From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 06CCEB56 for ; Tue, 20 Jun 2017 11:54:53 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qt0-f170.google.com (mail-qt0-f170.google.com [209.85.216.170]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 3AEC6EB for ; Tue, 20 Jun 2017 11:54:51 +0000 (UTC) Received: by mail-qt0-f170.google.com with SMTP id u12so131469675qth.0 for ; Tue, 20 Jun 2017 04:54:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:cc:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=tXg/XhkCSg4zNoZmCI1zrw4TqTOfwac8Mol+iLi+L4U=; b=CYuxg9t833TtyeExVdMfsg+P2pE+876jz7I3gUhZmvrz6QiOgdpnwxvSpLvO/zI1Z9 2O81QUN2RRGLVgLMti5sVyFkC64Je+EgP4hxtfRvCSrzwrs4Hh05LAC5MoNtkwd0vXXS wZ8OncP8/g38KhNJWaxThHaMmPJWxqebkc7ZP5KFxTRBNRfos9oj5SHKUX6FCb8cI2AW JLgxRLEpqfm0w4Cjdo912ChjBlrQnGCudZpXWdIfLDT/mIYA2zD1i3yMBvGUlyN1OF72 zurDdVLk71g4lf3w2Cd8El8s3ngwxc87zs1ttey2F3tjAvdxiOuehZzhVZB33K8vI+Lm Y8hQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:cc:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=tXg/XhkCSg4zNoZmCI1zrw4TqTOfwac8Mol+iLi+L4U=; b=itMLZdRfRybjhN2GABuATx/XscR9vVokktYLWVLWrO4Fi+TrnzXwqP4QffcPezdtZx AkwRmFJP/4gs4+bAeUC8Y8CAy2txIMO12vfdvh+HPtXrx9AK3pnuItb1u2of4+RTn/o2 q2YBxYyIF0/v6v2KL8P1ejPt6xJBuKcGf6x5G1mS5FMDlk+stvDWVEaTv3zHbrQzLbtt IWTaLZ/cPFaMtZwcTZQdt2OEZ6dVvo5fXagF31bGr2I55EXIjm6bMlEt95Wcy3KolrLc sP6htP2bIh5LTbnAXAkLheuIfluqKnHHdNdJYT+DbjtGWHQQBq/fpL11KKrT5mPw1Ahc 9+7g== X-Gm-Message-State: AKS2vOyZ9z473mcHZJ6BQ7KIBDjEd4MXWfx3Nck5bjFsEruj6+126raj Q5Zfj1Fcddgl8R0k X-Received: by 10.200.47.60 with SMTP id j57mr4081211qta.175.1497959689910; Tue, 20 Jun 2017 04:54:49 -0700 (PDT) Received: from [192.168.1.102] (ool-45726efb.dyn.optonline.net. [69.114.110.251]) by smtp.googlemail.com with ESMTPSA id f8sm7967846qke.52.2017.06.20.04.54.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Jun 2017 04:54:48 -0700 (PDT) To: Erik Aronesty References: <24f2b447-a237-45eb-ef9f-1a62533fad5c@gmail.com> <83671224-f6ff-16a9-81c0-20ab578aec9d@gmail.com> <6764b8af-bb4c-615d-5af5-462127bbbe36@gmail.com> From: Paul Sztorc Message-ID: <33d98418-10f0-3854-a954-14985d53e04b@gmail.com> Date: Tue, 20 Jun 2017 07:54:52 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------88D16E39E224D559E3C1BCD0" Content-Language: en-US X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] Drivechain RfD -- Follow Up X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2017 11:54:53 -0000 This is a multi-part message in MIME format. --------------88D16E39E224D559E3C1BCD0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Erik, As you know: 1. If a sidechain is merged mined it basically grows out of the existing Bitcoin mining network. If it has a different PoW algorithm it is a new mining network. 2. The security (ie, hashrate) of any mining network would be determined by the total economic value of the block. In Bitcoin this is (subsidy+tx_fees)*price, but since a sidechain cannot issue new tokens it would only be (tx_fees)*price. Unfortunately the two have a nasty correlation which can lead to a disastrous self-fulfilling prophecy: users will avoid a network that is too insecure; and if users avoid using a network, they will stop paying txn fees and so the quantity (tx_fees)*price falls toward zero, erasing the network's security. So it is quite problematic and I recommend just biting the bullet and going with merged mining instead. And, the point may be moot. Bitcoin miners may decide that, given their expertise in seeking out cheap sources of power/cooling, they might as well mine both/all chains. So your suggestion may not achieve your desired result (and would, meanwhile, consume more of the economy's resources -- some of these would not contribute even to a higher hashrate= ). Paul On 6/19/2017 1:11 PM, Erik Aronesty wrote: > It would be nice to be able to enforce that a drivechain *not* have > the same POW as bitcoin. > > I suspect this is the only way to be sure that a drivechain doesn't > destabilize the main chain and push more power to miners that already > have too much power. > > > On Mon, Jun 19, 2017 at 12:04 PM, Paul Sztorc via bitcoin-dev > > wrote: > > Hi Greg, > > Responses below: > > On 6/18/2017 5:30 PM, Tao Effect wrote: > > In Drivechain, 51% of miners have total control and ownership > over all > > of the sidechain coins. > > It would not be accurate to say that miners have "total" control. > Miners > do control the destination of withdrawals, but they do not control = the > withdrawal-duration nor the withdrawal-frequency. > > So, if miners wish to 'steal' from a sidechain, they _can_ initiate= a > theft, but they can not change the fact that their malfeasance will= be > [a] obvious, and [b] on display for a long period of time. > > We might draw a comparison between: > > 1. Classic Theft -- A majority hashrate reorganizes the main Bitc= oin > chain to double-spend funds (or coordinate with someone who is > double-spending). This is prevented/discouraged by waiting for many= > confirmations. > 2. Channel Theft -- A majority hashrate assists a Lightning-Network= > thief, by censoring the punitive audit txn (possibly by exploiting > some > excuse regarding fullness of blocks, or possibly induced to do so > by the > thief provably splitting the proceeds with miners). This is > prevented/discouraged by using lengthy custodial periods, paying hi= gh > fees with your attacker's money, and using > fungibility/non-communication > to interact with miners as little as possible (so as to frame LN-th= eft > as undermining the entire LN system, and not merely a single traged= y). > 3. Drivechain Theft -- A majority hashrate initiates an > unrepresentative > withdrawal from some sidechain. This is prevented/discouraged by on= ly > using 'popular' sidechains (those that [a] increase the usefulness > ("market price") of bitcoin, and [b] generate tx fees for miners). > It is > also discouraged by the fact that egregious theft would probably > end the > sidechain experiment, meaning that all present and future sidechain= s > would be forever unavailable (and unable to buoy the price or the t= x > revenues). > > I do not think that any of the three stands out as being categorica= lly > worse than the others, especially when we consider the > heterogeneity of > use-cases and preferences. As Luke-Jr has been pointing out on soci= al > media recently, the very group which is more associated with > miners (and > explicitly more willing to trust them, ie Bitcoin Unlimited et al),= > happens to be the same group that would be expected to make use of = a > LargeBlock drivechain. Some can argue that one type of security is > more > "cryptographic" than others, but I think this is misguided (how man= y > 'bits' of security does each have?) -- imho, all three security mod= els > are 'game theoretic' (neither computer scientific, nor cryptographi= c). > > More importantly, before a miner has any "control" over the sidecha= in > coins, users must voluntarily agree to subject themselves to these = new > rules. This is similar to how an arbitrary piece of (open source) > software can have "total" control over your computer...if you > choose to > install it. > > > Thus the effect of Drivechain appears to be the creation of a > new kind > > of digital border imposed onto the network ... > > I'm not sure it would "create a border", given that sidechains are > currently not accessible at all. If anything drivechain cuts a > door into > an existing impassible border. > > > ... where everyone hands over ownership of their Bitcoins to a > > /single/ mining cartel when they wish to interact with /any/ side= chain. > > The qualifier "/any/ sidechain" would seem to imply that there is > a way > to do sidechains that does not involve handing over some control > to 51% > hashrate...I think this is false (even in the fabled case of > ZK-SNARKS). > The first thing I do in the drivechain spec ( > truthcoin.info/blog/drivechain > ) is explain why. > > > Drivechain would be a reasonable idea if that weren't the case, b= ut > > since it is, Drivechain now introduces a very real possible futur= e > > where Bitcoins can be confiscated by the Chinese government in > exactly > > the same manner that the Chinese government today confiscates > > financial assets in other financial networks within China. > > Yes, but money could also be confiscated from _any_ Bitcoin users > (Chinese or otherwise) using any of the three methods I mentioned > above. > And confiscation could strike Chinese Bitcoin users if they decided= to > sell their Bitcoin for Chinese Yuan, which they then deposited in a= > Chinese bank. Or if they sold their Bitcoin for an Altcoin > controlled by > the Chinese govt in some other way. > > It is not up to the members of this list to decide, USSR style, wha= t > other people are allowed to do with their own money. > > The exceptions to this rule would be (ie, "bitcoin-dev should care > about > what users are doing when..."): > > 1. [Unreasonable use of Reviewer Time] The user's use-case is eith= er > nonexistent (ie "no one wants that"), or totally unachievable ("we > can't > do that") thus rendering the conversation a complete waste of time = / > reviewer attention. > 2. [Harmful Interference] The user's use-case would impose harm on > some > existing use-case(s). > > No reasonable person will claim the first, given today's scaling > debate > (not to mention today's 'bitcoin dominance index'). Therefore, crit= ics > must claim the second (as, for example, Peter Todd has been doing o= n > this list). > > Which is why I narrowly focus on inter-chain harms [1], leading > ultimately to a focus on the mining ecosystem [2,3] and the > development > of Blind Merged Mining [4]. > > [1] > https://www.youtube.com/watch?v=3D0goYH2sDw0w&list=3DPLw8-6ARlyVciN= jgS_NFhAu-qt7HPf_dtg&index=3D1 > > [2] http://www.truthcoin.info/blog/mirage-miner-centralization/ > > [3] http://www.truthcoin.info/blog/mining-threat-equilibrium/ > > [4] http://www.truthcoin.info/blog/blind-merged-mining/ > > [5] http://www.truthcoin.info/blog/measuring-decentralization/ > > > > 1. The Bitcoin network centralizes more, because more power (both= > > financial power and power in terms of capability/control) is gran= ted > > to miners. > > I think that one has some duty to very clearly define something (li= ke > "mining centralization" [2] or "centralization" [5]) before > complaining > about it. I feel that people will occasionally use selfless complai= nts > to accomplish a selfish goal...especially when the artificial selfl= ess > part is hard to discuss by virtue of its being poorly defined > (especially vague or abstract items like "the company", "our countr= y", > etc). For example, those who take it upon themselves to "defend" "t= he > Bitcoin community" may have exactly that in mind as their primary > goal...but they may also end up with more visibility (and with it: > more > influence, more job offers, more conference invites, more friends, > etc) > and they may also end up with a megaphone for which to broadcast th= eir > other views, or just a defend-able excuse for bragging loudly > about how > great cypherpunks are and/or how devoted they-in-particular are to = the > cypherpunk tribe, et cetera. To avoid this problem in my own techni= cal > discourse, I try to avoid abstractions like "centralization" until = I > have defined them [2,5]. > > You have defined centralization above, but the definition is itself= > vague to the point where I do not think even you actually endorse i= t. > For example, you would need to say that Bitcoin centralizes > whenever the > exchange rate increases (as this grants additional financial power = to > miners) or when any new user joins Bitcoin, or when tx fee revenues= > increase for any reason. You might also be forced to say that LN > centralizes Bitcoin (as LN grants new capability/control to > miners), and > probably even that Bitcoin becomes more centralized when developers= > release new software (as this grants new capability to miners, > specifically the ability to deny upgrades). This probably isn't > what you > meant, but since you did not clearly explain what you meant we have= no > way of knowing for sure. > > It seems to me that you reject the premise that BMM [4] addresses > these > issues. This is probably because BMM only addresses miner's > interactions > with each other, and it does not address miner abilities as a group= in > relation to other groups (for example, vs. users, developers, > investors). But, as I consistently emphasize, these groups of > people are > free to ignore any sidechains that they do not like. In law there i= s a > saying 'volenti non fit injuria' which I would translate as "he who= > volunteers cannot claim later to have been injured". This is a lega= l > theory, because otherwise everyone would be arbitrarily liable for > choices beyond their control (ie, responsible for decisions of othe= r > unrelated people), which would be nonsense. > > > 3. Drivechain limits user's existing choice when it comes to who = is > > acting as custodian of their Bitcoins, from any trustworthy > exchange, > > down to a single mining cartel under the control of a single set > of laws. > > Currently no (P2P) sidechains exist, and therefore the set of choic= es > today would seem to be more "limited" than in a post-sidechain futu= re. > (The set of options may decrease later, for ecological reasons, if = and > only if 'exchanges' are a strictly inferior option to 'sidechains' = for > some reason...I don't see why this would be the case. I also don't > understand the emphasis on "exchanges" [SCs are much more like > Altcoins, > than exchanges] in the first place, nor the dubious qualifier > "trustworthy".) > > --Paul > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > > --------------88D16E39E224D559E3C1BCD0 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit
Hi Erik,

