From: ZmnSCPxj <ZmnSCPxj@protonmail•com>
To: vjudeu@gazeta•pl,
Bitcoin Protocol Discussion
<bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] Using Merged Mining on a separate zero supply chain, instead of sidechains
Date: Sun, 05 Jun 2022 16:37:24 +0000 [thread overview]
Message-ID: <_Wxebx3JnH8Rt96A6OJjHaGDvElF_k7ezcQBFbdJ--fITmbuiv7dhg84ie4lSfLaf9OchIexAjs1bnltz5jagajhlQoqX_-aAhN6abpvVJ8=@protonmail.com> (raw)
In-Reply-To: <162963804-b06af81ec3655f4e1950de9136310c7a@pmq3v.m5r2.onet>
Good morning vjudeu,
> Some people think that sidechains are good. But to put them into some working solution, people think that some kind of soft-fork is needed. However, it seems that it can be done in a no-fork way, here is how to make it permissionless, and introduce them without any forks.
>
> First, we should make a new chain that has zero coins. When the coin supply is zero, it can be guaranteed that this chain is not generating any coins out of thin air. Then, all that is needed, is to introduce coins to this chain, just by signing a transaction from other chains, for example Bitcoin. In this way, people can make signatures in a signet way, just to sign their transaction output of any type, without moving real coins on the original chain.
>
> Then, all that is needed, is to make a way to withdraw the coins. It could be done by publishing the transaction from the original chain. It can be copy-pasted to our chain, and can be used to destroy coins that were produced earlier. In this way, our Merge-Mined chain has zero supply, and can only temporary store some coins from other chains.
>
> Creating and destroying coins from other chains is enough to make a test network. To make it independent, one more thing is needed, to get a mainnet solution: moving coins inside that chain. When it comes to that, the only limitation is the locking script. Normally, it is locked to some public key, then by forming a signature, it is possible to move coins somewhere else. In the Lightning Network, it is solved by forming 2-of-2 multisig, then coins can be moved by changing closing transactions.
>
> But there is another option: transaction joining. So, if we have a chain of transactions: A->B->C->...->Z, then if transaction joining is possible, it can be transformed into A->Z transaction. After adding that missing piece, sidechains can be enabled.
>
>
> However, I mentioned before that this solution would require no forks. It could, if we consider using Homomorphic Encryption. Then, it is possible to add new features, without touching consensus. For example, by using Homomorphic Encryption, it is possible to execute 2-of-2 multisig on some P2PK output. That means, more things are possible, because if we can encrypt things, then operate on encrypted data, and later decrypt it (and broadcast to the network), then it can open a lot of new possible upgrades, that will be totally permissionless and unstoppable.
>
> So, to sum up: by adding transaction joining in a homomorphic-encryption-way, it may be possible to introduce sidechains in a no-fork way, no matter if people wants that or not. Also, it is possible to add the hash of our chain to the signature inside a Bitcoin transaction, then all data from the "zero supply chain" can be committed to the Bitcoin blockchain, that would prevent overwriting history. Also, Merged Mining could be used to reward sidechain miners, so they will be rewarded inside the sidechain.
I proposed something similar years ago --- more specifically, some kind of general ZKP system would allow us to pretty much write anything, and if it terminates, we can provide a ZKP of the execution trace.
At the time it was impractical due to the ZKP systems of the time being *still* too large and too CPU-heavy *and* requiring a tr\*sted setup.
Encrypting the amount in a homomorphic encryption such as Pedersen commitments / ElGamal commitments is how MimbleWimble coins (such as Grin) work.
They achieve transactional cut-through in a similar manner due to the homomorphic encryption being what is validated by validators without revealing the exact balances, and with the only requirement being that a set of consumed outputs equals the set of created outputs (fees being an explicit output that has no encryption, and thus can be claimable by anyone and have a known value, which basically means that it is the miner that mines the transaction that can claim it).
Regards,
ZmnSCPxj
Regards,
ZmnSCPxj
prev parent reply other threads:[~2022-06-05 16:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-04 15:33 vjudeu
2022-06-05 16:37 ` ZmnSCPxj [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='_Wxebx3JnH8Rt96A6OJjHaGDvElF_k7ezcQBFbdJ--fITmbuiv7dhg84ie4lSfLaf9OchIexAjs1bnltz5jagajhlQoqX_-aAhN6abpvVJ8=@protonmail.com' \
--to=zmnscpxj@protonmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=vjudeu@gazeta$(echo .)pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox