From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 84166A84 for ; Wed, 11 Oct 2017 02:04:05 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wm0-f45.google.com (mail-wm0-f45.google.com [74.125.82.45]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id E4A224D5 for ; Wed, 11 Oct 2017 02:04:03 +0000 (UTC) Received: by mail-wm0-f45.google.com with SMTP id 196so18049671wma.1 for ; Tue, 10 Oct 2017 19:04:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=sZnmPwhyrQMTF8ScRr9tZHkTjFpQG3EjFRiEzTGBaRE=; b=qMVgIJlJKeDkVLDDTcSWHIibvpwy0cefMFzZMPUC/bDmFKyA7XA/QqCqX/1MowgFms cEbjxGlLvQJdgIggElPQGrkPYDjmEOjtcsWva01Lom/JDaO6uOsQ2ZsX8mgpDyBiUU/w m8gpOGSSs3THC6N6NqrSja0rzvwzrsEsBDDfyuWydD297rmUkSOlQ9K3bKZfYlKyEuxO tE11QeXMx8Boetvin0r+wBWv6llZ9S/3C4jyGQwzBfRq8PhIEBT8AFv+MIke7rVDhB1k ubGM/T7D1ndtmj7P+Sr2y9LhoI87Otx9Xumz7cmVNEaT3GTFTPUEjSPHwFkC3e2zn+GT tZsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=sZnmPwhyrQMTF8ScRr9tZHkTjFpQG3EjFRiEzTGBaRE=; b=o/oa3I5Dclv8JzXGykBW676cw3fFmo84smJhn4k4/yD2Tk6qiohyU7OxrkDapBRgbM dCh34ctg3QLiaO/7GfBCOs+1IECh+pUfslAYQY0keCKv5xWuWfc+zPqIrAbviT4avVFM ox7TjxT5arTGxzgeTefVjgDfO5N4pYp+8PjB9tTkcd99kiL6Cr8q1xJPSE/62tYj5w4S uBalIem/dOhBUD1XkL5m639DrmNUXOb1fJuIte+MADYr/HtBP+/y3omZmMtM1KmoNyzn 1MvFHmOsH7/1riSnrRlI1Q3IezftGx6+G/Rx8GS6cWGnu4ry+Lze18w4Bil4yzFiJIbO iBdw== X-Gm-Message-State: AMCzsaW+Pmvp7G7aaPKFzRurUR//OFuzINQYFrB1plVQ4MW+yuYNzK0E J7rq3JHhCCUH1dUEdh4Sbd34Px6l0g3I3D+zHVo= X-Google-Smtp-Source: AOwi7QCyAawtN57rVMAAZc+PWvi8cnxugM8FClDe6eK0XM3bb+bVQ6Db6S+Whw+38EZE32+7pRWAWibgSlHk6Un42EI= X-Received: by 10.28.166.143 with SMTP id p137mr11310160wme.149.1507687442408; Tue, 10 Oct 2017 19:04:02 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.143.102 with HTTP; Tue, 10 Oct 2017 19:04:01 -0700 (PDT) In-Reply-To: References: <16D7672F-AA36-47D7-AAEF-E767B9CE09FF@taoeffect.com> <55CAABF4-4FB8-4230-8E51-014C1D347D72@taoeffect.com> From: Ben Kloester Date: Wed, 11 Oct 2017 13:04:01 +1100 Message-ID: To: Tao Effect , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="94eb2c1285e87003f1055b3bd63e" X-Spam-Status: No, score=0.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_SPAM autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Wed, 11 Oct 2017 02:05:19 +0000 Subject: Re: [bitcoin-dev] Generalized sharding protocol for decentralized scaling without Miners owning our BTC X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Oct 2017 02:04:05 -0000 --94eb2c1285e87003f1055b3bd63e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I don't get it. At the moment, the number of Bitcoin is fixed (at 21 million) by the geometric decay of the block reward. Adding any other means of creating coins besides the existing block reward, or altering the block reward schedule, is extremely likely to be seen as messing with fixed supply. And not adding another method to create coins wouldn't work - because then redemptions would have to come out of miner's block reward, which I don't imagine they're going to share just because you ask. The only way you might convince users that adding a second way to mint coins is not messing with fixed supply, is if there is some kind of proof that the number of coins being minted is accounted for by past burnt coins. We could call this 'regeneration'. But then you also need a way to prevent double-regeneration, in which the same burnt coins are used as proof twice. And you would also need per-sidechain accounting, so that you can't just regenerate burnt coins that were originally burnt for sidechain A when all you have is coins on sidechain B. But where to put all this logic? Building a system that enforces the accounting for sidechains into Bitcoin, as Lucas pointed out, is not much different to just building the sidechain itself directly into Bitcoin. And if you did