As you know:

1. If a sidechain is merged mined it basically grows out of the existing Bitcoin mining network. If it has a different PoW algorithm it is a new mining network.
2. The security (ie, hashrate) of any mining network would be determined by the total economic value of the block. In Bitcoin this is (subsidy+tx_fees)*price, but since a sidechain cannot issue new tokens it would only be (tx_fees)*price.

Unfortunately the two have a nasty correlation which can lead to a disastrous self-fulfilling prophecy: users will avoid a network that is too insecure; and if users avoid using a network, they will stop paying txn fees and so the quantity (tx_fees)*price falls toward zero, erasing the network's security. So it is quite problematic and I recommend just biting the bullet and going with merged mining instead.

And, the point may be moot. Bitcoin miners may decide that, given their expertise in seeking out cheap sources of power/cooling, they might as well mine both/all chains. So your suggestion may not achieve your desired result (and would, meanwhile, consume more of the economy's resources -- some of these would not contribute even to a higher hashrate).

Paul



On 6/19/2017 1:11 PM, Erik Aronesty wrote:
It would be nice to be able to enforce that a drivechain *not* have the same POW as bitcoin.

I suspect this is the only way to be sure that a drivechain doesn't destabilize the main chain and push more power to miners that already have too much power.


On Mon, Jun 19, 2017 at 12:04 PM, Paul Sztorc via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
Hi Greg,

Responses below:

On 6/18/2017 5:30 PM, Tao Effect wrote:
> In Drivechain, 51% of miners have total control and ownership over all
> of the sidechain coins.

It would not be accurate to say that miners have "total" control. Miners
do control the destination of withdrawals, but they do not control the
withdrawal-duration nor the withdrawal-frequency.

So, if miners wish to 'steal' from a sidechain, they _can_ initiate a
theft, but they can not change the fact that their malfeasance will be
[a] obvious, and [b] on display for a long period of time.

We might draw a comparison between:

1. Classic Theft   -- A majority hashrate reorganizes the main Bitcoin
chain to double-spend funds (or coordinate with someone who is
double-spending). This is prevented/discouraged by waiting for many
confirmations.
2. Channel Theft -- A majority hashrate assists a Lightning-Network
thief, by censoring the punitive audit txn (possibly by exploiting some
excuse regarding fullness of blocks, or possibly induced to do so by the
thief provably splitting the proceeds with miners). This is
prevented/discouraged by using lengthy custodial periods, paying high
fees with your attacker's money, and using fungibility/non-communication
to interact with miners as little as possible (so as to frame LN-theft
as undermining the entire LN system, and not merely a single tragedy).
3. Drivechain Theft -- A majority hashrate initiates an unrepresentative
withdrawal from some sidechain. This is prevented/discouraged by only
using 'popular' sidechains (those that [a] increase the usefulness
("market price") of bitcoin, and [b] generate tx fees for miners). It is
also discouraged by the fact that egregious theft would probably end the
sidechain experiment, meaning that all present and future sidechains
would be forever unavailable (and unable to buoy the price or the tx
revenues).

I do not think that any of the three stands out as being categorically
worse than the others, especially when we consider the heterogeneity of
use-cases and preferences. As Luke-Jr has been pointing out on social
media recently, the very group which is more associated with miners (and
explicitly more willing to trust them, ie Bitcoin Unlimited et al),
happens to be the same group that would be expected to make use of a
LargeBlock drivechain. Some can argue that one type of security is more
"cryptographic" than others, but I think this is misguided (how many
'bits' of security does each have?) -- imho, all three security models
are 'game theoretic' (neither computer scientific, nor cryptographic).

More importantly, before a miner has any "control" over the sidechain
coins, users must voluntarily agree to subject themselves to these new
rules. This is similar to how an arbitrary piece of (open source)
software can have "total" control over your computer...if you choose to
install it.

> Thus the effect of Drivechain appears to be the creation of a new kind
> of digital border imposed onto the network ...

I'm not sure it would "create a border", given that sidechains are
currently not accessible at all. If anything drivechain cuts a door into
an existing impassible border.

>  ... where everyone hands over ownership of their Bitcoins to a
> /single/ mining cartel when they wish to interact with /any/ sidechain.

The qualifier "/any/ sidechain" would seem to imply that there is a way
to do sidechains that does not involve handing over some control to 51%
hashrate...I think this is false (even in the fabled case of ZK-SNARKS).
The first thing I do in the drivechain spec (
truthcoin.info/blog/drivechain ) is explain why.

> Drivechain would be a reasonable idea if that weren't the case, but
> since it is, Drivechain now introduces a very real possible future
> where Bitcoins can be confiscated by the Chinese government in exactly
> the same manner that the Chinese government today confiscates
> financial assets in other financial networks within China.

