From ZmnSCPxj at protonmail.com Wed Aug 30 01:04:18 2023 From: ZmnSCPxj at protonmail.com (ZmnSCPxj) Date: Wed, 30 Aug 2023 01:04:18 +0000 Subject: [Lightning-dev] Nucleus: Capital-efficient multipeer Lightning payment channels In-Reply-To: References: <1a7beeccda2a78d635554d13bfa091d6@dtrt.org> <1a7c7373-5511-d5f4-4aa9-8c19c3c0303d@onionmail.org> <63f9bf77-867b-ce29-2935-4a70dc22b0f1@onionmail.org> Message-ID: Dear Mr Nucleus, and list, Some more points: * Miners in existing Bitcoin are only given the ability to reorder transactions, but not to outright spend funds. This is why drivechains --- and recursive covenants, which, with some additional covenant features (that are more useful in general for covenants), could potentially enable a drivechain-like facility --- are contentious. Drivechains escrow some set of funds to the miners, allowing the miners to vote to outright spend those funds as they please. Now you might say, that if a 51% miner already exists, it can easily censor any transaction, and you would be unable to spend your funds anyway, so would be no different from theft. The difference is that a miner (without drivechains) also cannot spend those funds and thus lowers the incentive to do this, but in addition to that, is the next point. * Miners need to provide a proof external to what they are controlling --- that is, miners can be evicted. Proof-of-work mining means that if a coalition of miners exists which is willing to censor, it is possible, theoretically, for honest non-censoring participants to acquire energy and hardware to perform mining. Indeed there is an incentive to do so --- censored transactions will increase their feerates because of lack of confirmation, and thus, there is incentive for a non-censoring miner to increase their hashrate (possibly from 0 --- every fullnode IS a miner, it is just that most fullnodes have 0 hashrate) in order to get paid the fee. Proof-of-stake cannot evict, because once a coalition of stakers exists, they can censor new staking transactions. Thus, honest participants cannot break into a proof-of-stake scheme that has been captured by a majority of censoring stakers. Your proposed scheme seems much more similar to proof-of-stake in this case. Once a much richer adversary is able to get more than 51% voting rights, by spinning up more capacity than you can --- it is helpful to remember that in the Real World, a lot of people have < 1% the personal net worth of the richest --- then they can prevent entry of honest participants into your personal Nucleus. Thus: * Nucleus nodes can be attacked by entities far richer than they are. * Those attackers can outright take the funds of the poorer participants. Regards, ZmnSCPxj