assemble all that, what you have anyway is a two way peg, which I suspect will be isomorphic to the very sidechain proposals you seem to be criticising/attempting to do better than. *Ben Kloester* On 11 October 2017 at 07:43, Tao Effect via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > What? > > That is not correct. > > There is a fixed amount of Bitcoin, as I said. > > The only difference is what chain it is on. > > It is precisely because there is a fixed amount that when you > burn-to-withdraw you mint on another chain. > > I will not respond to any more emails unless they=E2=80=99re from core de= velopers. > Gotta run. > > -- > Sent from my mobile device. > Please do not email me anything that you are not comfortable also sharing > with the NSA. > > > On Oct 10, 2017, at 1:23 PM, James Hudon wrote: > > > > You're asking for newly minted bitcoin to go to you but you burned the > bitcoin used in the peg. You're effectively losing your money and then > stealing from the miners to gain it back. The miners had to issue your > amount of bitcoin 2 times (once for your original bitcoin, again to make > you whole). Why would they agree to this? > > -- > > hudon > > > >> On Oct 10, 2017, at 13:13, Tao Effect via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >> > >> It would not change the number of Bitcoins in existence. > >> > >> -- > >> Sent from my mobile device. > >> Please do not email me anything that you are not comfortable also > sharing with the NSA. > >> > >>> On Oct 10, 2017, at 12:50 PM, CryptAxe wrote: > >>> > >>> Your method would change the number of Bitcoins in existence. Why? > >>> > >>> On Oct 10, 2017 12:47 PM, "Tao Effect via bitcoin-dev" < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >>> Is that what passes for a technical argument these days? Sheesh. > >>> > >>> Whereas in Drivechain users are forced to give up their coins to a > single group for whatever sidechains they interact with, the generic > sharding algo lets them (1) keep their coins, (2) trust whatever group th= ey > want to trust (the miners of the various sidechains). > >>> > >>> Drivechain offers objectively worse security. > >>> > >>> -- > >>> Sent from my mobile device. > >>> Please do not email me anything that you are not comfortable also > sharing with the NSA. > >>> > >>>> On Oct 10, 2017, at 8:09 AM, Paul Sztorc via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >>>> > >>>> I think this response speaks for itself. > >>>> > >>>>> On 10/10/2017 10:09 AM, Tao Effect wrote: > >>>>> Hi Paul, > >>>>> > >>>>> I thought it was clear, but apparently you are getting stuck on the > semantics of the word "burn". > >>>>> > >>>>> The "burning" applies to the original coins you had. > >>>>> > >>>>> When you transfer them back, you get newly minted coins, equivalent > to the amount you "burned" on the chain you're transferring from =E2=80= =95 as > stated in the OP. > >>>>> > >>>>> If you don't like the word "burn", pick another one. > >>>>> > >>>>> -- > >>>>> Please do not email me anything that you are not comfortable also > sharing with the NSA. > >>>>> > >>>>>> On Oct 10, 2017, at 4:20 AM, Paul Sztorc > wrote: > >>>>>> > >>>>>> Haha, no. Because you "burned" the coins. > >>>>>> > >>>>>> On Oct 10, 2017 1:20 AM, "Tao Effect" > wrote: > >>>>>> Paul, > >>>>>> > >>>>>> It's a two-way peg. > >>>>>> > >>>>>> There's nothing preventing transfers back to the main chain. > >>>>>> > >>>>>> They work in the exact same manner. > >>>>>> > >>>>>> Cheers, > >>>>>> Greg > >>>>>> > >>>>>> -- > >>>>>> Please do not email me anything that you are not comfortable also > sharing with the NSA. > >>>>>> > >>>>>>> On Oct 9, 2017, at 6:39 PM, Paul Sztorc > wrote: > >>>>>>> > >>>>>>> That is only a one-way peg, not a two-way. > >>>>>>> > >>>>>>> In fact, that is exactly what drivechain does, if one chooses > parameters for the drivechain that make it impossible for any side-to-mai= n > transfer to succeed. > >>>>>>> > >>>>>>> One-way pegs have strong first-mover disadvantages. > >>>>>>> > >>>>>>> Paul > >>>>>>> > >>>>>>> On Oct 9, 2017 9:24 PM, "Tao Effect via bitcoin-dev" < > bitcoin-dev@lists.linuxfoundation.org> wrote: > >>>>>>> Dear list, > >>>>>>> > >>>>>>> In previous arguments over Drivechain (and Drivechain-like > proposals) I promised that better scaling proposals =E2=80=95 that do not= sacrifice > Bitcoin's security =E2=80=95 would come along. > >>>>>>> > >>>>>>> I planned to do a detailed writeup, but have decided to just send > off this email with what I have, because I'm unlikely to have time to wri= te > up a detailed proposal. > >>>>>>> > >>>>>>> The idea is very simple (and by no means novel*), and I'm sure > others have mentioned either exactly it, or similar ideas (e.g. burning > coins) before. > >>>>>>> > >>>>>>> This is a generic sharding protocol for all blockchains, includin= g > Bitcoin. > >>>>>>> > >>>>>>> Users simply say: "My coins on Chain A are going to be sent to > Chain B". > >>>>>>> > >>>>>>> Then they burn the coins on Chain A, and create a minting > transaction on Chain B. The details of how to ensure that coins do not ge= t > lost needs to be worked out, but I'm fairly certain the folks on this lis= t > can figure out those details. > >>>>>>> > >>>>>>> - Thin clients, nodes, and miners, can all very easily verify tha= t > said action took place, and therefore accept the "newly minted" coins on = B > as valid. > >>>>>>> - Users client software now also knows where to look for the othe= r > coins (if for some reason it needs to). > >>>>>>> > >>>>>>> This doesn't even need much modification to the Bitcoin protocol > as most of the verification is done client-side. > >>>>>>> > >>>>>>> It is fully decentralized, and there's no need to give our > ownership of our coins to miners to get scale. > >>>>>>> > >>>>>>> My sincere apologies if this has been brought up before (in which > case, I would be very grateful for a link to the proposal). > >>>>>>> > >>>>>>> Cheers, > >>>>>>> Greg Slepak > >>>>>>> > >>>>>>> * This idea is similar in spirit to Interledger. > >>>>>>> > >>>>>>> -- > >>>>>>> Please do not email me anything that you are not comfortable also > sharing with the NSA. > >>>>>>> > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> bitcoin-dev mailing list > >>>>>>> bitcoin-dev@lists.linuxfoundation.org > >>>>>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > >>>>>>> > >>>>>>> > >>>>>> > >>>>> > >>>> > >>>> _______________________________________________ > >>>> bitcoin-dev mailing list > >>>> bitcoin-dev@lists.linuxfoundation.org > >>>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > >>> > >>> _______________________________________________ > >>> bitcoin-dev mailing list > >>> bitcoin-dev@lists.linuxfoundation.org > >>> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > >>> > >> _______________________________________________ > >> bitcoin-dev mailing list > >> bitcoin-dev@lists.linuxfoundation.org > >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --94eb2c1285e87003f1055b3bd63e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I don't get it. At the moment, the number of Bitcoin i= s fixed (at 21 million) by the geometric decay of the block reward.
Adding any other means of creating coins besides the existing b= lock reward, or altering the block reward schedule, is extremely likely to = be seen as messing with fixed supply. And not adding another method to crea= te coins wouldn't work - because then redemptions would have to come ou= t of miner's block reward, which I don't imagine they're going = to share just because you ask.