Yes, but money could also be confiscated from _any_ Bitcoin users
(Chinese or otherwise) using any of the three methods I mentioned above.
And confiscation could strike Chinese Bitcoin users if they decided to
sell their Bitcoin for Chinese Yuan, which they then deposited in a
Chinese bank. Or if they sold their Bitcoin for an Altcoin controlled by
the Chinese govt in some other way.

It is not up to the members of this list to decide, USSR style, what
other people are allowed to do with their own money.

The exceptions to this rule would be (ie, "bitcoin-dev should care about
what users are doing when..."):

1. [Unreasonable use of Reviewer Time]  The user's use-case is either
nonexistent (ie "no one wants that"), or totally unachievable ("we can't
do that") thus rendering the conversation a complete waste of time /
reviewer attention.
2. [Harmful Interference] The user's use-case would impose harm on some
existing use-case(s).

No reasonable person will claim the first, given today's scaling debate
(not to mention today's 'bitcoin dominance index'). Therefore, critics
must claim the second (as, for example, Peter Todd has been doing on
this list).

Which is why I narrowly focus on inter-chain harms [1], leading
ultimately to a focus on the mining ecosystem [2,3] and the development
of Blind Merged Mining [4].

[1]
https://www.youtube.com/watch?v=0goYH2sDw0w&list=PLw8-6ARlyVciNjgS_NFhAu-qt7HPf_dtg&index=1
[2] http://www.truthcoin.info/blog/mirage-miner-centralization/
[3] http://www.truthcoin.info/blog/mining-threat-equilibrium/
[4] http://www.truthcoin.info/blog/blind-merged-mining/
[5] http://www.truthcoin.info/blog/measuring-decentralization/

> 1. The Bitcoin network centralizes more, because more power (both
> financial power and power in terms of capability/control) is granted
> to miners.

I think that one has some duty to very clearly define something (like
"mining centralization" [2] or "centralization" [5]) before complaining
about it. I feel that people will occasionally use selfless complaints
to accomplish a selfish goal...especially when the artificial selfless
part is hard to discuss by virtue of its being poorly defined
(especially vague or abstract items like "the company", "our country",
etc). For example, those who take it upon themselves to "defend" "the
Bitcoin community" may have exactly that in mind as their primary
goal...but they may also end up with more visibility (and with it: more
influence, more job offers, more conference invites, more friends, etc)
and they may also end up with a megaphone for which to broadcast their
other views, or just a defend-able excuse for bragging loudly about how
great cypherpunks are and/or how devoted they-in-particular are to the
cypherpunk tribe, et cetera. To avoid this problem in my own technical
discourse, I try to avoid abstractions like "centralization" until I
have defined them [2,5].

You have defined centralization above, but the definition is itself
vague to the point where I do not think even you actually endorse it.
For example, you would need to say that Bitcoin centralizes whenever the
exchange rate increases (as this grants additional financial power to
miners) or when any new user joins Bitcoin, or when tx fee revenues
increase for any reason. You might also be forced to say that LN
centralizes Bitcoin (as LN grants new capability/control to miners), and
probably even that Bitcoin becomes more centralized when developers
release new software (as this grants new capability to miners,
specifically the ability to deny upgrades). This probably isn't what you
meant, but since you did not clearly explain what you meant we have no
way of knowing for sure.

It seems to me that you reject the premise that BMM [4] addresses these
issues. This is probably because BMM only addresses miner's interactions
with each other, and it does not address miner abilities as a group in
relation to other groups (for example, vs. users, developers,
investors). But, as I consistently emphasize, these groups of people are
free to ignore any sidechains that they do not like. In law there is a
saying 'volenti non fit injuria' which I would translate as "he who
volunteers cannot claim later to have been injured". This is a legal
theory, because otherwise everyone would be arbitrarily liable for
choices beyond their control (ie, responsible for decisions of other
unrelated people), which would be nonsense.

> 3. Drivechain limits user's existing choice when it comes to who is
> acting as custodian of their Bitcoins, from any trustworthy exchange,
> down to a single mining cartel under the control of a single set of laws.

Currently no (P2P) sidechains exist, and therefore the set of choices
today would seem to be more "limited" than in a post-sidechain future.
(The set of options may decrease later, for ecological reasons, if and
only if 'exchanges' are a strictly inferior option to 'sidechains' for
some reason...I don't see why this would be the case. I also don't
understand the emphasis on "exchanges" [SCs are much more like Altcoins,
than exchanges] in the first place, nor the dubious qualifier
"trustworthy".)

--Paul

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev


--------------88D16E39E224D559E3C1BCD0--