>For each sidechain ID, for each mainchain block, at most
one sidechain block header may be published. In addition, the
sidechain block header published on the mainchain blocks may
only be published by the stake lottery winner from the end of
the previous block.
What happens if the stake winner disappears? It seems, in your scheme, that this would cause progress to come to a screeching halt.
Our weak mitigation against a mainchain miner >50% attack
is weakened further; now the mainchain miner with 51% hashpower
need only block the creation of sidechain mainstake UTXOs except
its own, and eventually the other mainstake UTXOs will time out
and the miner can outright steal costlessly
Can we not nest mainstake outputs in p2wsh/p2sh scripts to mitigate this? This means that they cannot block the creation of mainstake utxos -- but I guess they would still be able to block the spends of this utxo.
Another thing that is problematic with using a p2sh output is 'relocking' the stake. Unfortunately if the p2sh script hash's aren't identical I don't think we can guarantee they didn't spend the stake to a non stake output. If the script hash's *are* identical then the miner can censor the transaction that re-locks the output.
Perhaps there is a hybrid that would work, however it depends on what you mean by 'creation'. If it is
just the *initial* creation of the utxo -- and not subsequent
OP_STAKEVERIFY change outputs -- I think this strategy might work. You
just won't be able to participate in the lottery while the utxo is
nested inside the p2sh output initially.
This also brings back the problem above -- what if a stake winner disappears -- or a miners creates the illusion they disappeared via censorship? I guess a miner would be losing out on transaction fees.
-Chris