The only way you mi= ght convince users that adding a second way to mint coins is not messing wi= th fixed supply, is if there is some kind of proof that the number of coins= being minted is accounted for by past burnt coins. We could call this '= ;regeneration'. But then you also need a way to prevent double-regenera= tion, in which the same burnt coins are used as proof twice.=C2=A0

And you would also need per-sidechain accounting, so that = you can't just regenerate burnt coins that were originally burnt for si= dechain A when all you have is coins on sidechain B. But where to put all t= his logic? Building a system that enforces the accounting for sidechains in= to Bitcoin, as Lucas pointed out, is not much different to just building th= e sidechain itself directly into Bitcoin.

And if y= ou did assemble all that, what you have anyway is a two way peg, which I su= spect will be isomorphic to the very sidechain proposals you seem to be cri= ticising/attempting to do better than.


<= /div>

Ben Kloester


On 11 October 2017 at 07:43, Tao Effect via = bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org= > wrote:
What?

That is not correct.

There is a fixed amount of Bitcoin, as I said.

The only difference is what chain it is on.

It is precisely because there is a fixed amount that when you burn-to-withd= raw you mint on another chain.

I will not respond to any more emails unless they=E2=80=99re from core deve= lopers. Gotta run.

--
Sent from my mobile device.
Please do not email me anything that you are not comfortable also sharing w= ith the NSA.

