public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Chris Stewart <chris@suredbits•com>
To: Chris Pacia <ctpacia@gmail•com>,
	 Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Two Drivechain BIPs
Date: Mon, 4 Dec 2017 14:11:13 -0600	[thread overview]
Message-ID: <CAGL6+mF1YbjZ28MtvPxTye-HndEqmd6LkaFVr9BWvPiK-kfVTA@mail.gmail.com> (raw)
In-Reply-To: <CAB+qUq4wNv=-ZSibUvVCwYSE7Qw8xe8EH91KG6znUp1d7X=mdA@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 4099 bytes --]

>As far as I can tell there is no opportunity cost to casting a malicious
vote, no repercussions, and no collective action barrier that needs to be
overcome.

There is another interesting analysis on BMM and drivechains from /u/almkglor
on reddit
<https://www.reddit.com/r/Bitcoin/comments/6ztp3b/lets_discuss_something_techrelated_for_a_change/dn0rsdo/>.
I'm going to share here for visibility.

The problem with drivechains and blind merged mining is the disconnect
> between voting and "blind" merge mining. With BMM, a miner can do:
>
>    1. Not accept BMM, not vote.
>    2. Not accept BMM, operate their own sidechain node, mine sidecoin,
>    and vote correctly.
>    3. Not accept BMM, always upvote (i.e. allow theft).
>    4. Not accept BMM, always downvote (i.e. strangle).
>    5. Accept BMM, not vote.
>    6. Accept BMM, operate their own sidechain node, and vote correctly.
>    (not mine sidecoin directly: they get paid in maincoin by sidecoin-only
>    miners).
>    7. Accept BMM, always upvote (i.e. allow theft).
>    8. Accept BMM, always downvote (i.e. strangle).
>
> 3 and 7 will mean that non-verifying miners will be (inadvertently)
> complicit in theft. Drivechains have 1008-block cycles ostensibly to
> protect against theft, so that someone can "raise the alarm" and tell
> miners to downvote a particular theft withdrawal, but that sounds too much
> like centralized collusion to me.
>
> Strategy 8 will dominate over strategy 6, since the miner does not have to
> run a sidechain node (reduced cost) while still earning the same as
> strategy 6.
>
> Strategies 5->8 are all strictly superior to 1->4, so BMM does not really
> change anything: strategy 8 (equivalent to strategy 4 if BMM is not
> implemented) will still choke strategy 6 (equivalent to strategy 2 if BMM
> is not implemented)
>
> It seems Drivechain's security model is: miners always upvote by default.
> If a theft withdrawal is done on the mainchain, some sidechain nodes call
> up their miner friends (which makes me worry about miner centralization) to
> downvote it instead.
>
> The problem is: what if after a theft withdrawal is defeated, another
> theft withdrawal is done? And another, and another? This weakens the peg:
> while a theft withdrawal is on-going, a genuine withdrawal can't be posted
> (at least as I understand Sztorc's explanation). This chokes the sidechain
> withdrawal.
>
> The difference from maincoin is that attempts to choke the block are
> somewhat costly and a maincoin user can offer a higher transaction fee to
> beat the spam. If side->main is choked, no amount of sidecoin can be
> offered to beat the spammed theft transactions.
>
> I don't know, it seems like very weak security to me.
>
TLDR: a miner is most profitable if he always accepts BMM bribes, but
downvotes withdrawal transactions (WT). This obviously isn't ideal because
a withdrawal will never occur from the drivechain if enough miners employ
this strategy -- which seems to be the most profitable strategy.

-Chris


On Mon, Dec 4, 2017 at 1:36 PM, Chris Pacia via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:

>
> I think you are missing a few things.
>
> First of all, I think the security model for sidechains is the same as
> that of every blockchain
>
> People will say things, like "but with sidechains 51% hashrate can steal
> your coins!", but as I have repeated many times, this is also true of
> mainchain btc-tx.  is something else?
>
>
> There are substantial opportunity costs as well as a collective action
> problem when it comes to re-writing the mainchain.
>
> Is there anything similar for drivechains? As far as I can tell there is
> no opportunity cost to casting a malicious vote, no repercussions, and no
> collective action barrier that needs to be overcome.
>
> Unless I'm missing something I wouldn't liken the security of a drivechain
> to that of the mainchain.
>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists•linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>

[-- Attachment #2: Type: text/html, Size: 5656 bytes --]

  reply	other threads:[~2017-12-04 20:11 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-01 18:38 Paul Sztorc
2017-12-03 21:32 ` Matt Corallo
2017-12-04 19:05   ` Paul Sztorc
2017-12-04 19:36     ` Chris Pacia
2017-12-04 20:11       ` Chris Stewart [this message]
2017-12-05 19:55         ` Paul Sztorc
2017-12-07  7:28           ` ZmnSCPxj
2017-12-12 22:16             ` Paul Sztorc
2017-12-05 18:05       ` Paul Sztorc
2017-12-05 18:20         ` AJ West
2017-12-06  4:49         ` ZmnSCPxj
2017-12-06 20:51           ` CryptAxe
2017-12-08 15:40             ` ZmnSCPxj
2017-12-12 22:29           ` Paul Sztorc
2017-12-14  3:24             ` ZmnSCPxj
2017-12-05  7:41   ` Luke Dashjr

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAGL6+mF1YbjZ28MtvPxTye-HndEqmd6LkaFVr9BWvPiK-kfVTA@mail.gmail.com \
    --to=chris@suredbits$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=ctpacia@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox