Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 8BFCC94B for ; Tue, 26 Sep 2017 17:51:56 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from so254-16.mailgun.net (so254-16.mailgun.net [198.61.254.16]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id B5BA23D4 for ; Tue, 26 Sep 2017 17:51:55 +0000 (UTC) DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=suredbits.com; q=dns/txt; s=mailo; t=1506448315; h=Content-Type: To: Subject: Message-ID: Date: From: References: In-Reply-To: MIME-Version: Sender; bh=uJUzqk2jUdgzRgNeqATe9gt5TezH19BZ9KnUZlQ92xw=; b=c9h2NzaGkk325V7MVUxGt/pvI9J4mmPkVZc2+JUPMQiboMvYezIuMSsGcRqToTdErVD/3J93 7RgIICZsaI2iufWVD9kINDsyWwE2rWDMtfKRC6GurgBlsDn0SkOV4KU+53T5in4w/i2wuNxB wVByaSeN0KcuS326jBvCLgLSzx0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=suredbits.com; s=mailo; q=dns; h=Sender: MIME-Version: In-Reply-To: References: From: Date: Message-ID: Subject: To: Content-Type; b=BvTuctUzsFPrwOOle9WksUlKjFcIIFWKqYSV3F3m7FKQK6BWKONnxi2gm+II+cnD+xxK2c l0Xgg9jzxzck1AO40LvTcOsorWDW77ojUoceVce1M0LvPUyGxD/RldGZvVct5cf51zJO0Bds Q518Ky0HQXW5nWO6soTK0v+BCMLEE= Sender: chris@suredbits.com X-Mailgun-Sending-Ip: 198.61.254.16 X-Mailgun-Sid: WyI5MGYzNyIsICJiaXRjb2luLWRldkBsaXN0cy5saW51eGZvdW5kYXRpb24ub3JnIiwgIjJjMTQxIl0= Received: from mail-it0-f44.google.com (mail-it0-f44.google.com [209.85.214.44]) by mxa.mailgun.org with ESMTP id 59ca93b8.7f5dc41f0030-smtp-out-n02; Tue, 26 Sep 2017 17:51:52 -0000 (UTC) Received: by mail-it0-f44.google.com with SMTP id 85so3801132ith.2 for ; Tue, 26 Sep 2017 10:51:51 -0700 (PDT) X-Gm-Message-State: AHPjjUi/iPLscbE3jJGOuCYmASuyL4456m5c9b2g4nkBZAhCh6dp40/w Z2Z9PDYnWJkDZgww3Iiq0alrzjeY/9FiNm6Zfw4= X-Google-Smtp-Source: AOwi7QDpTqZAhSLa/o5AH095ZhrUupbqSzmTGzNqtKAgtfg6DycRlSSnabmGK7KDXNF09jtK3ZMrEg87vn/nVAFbMUo= X-Received: by 10.36.6.3 with SMTP id 3mr7372319itv.36.1506448311280; Tue, 26 Sep 2017 10:51:51 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.10.224 with HTTP; Tue, 26 Sep 2017 10:51:50 -0700 (PDT) In-Reply-To: References: From: Chris Stewart Date: Tue, 26 Sep 2017 12:51:50 -0500 X-Gmail-Original-Message-ID: Message-ID: To: ZmnSCPxj , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="001a1143df88777902055a1b542e" X-Spam-Status: No, score=0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU, HTML_MESSAGE, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM, URI_NOVOWEL autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 26 Sep 2017 22:46:22 +0000 Subject: Re: [bitcoin-dev] Sidechains: Mainstake X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Sep 2017 17:51:56 -0000 --001a1143df88777902055a1b542e Content-Type: text/plain; charset="UTF-8" >For each sidechain ID, for each mainchain block, at most one sidechain block header may be published. In addition, the sidechain block header published on the mainchain blocks may only be published by the stake lottery winner from the end of the previous block. What happens if the stake winner disappears? It seems, in your scheme, that this would cause progress to come to a screeching halt. Our weak mitigation against a mainchain miner >50% attack is weakened > further; now the mainchain miner with 51% hashpower need only block the > creation of sidechain mainstake UTXOs except its own, and eventually the > other mainstake UTXOs will time out and the miner can outright steal > costlessly Can we not nest mainstake outputs in p2wsh/p2sh scripts to mitigate this? This means that they cannot block the creation of mainstake utxos -- but I guess they would still be able to block the spends of this utxo. Another thing that is problematic with using a p2sh output is 'relocking' the stake. Unfortunately if the p2sh script hash's aren't identical I don't think we can guarantee they didn't spend the stake to a non stake output. If the script hash's *are* identical then the miner can censor the transaction that re-locks the output. Perhaps there is a hybrid that would work, however it depends on what you mean by 'creation'. If it is just the *initial* creation of the utxo -- and not subsequent OP_STAKEVERIFY change outputs -- I think this strategy might work. You just won't be able to participate in the lottery while the utxo is nested inside the p2sh output initially. This also brings back the problem above -- what if a stake winner disappears -- or a miners creates the illusion they disappeared via censorship? I guess a miner would be losing out on transaction fees. -Chris On Fri, Sep 22, 2017 at 8:49 PM, ZmnSCPxj via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Good morning bitcoin-dev, > > I have yet another sidechain proposal: https://zmnscpxj.github.io/ > sidechain/mainstake/index.html > > I make the below outlandish claims in the above link: > > 1. While a 51% mainchain miner theft is still possible, it will take even > longer than in drivechains (either months of broadcasting intent to steal > before the theft, or locking funds that are likely to remain locked after a > week-long theft). > 2. A 26% anti-sidechain miner cannot completely block all sidechain > withdrawals as they could in drivechains. > 3. Outside of attacks and censorship, the economic majority controls > sidechains, without going through miners as "representatives of the > economic majority". > 4. With sufficient cleverness (stupidity?), proof-of-stake can be made to > work. > > I hope for your consideration. I suspect that I have not thought things > out completely, and probably missed some significant flaw. > > Regards, > ZmnSCPxj > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > --001a1143df88777902055a1b542e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
>For each sidechain ID, for each mainchain block, = at most one sidechain block header may be published. In addition, the sidechain block header published on the mainchain blocks may only be published by the stake lottery winner from the end of the previous block.

What happens if the stake winner disappear= s? It seems, in your scheme, that this would cause progress to come to a sc= reeching halt.

Ou= r weak mitigation against a mainchain miner >50% attack is weakened further; now the mainchain miner with 51% hashpower need only block the creation of sidechain mainstake UTXOs except its own, and eventually the other mainstake UTXOs will time out and the miner can outright steal costlessly

Can we not nest mainstake outputs in p2wsh/p2sh scripts to mitigate t= his? This means that they cannot block the creation of mainstake utxos -- b= ut I guess they would still be able to block the spends of this utxo.

Another thing that is problematic with using a p2s= h output is 'relocking' the stake. Unfortunately if the p2sh script= hash's aren't identical I don't think we can guarantee they di= dn't spend the stake to a non stake output. If the script hash's *a= re* identical then the miner can censor the transaction that re-locks the o= utput.

Perhaps there is a hybrid that would work, = however it depends on what you mean by 'creation'. If it is=20 just the *initial* creation of the utxo -- and not subsequent=20 OP_STAKEVERIFY change outputs -- I think this strategy might work. You=20 just won't be able to participate in the lottery while the utxo is=20 nested inside the p2sh output initially.

This also= brings back the problem above -- what if a stake winner disappears -- or a= miners creates the illusion they disappeared via censorship? I guess a min= er would be losing out on transaction fees.

-Chris=


On Fri, Sep 22, 2017 at 8:49 PM, ZmnSCPxj via = bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org= > wrote:
Good morning bitc= oin-dev,

I have yet another sidechain proposal= : https://zmnscpxj.github.io/sidechain/mainstake/index.ht= ml

I make the below outlandish claims in t= he above link:

1. While a 51% mainchain miner = theft is still possible, it will take even longer than in drivechains (eith= er months of broadcasting intent to steal before the theft, or locking fund= s that are likely to remain locked after a week-long theft).
= 2. A 26% anti-sidechain miner cannot completely block all sidechain withdra= wals as they could in drivechains.
3. Outside of attacks and = censorship, the economic majority controls sidechains, without going throug= h miners as "representatives of the economic majority".
=
4. With sufficient cleverness (stupidity?), proof-of-stake can be made= to work.

I hope for your consideration.=C2=A0= I suspect that I have not thought things out completely, and probably miss= ed some significant flaw.

Regards,
ZmnSCPxj

_____________________________________________= __
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev


--001a1143df88777902055a1b542e--