> On Oct 10, 2017, at 1:23 PM, James Hudon <jameshudon@gmail.com> wrote:
>
> You're asking for newly minted bitcoin to go to you but you burned= the bitcoin used in the peg. You're effectively losing your money and = then stealing from the miners to gain it back. The miners had to issue your= amount of bitcoin 2 times (once for your original bitcoin, again to make y= ou whole). Why would they agree to this?
> --
> hudon
>
>> On Oct 10, 2017, at 13:13, Tao Effect via bitcoin-dev <bitcoin-dev@lists.li= nuxfoundation.org> wrote:
>>
>> It would not change the number of Bitcoins in existence.
>>
>> --
>> Sent from my mobile device.
>> Please do not email me anything that you are not comfortable also = sharing with the NSA.
>>
>>> On Oct 10, 2017, at 12:50 PM, CryptAxe <cryptaxe@gmail.com> wrote:
>>>
>>> Your method would change the number of Bitcoins in existence. = Why?
>>>
>>> On Oct 10, 2017 12:47 PM, "Tao Effect via bitcoin-dev&quo= t; <bitcoin-dev= @lists.linuxfoundation.org> wrote:
>>> Is that what passes for a technical argument these days? Shees= h.
>>>
>>> Whereas in Drivechain users are forced to give up their coins = to a single group for whatever sidechains they interact with, the generic s= harding algo lets them (1) keep their coins, (2) trust whatever group they = want to trust (the miners of the various sidechains).
>>>
>>> Drivechain offers objectively worse security.
>>>
>>> --
>>> Sent from my mobile device.
>>> Please do not email me anything that you are not comfortable a= lso sharing with the NSA.
>>>
>>>> On Oct 10, 2017, at 8:09 AM, Paul Sztorc via bitcoin-dev &= lt;bitcoin-dev@lis= ts.linuxfoundation.org> wrote:
>>>>
>>>> I think this response speaks for itself.
>>>>
>>>>> On 10/10/2017 10:09 AM, Tao Effect wrote:
>>>>> Hi Paul,
>>>>>
>>>>> I thought it was clear, but apparently you are getting= stuck on the semantics of the word "burn".
>>>>>
>>>>> The "burning" applies to the original coins = you had.
>>>>>
>>>>> When you transfer them back, you get newly minted coin= s, equivalent to the amount you "burned" on the chain you're = transferring from =E2=80=95 as stated in the OP.
>>>>>
>>>>> If you don't like the word "burn", pick = another one.
>>>>>
>>>>> --
>>>>> Please do not email me anything that you are not comfo= rtable also sharing with the NSA.
>>>>>
>>>>>> On Oct 10, 2017, at 4:20 AM, Paul Sztorc <truthcoin@gmail.com> wrote:
>>>>>>
>>>>>> Haha, no. Because you "burned" the coins= .
>>>>>>
>>>>>> On Oct 10, 2017 1:20 AM, "Tao Effect" &l= t;contact@taoeffect.com> wr= ote:
>>>>>> Paul,
>>>>>>
>>>>>> It's a two-way peg.
>>>>>>
>>>>>> There's nothing preventing transfers back to t= he main chain.
>>>>>>
>>>>>> They work in the exact same manner.
>>>>>>
>>>>>> Cheers,
>>>>>> Greg
>>>>>>
>>>>>> --
>>>>>> Please do not email me anything that you are not c= omfortable also sharing with the NSA.
>>>>>>
>>>>>>> On Oct 9, 2017, at 6:39 PM, Paul Sztorc <truthcoin@gmail.com> wrote:
>>>>>>>
>>>>>>> That is only a one-way peg, not a two-way.
>>>>>>>
>>>>>>> In fact, that is exactly what drivechain does,= if one chooses parameters for the drivechain that make it impossible for a= ny side-to-main transfer to succeed.
>>>>>>>
>>>>>>> One-way pegs have strong first-mover disadvant= ages.
>>>>>>>
>>>>>>> Paul
>>>>>>>
>>>>>>> On Oct 9, 2017 9:24 PM, "Tao Effect via b= itcoin-dev" <bitcoin-dev@lists.linuxfoundation.org> wrote:
>>>>>>> Dear list,
>>>>>>>
>>>>>>> In previous arguments over Drivechain (and Dri= vechain-like proposals) I promised that better scaling proposals =E2=80=95 = that do not sacrifice Bitcoin's security =E2=80=95 would come along. >>>>>>>
>>>>>>> I planned to do a detailed writeup, but have d= ecided to just send off this email with what I have, because I'm unlike= ly to have time to write up a detailed proposal.
>>>>>>>
>>>>>>> The idea is very simple (and by no means novel= *), and I'm sure others have mentioned either exactly it, or similar id= eas (e.g. burning coins) before.
>>>>>>>
>>>>>>> This is a generic sharding protocol for all bl= ockchains, including Bitcoin.
>>>>>>>
>>>>>>> Users simply say: "My coins on Chain A ar= e going to be sent to Chain B".
>>>>>>>
>>>>>>> Then they burn the coins on Chain A, and creat= e a minting transaction on Chain B. The details of how to ensure that coins= do not get lost needs to be worked out, but I'm fairly certain the fol= ks on this list can figure out those details.
>>>>>>>
>>>>>>> - Thin clients, nodes, and miners, can all ver= y easily verify that said action took place, and therefore accept the "= ;newly minted" coins on B as valid.
>>>>>>> - Users client software now also knows where t= o look for the other coins (if for some reason it needs to).
>>>>>>>
>>>>>>> This doesn't even need much modification t= o the Bitcoin protocol as most of the verification is done client-side.
>>>>>>>
>>>>>>> It is fully decentralized, and there's no = need to give our ownership of our coins to miners to get scale.
>>>>>>>
>>>>>>> My sincere apologies if this has been brought = up before (in which case, I would be very grateful for a link to the propos= al).
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Greg Slepak
>>>>>>>
>>>>>>> * This idea is similar in spirit to Interledge= r.
>>>>>>>
>>>>>>> --
>>>>>>> Please do not email me anything that you are n= ot comfortable also sharing with the NSA.
>>>>>>>
>>>>>>>
>>>>>>> _________________________________________= ______
>>>>>>> bitcoin-dev mailing list
>>>>>>> bitcoin-dev@lists.linuxfoundation.org
>>>>>>> https://l= ists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> bitcoin-dev mailing list
>>>> b= itcoin-dev@lists.linuxfoundation.org
>>>> https://lists.linuxfo= undation.org/mailman/listinfo/bitcoin-dev
>>>
>>> _______________________________________________
>>> bitcoin-dev mailing list
>>> bitco= in-dev@lists.linuxfoundation.org
>>> https://lists.linuxfounda= tion.org/mailman/listinfo/bitcoin-dev
>>>
>> _______________________________________________
>> bitcoin-dev mailing list
>> bitcoin-d= ev@lists.linuxfoundation.org
>> https://lists.linuxfoundation= .org/mailman/listinfo/bitcoin-dev
>

_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev

--94eb2c1285e87003f1055b3bd63e--