📅 Original date posted:2022-02-24
📝 Original message:On Wed, Feb 23, 2022 at 11:28:36AM +0000, ZmnSCPxj via bitcoin-dev wrote:
> Subject: Turing-Completeness, And Its Enablement Of Drivechains
> And we have already rejected Drivechains,
That seems overly strong to me.
> for the following reason:
> 1. Sidechain validators and mainchain miners have a strong incentive to
> merge their businesses.
> 2. Mainchain miners end up validating and commiting to sidechain blocks.
> 3. Ergo, sidechains on Drivechains become a block size increase.
I think there are two possible claims about drivechains that would make
them unattractive, if true:
1) that adding a drivechain is a "block size increase" in the sense
that every full node and every miner need to do more work when
validating a block, in order to be sure whether the majority of hash
rate will consider it valid, or will reject it and refuse to build
on it because it's invalid because of some external drivechain rule
2) that funds deposited in drivechains will be stolen because
the majority of hashrate is not enforcing drivechain rules (or that
deposited funds cannot be withdrawn, but will instead be stuck in
the drivechain, rather than having a legitimate two-way peg)
And you could combine those claims, saying that one or the other will
happen (depending on whether more or less than 50% of hashpower is
enforcing drivechain rules), and either is bad, even though you don't
know which will happen.
I believe drivechain advocates argue a third outcome is possible where
neither of those claims hold true, where only a minority of hashrates
needs to validate the drivechain rules, but that is still sufficient
to prevent drivechain funds from being stolen.
One way to "reject" drivechains is simply to embrace the second claim --
that putting money into drivechains isn't safe, and that miners *should*
claim coins that have been drivehcain encumbered (or that miners
should not assist with withdrawing funds, leaving them trapped in the
drivechain). In some sense this is already the case: bip300 rules aren't
enforced, so funds committed today via bip300 can likely expect to be
stolen, and likely won't receive the correct acks, so won't progress
even if they aren't stolen.
I think a key difference between tx-covenant based drivechains and bip300
drivechains is hashpower endorsement: if 50% of hashpower acks enforcement
of a new drivechain (as required in bip300 for a new drivechain to exist
at all), there's an implicit threat that any block proposing an incorrect
withdrawal from that blockchain will have their block considered invalid
and get reorged out -- either directly by that hashpower majority, or
indirectly by users conducting a UASF forcing the hashpower majority to
reject those blocks.
I think removing that implicit threat changes the game theory
substantially: rather than deposited funds being withdrawn due to the
drivechain rules, you'd instead expect them to be withdrawn according to
whoever's willing to offer the miners the most upfront fees to withdraw
the funds.
That seems to me to mean you'd frequently expect to end up in a scorched
earth scenario, where someone attempts to steal, then they and the
legitimate owner gets into a bidding war, with the result that most
of the funds end up going to miners in fees. Because of the upfront
payment vs delayed collection of withdrawn funds, maybe it could end up
as a dollar auction, with the two parties competing to lose the least,
but still both losing substantial amounts?
So I think covenant-based drivechains would be roughly the same as bip300
drivechains, where a majority of hashpower used software implementing
the following rules:
- always endorse any proposed drivechain
- always accept any payment into a drivechain
- accept bids to ack/nack withdrawals, then ack/nack depending on
whoever pays the most
You could probably make covenant-based drivechains a closer match to
bip300 drivechains if a script could determine if an input was from a
(100-block prior) coinbase or not.
> Logically, if the construct is general enough to form Drivechains, and
> we rejected Drivechains, we should also reject the general construct.
Not providing X because it can only be used for E, may generalise to not
providing Y which can also only be used for E, but it doesn't necessarily
generalise to not providing Z which can be used for both G and E.
I think it's pretty reasonable to say:
a) adding dedicated consensus features for drivechains is a bad idea
in the absence of widespread consensus that drivechains are likely
to work as designed and be a benefit to bitcoin overall
b) if you want to risk your own funds by leaving your coins on an
exchange or using lightning or eltoo or tumbling/coinjoin or payment
pools or drivechains or being #reckless in some other way, and aren't
asking for consensus changes, that's your business
Cheers,
aj
Anthony Towns [ARCHIVE] /
npub17r…x9l2h
2023-06-07 23:03:34
in reply to nevent1q…2md5
Author Public Key
npub17rld56k4365lfphyd8u8kwuejey5xcazdxptserx03wc4jc9g24stx9l2hPublished at
2023-06-07 23:03:34Event JSON
{
"id": "bc1326ffff6a15c363409ff87d459a8f97ff86f540c4d1b75f6d84e0dc252d60",
"pubkey": "f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab",
"created_at": 1686179014,
"kind": 1,
"tags": [
[
"e",
"59ef3747260b332a5c157c2d93ab417af21ce8ed38e69348e0cc8995183e6119",
"",
"root"
],
[
"e",
"50bdf9a259ff037ed756754ecc87ef41b95e07affe662a68893b649f811f447c",
"",
"reply"
],
[
"p",
"4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861"
]
],
"content": "📅 Original date posted:2022-02-24\n📝 Original message:On Wed, Feb 23, 2022 at 11:28:36AM +0000, ZmnSCPxj via bitcoin-dev wrote:\n\u003e Subject: Turing-Completeness, And Its Enablement Of Drivechains\n\n\u003e And we have already rejected Drivechains,\n\nThat seems overly strong to me.\n\n\u003e for the following reason:\n\u003e 1. Sidechain validators and mainchain miners have a strong incentive to\n\u003e merge their businesses.\n\u003e 2. Mainchain miners end up validating and commiting to sidechain blocks.\n\u003e 3. Ergo, sidechains on Drivechains become a block size increase.\n\nI think there are two possible claims about drivechains that would make\nthem unattractive, if true:\n\n 1) that adding a drivechain is a \"block size increase\" in the sense\n that every full node and every miner need to do more work when\n validating a block, in order to be sure whether the majority of hash\n rate will consider it valid, or will reject it and refuse to build\n on it because it's invalid because of some external drivechain rule\n\n 2) that funds deposited in drivechains will be stolen because\n the majority of hashrate is not enforcing drivechain rules (or that\n deposited funds cannot be withdrawn, but will instead be stuck in\n the drivechain, rather than having a legitimate two-way peg)\n\nAnd you could combine those claims, saying that one or the other will\nhappen (depending on whether more or less than 50% of hashpower is\nenforcing drivechain rules), and either is bad, even though you don't\nknow which will happen.\n\nI believe drivechain advocates argue a third outcome is possible where\nneither of those claims hold true, where only a minority of hashrates\nneeds to validate the drivechain rules, but that is still sufficient\nto prevent drivechain funds from being stolen.\n\nOne way to \"reject\" drivechains is simply to embrace the second claim --\nthat putting money into drivechains isn't safe, and that miners *should*\nclaim coins that have been drivehcain encumbered (or that miners\nshould not assist with withdrawing funds, leaving them trapped in the\ndrivechain). In some sense this is already the case: bip300 rules aren't\nenforced, so funds committed today via bip300 can likely expect to be\nstolen, and likely won't receive the correct acks, so won't progress\neven if they aren't stolen.\n\n\n\nI think a key difference between tx-covenant based drivechains and bip300\ndrivechains is hashpower endorsement: if 50% of hashpower acks enforcement\nof a new drivechain (as required in bip300 for a new drivechain to exist\nat all), there's an implicit threat that any block proposing an incorrect\nwithdrawal from that blockchain will have their block considered invalid\nand get reorged out -- either directly by that hashpower majority, or\nindirectly by users conducting a UASF forcing the hashpower majority to\nreject those blocks.\n\nI think removing that implicit threat changes the game theory\nsubstantially: rather than deposited funds being withdrawn due to the\ndrivechain rules, you'd instead expect them to be withdrawn according to\nwhoever's willing to offer the miners the most upfront fees to withdraw\nthe funds.\n\nThat seems to me to mean you'd frequently expect to end up in a scorched\nearth scenario, where someone attempts to steal, then they and the\nlegitimate owner gets into a bidding war, with the result that most\nof the funds end up going to miners in fees. Because of the upfront\npayment vs delayed collection of withdrawn funds, maybe it could end up\nas a dollar auction, with the two parties competing to lose the least,\nbut still both losing substantial amounts?\n\nSo I think covenant-based drivechains would be roughly the same as bip300\ndrivechains, where a majority of hashpower used software implementing\nthe following rules:\n\n - always endorse any proposed drivechain\n - always accept any payment into a drivechain\n - accept bids to ack/nack withdrawals, then ack/nack depending on\n whoever pays the most\n\nYou could probably make covenant-based drivechains a closer match to\nbip300 drivechains if a script could determine if an input was from a\n(100-block prior) coinbase or not.\n\n\u003e Logically, if the construct is general enough to form Drivechains, and\n\u003e we rejected Drivechains, we should also reject the general construct.\n\nNot providing X because it can only be used for E, may generalise to not\nproviding Y which can also only be used for E, but it doesn't necessarily\ngeneralise to not providing Z which can be used for both G and E.\n\nI think it's pretty reasonable to say:\n\n a) adding dedicated consensus features for drivechains is a bad idea\n in the absence of widespread consensus that drivechains are likely\n to work as designed and be a benefit to bitcoin overall\n\n b) if you want to risk your own funds by leaving your coins on an\n exchange or using lightning or eltoo or tumbling/coinjoin or payment\n pools or drivechains or being #reckless in some other way, and aren't\n asking for consensus changes, that's your business\n\nCheers,\naj",
"sig": "1e3b55f32db8f9836a4288db5486bd2b26cebba1263669becc7b1470f9ea8b941b3875108f9001691a64bc636cb74c5067ea5eb7fa741ed43e4a978f1fbb65c0"
}