>As far as I can tell there is no opportunity cost to casting a malicious vote, no repercussions, and no collective action barrier that needs to be overcome. There is another interesting analysis on BMM and drivechains from /u/almkglor on reddit . I'm going to share here for visibility. The problem with drivechains and blind merged mining is the disconnect > between voting and "blind" merge mining. With BMM, a miner can do: > > 1. Not accept BMM, not vote. > 2. Not accept BMM, operate their own sidechain node, mine sidecoin, > and vote correctly. > 3. Not accept BMM, always upvote (i.e. allow theft). > 4. Not accept BMM, always downvote (i.e. strangle). > 5. Accept BMM, not vote. > 6. Accept BMM, operate their own sidechain node, and vote correctly. > (not mine sidecoin directly: they get paid in maincoin by sidecoin-only > miners). > 7. Accept BMM, always upvote (i.e. allow theft). > 8. Accept BMM, always downvote (i.e. strangle). > > 3 and 7 will mean that non-verifying miners will be (inadvertently) > complicit in theft. Drivechains have 1008-block cycles ostensibly to > protect against theft, so that someone can "raise the alarm" and tell > miners to downvote a particular theft withdrawal, but that sounds too much > like centralized collusion to me. > > Strategy 8 will dominate over strategy 6, since the miner does not have to > run a sidechain node (reduced cost) while still earning the same as > strategy 6. > > Strategies 5->8 are all strictly superior to 1->4, so BMM does not really > change anything: strategy 8 (equivalent to strategy 4 if BMM is not > implemented) will still choke strategy 6 (equivalent to strategy 2 if BMM > is not implemented) > > It seems Drivechain's security model is: miners always upvote by default. > If a theft withdrawal is done on the mainchain, some sidechain nodes call > up their miner friends (which makes me worry about miner centralization) to > downvote it instead. > > The problem is: what if after a theft withdrawal is defeated, another > theft withdrawal is done? And another, and another? This weakens the peg: > while a theft withdrawal is on-going, a genuine withdrawal can't be posted > (at least as I understand Sztorc's explanation). This chokes the sidechain > withdrawal. > > The difference from maincoin is that attempts to choke the block are > somewhat costly and a maincoin user can offer a higher transaction fee to > beat the spam. If side->main is choked, no amount of sidecoin can be > offered to beat the spammed theft transactions. > > I don't know, it seems like very weak security to me. > TLDR: a miner is most profitable if he always accepts BMM bribes, but downvotes withdrawal transactions (WT). This obviously isn't ideal because a withdrawal will never occur from the drivechain if enough miners employ this strategy -- which seems to be the most profitable strategy. -Chris On Mon, Dec 4, 2017 at 1:36 PM, Chris Pacia via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > > I think you are missing a few things. > > First of all, I think the security model for sidechains is the same as > that of every blockchain > > People will say things, like "but with sidechains 51% hashrate can steal > your coins!", but as I have repeated many times, this is also true of > mainchain btc-tx. is something else? > > > There are substantial opportunity costs as well as a collective action > problem when it comes to re-writing the mainchain. > > Is there anything similar for drivechains? As far as I can tell there is > no opportunity cost to casting a malicious vote, no repercussions, and no > collective action barrier that needs to be overcome. > > Unless I'm missing something I wouldn't liken the security of a drivechain > to that of the mainchain. > > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > >