Unfortunately the two have a nasty correlation which can lead >> to a disastrous self-fulfilling prophecy: users will avoid a >> network that is too insecure; and if users avoid using a >> network, they will stop paying txn fees and so the quantity >> (tx_fees)*price falls toward zero, erasing the network's >> security. So it is quite problematic and I recommend just >> biting the bullet and going with merged mining instead. >> >> And, the point may be moot. Bitcoin miners may decide that, >> given their expertise in seeking out cheap sources of >> power/cooling, they might as well mine both/all chains. So >> your suggestion may not achieve your desired result (and >> would, meanwhile, consume more of the economy's resources -- >> some of these would not contribute even to a higher hashrate).= >> >> Paul >> >> >> >> >> On 6/19/2017 1:11 PM, Erik Aronesty wrote: >>> It would be nice to be able to enforce that a drivechain >>> *not* have the same POW as bitcoin. >>> >>> I suspect this is the only way to be sure that a drivechain >>> doesn't destabilize the main chain and push more power to >>> miners that already have too much power. >>> >>> >> >> > > --------------E555BAA90A8066BA4B831A59 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit
Responses inline.

On 6/22/2017 9:45 AM, Erik Aronesty wrote:
Users would tolerate depreciation because the intention is to have a cheap way of transacting using a two-way pegged chain that isn't controlled by miners.  Who cares about some minor depreciation when the purpose of the chain is to do cheap secure transactions forever?

Thus far you've claimed that these transactions would be "cheap", "[not] controlled by miners", and "secure".

They would certainly not be cheap, because they are relatively more expensive due to the extra depreciation cost.

I also doubt that they would be free of control by miners. 51% hashrate can always filter out any message they want from anywhere.

For the same reason, I don't understand why they would be any more or less secure.

So I think your way is just a more expensive way of accomplishing basically the same result.


Add in UTXO commitments and you've got a system that is cheap and secure-enough for transfer. storage and accumulation of a ledger... before moving in to the main chain.

As I posted to bitcoin-discuss last week, I support UTXO commitments for sidechains.

Seems better to me than messing with the main chain's incentive structure via merged mining.

I don't think that blind merged mining messes with the main chain's incentive structure. Miners are free to ignore the sidechain (and yet still get paid the same as other miners), as are all mainchain users.

Paul

On Thu, Jun 22, 2017 at 9:27 AM, Paul Sztorc <truthcoin@gmail.com> wrote:
Hi Erik,

I don't think that your design is competitive. Why would users tolerate a depreciation of X% per year, when there are alternatives which do not require such depreciation? It seems to me that none would.

Paul

On 6/20/2017 9:38 AM, Erik Aronesty wrote:
- a proof-of-burn sidechain is the ultimate two-way peg.   you have to burn bitcoin *or* side-chain tokens to mine the side chain.   the size of the burn is the degree of security.    i actually wrote code to do randomized blind burns where you have a poisson distribution (non-deterministic selected burn).    there is no way to game it... it's very similar to algorand - but it uses burns instead of staking

- you can then have a secure sidechain that issues a mining reward in sidechain tokens, which can be aggrregated and redeemed for bitcoins.   the result of this is that any bitcoins held in the sidechain depreciate in value at a rate of X% per year.   this deflation rate pays for increased security

- logically this functions like an alt coin, with high inflation and cheap transactions.   but the altcoin is pegged to bitcoin's price because of the pool of unredeemed bitcoins held within the side chain.



On Tue, Jun 20, 2017 at 7:54 AM, Paul Sztorc <truthcoin@gmail.com> wrote:
Hi Erik,

As you know:

1. If a sidechain is merged mined it basically grows out of the existing Bitcoin mining network. If it has a different PoW algorithm it is a new mining network.
2. The security (ie, hashrate) of any mining network would be determined by the total economic value of the block. In Bitcoin this is (subsidy+tx_fees)*price, but since a sidechain cannot issue new tokens it would only be (tx_fees)*price.

Unfortunately the two have a nasty correlation which can lead to a disastrous self-fulfilling prophecy: users will avoid a network that is too insecure; and if users avoid using a network, they will stop paying txn fees and so the quantity (tx_fees)*price falls toward zero, erasing the network's security. So it is quite problematic and I recommend just biting the bullet and going with merged mining instead.

And, the point may be moot. Bitcoin miners may decide that, given their expertise in seeking out cheap sources of power/cooling, they might as well mine both/all chains. So your suggestion may not achieve your desired result (and would, meanwhile, consume more of the economy's resources -- some of these would not contribute even to a higher hashrate).

Paul




On 6/19/2017 1:11 PM, Erik Aronesty wrote:
It would be nice to be able to enforce that a drivechain *not* have the same POW as bitcoin.

I suspect this is the only way to be sure that a drivechain doesn't destabilize the main chain and push more power to miners that already have too much power.







--------------E555BAA90A8066BA4B831A59--