Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: ryan@breen.xyz
In-Reply-To: <2FylpMx7IsZBt3ILxEt9pVB0Kq03jZqTUeLnB2hWT5j8qiB4o6plW3gjhBXQ_7p4MwQ_npQUpZ64hQaR6UnLhMNCnk_jCv1XObmrJbjrVqg=@protonmail.com>
Date: Mon, 28 Aug 2023 10:35:30 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <0D44C322-E2B4-4F80-A5D8-7D8304BDAE1A@breen.xyz>
References: <E4A37B75-349D-4CD8-B8E2-9686EFDA9EEA@breen.xyz>
 <CAPv7TjZf4nLpCZPDOWK=vJGQuH0waTXkM6h40tc7G+YKAOGOGQ@mail.gmail.com>
 <2BFA7EE8-2E0E-45A3-AC11-8E57F99EC775@breen.xyz>
 <2FylpMx7IsZBt3ILxEt9pVB0Kq03jZqTUeLnB2hWT5j8qiB4o6plW3gjhBXQ_7p4MwQ_npQUpZ64hQaR6UnLhMNCnk_jCv1XObmrJbjrVqg=@protonmail.com>
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Sentinel Chains: A Novel Two-Way Peg
Precedence: list

I appreciate your questions, ZmnSCPxj.

I will answer your second question first: Mainchain nodes do not ever =
validate sidechain blocks. Sidechain nodes watch Bitcoin for invalid =
withdrawals, and publish signed attestations to a public broadcast =
network (such as Nostr) that a transaction is making an invalid =
withdrawal. These sidechain nodes are the so-called sentinels.

Bitcoin full nodes wishing to participate in holding miners accountable =
for stealing will watch the public broadcast network for attestations of =
improper withdrawals and treat those transactions as de facto invalid, =
thus forking violating miners off the network. In this way, launching a =
Sentinel chain mimics a user-activated soft fork, but without any =
changes to Bitcoin Core consensus logic.

Bitcoin full nodes would choose their own limited set of sidechain =
validators to trust. They might run their own sidechain node and trust =
that result exclusively. They might instead choose to trust a set of =
high quality community members such as companies, etc.

A downside to this method are the same as the difficulties of launching =
a soft fork. Making sure enough nodes (or miners) are on board to =
enforce the new rules prior to launch of a sidechain, or a minority of =
users will fork off the network. Additionally, maintaining a healthy =
network of sentinels for a sidechain is an additional angle to consider.=20=


The upside of this method is that sidechains can be user-activated, not =
just miner-activated like under the BIP-300 framework. And it allows =
Bitcoin full nodes to hold miners accountable for obeying the sidechain =
withdrawal rules.

--------------------

To answer your first question: When you say the sentinel chain software, =
are you asking what would happen if the sidechain developers create =
malicious code in sidechain node software? I suppose that would depend =
on the upgrade process of the sidechain, but the maximum fallout from =
malicious Sentinel chains is the exact same as any other sidechain =
proposal: the sidechain users get rugged.

The concept behind Sentinel chains puts no restriction on how sentinel =
chains may operate, only how the =E2=80=9Cdifficult=E2=80=9D part of =
launching a 2WP sidechain, peg-outs from sidechain to mainchain, may =
work without advanced cryptographic techniques such a ZKPs.

Thanks,
Ryan (ursuscamp on twitter)

> On Aug 28, 2023, at 9:48 AM, ZmnSCPxj <ZmnSCPxj@protonmail.com> wrote:
>=20
> Good morning Ryan,
>=20
> If I modify your Sentinel Chain open-source software so that it is =
honest for 999 sidechain blocks, then lies and says that the 1000th =
block is invalid even though it actually is, what happens?
>=20
> Do mainchain nodes need to download the previous 999 sidechain blocks, =
run the sidechain rules on them, and then validate the 1000th sidechain =
block itself?
>=20
> Regards,
> ZmnSCPxj