📅 Original date posted:2017-07-02
📝 Original message:Hi,
Sorry for the delay, I overlooked this email until now. I see that Chris
and CryptAxe both answered but I will also answer, because the message
was addressed to me.
On 6/30/2017 12:00 AM, ZmnSCPxj wrote:
> >Your way is actually very similar to mine. Mine _forces_ the bribe to be
> >in the earliest txn (the coinbase) and to only occur once. Yours doesn"t
> >do anything to refund the briber, if the sidechain (but not the
> >mainchain) reorganizes (as it can easily do, if an older sidechain
> >parent is extended while the mainchain proceeds normally). This creates
> >additional risk.
>
> I don't understand this part. In my scheme, a sidechain cannot
> reorganize unless the mainchain reorganizes, since the consensus loop
> only cares about matching the current block; it ignores splits and
> does not consider them valid.
If I've understood you correctly, you have said that each OP Return
links the (ex)-latest block to a brand new block, and that whichever
message of this kind comes first (in the mainchain) wins and the rest
are discarded.
So what if I had a sidechain represented by a jumble of capital letters,
discarded entries as lowercase letters.
Mainchain Block #200001: [0 --> Q], [0 -->v], [0 -->s], [0 -->b],
Mainchain Block #200002: [Q --> H], [Q --> z],
Mainchain Block #200003: [H --> F]
Mainchain Block #200004: [F --> J], [F -->w]
Mainchain Block #200005: [H --> P], [J -->x]
Mainchain Block #200006: [P --> D]
Isn't the chain {{ Q --> H --> F --> J }} now starting to reorg, with a
competing chain {{ Q --> H --> P --> D }} ?
> But I suppose you are considering something like the Ethereum
> mutability feature, which I do not think is something you would want
> in a sidechain.
What I do want to do, is retain the existing model to some extent.
Specifically, to the degree where sidechains could salvage some bad
situations (eg value overflow incident, or March 2013 incident).
> >I think mine is also much more space-efficient. Even if ours each had
> >exactly one h* per sidechain per block, it seems that I only require one
> >hash to be communicated (plus an indicator byte, and a ~2 byte counter
> >for the ratchet), whereas you require two. Since its overhead per
> >sidechain per block, it actually might really add up.
>
> Do you not provide a single sidechain's h* twice in the block? Once
> in the coinbase and once in the briber's separate transaction?
That is a good point. Technically, we do include it twice, but the
second instance (briber-transaction) can be "shuffled" out if the
counterparties are part of the same Lightning Network (which I expect to
the be the case, in equilibrium).
>
> In my scheme at least there is no indicator byte -- the "previous
> block" hash is the indicator of which sidechain it is extending. From
> your other emails on this list, it seems the ratchet is for
> withdrawals from sidechain to mainchain? If so, should it not only
> appear in only some of the sidechains (the ones which are currently
> doing some withdrawal?)?
No, sorry. There are many tangled issues (Drivechain (total system);
side-to-main withdrawals (OP CountACKs); individual Drivechains
themselves; Blind Merged Mining (OP BribeVerify)). The ratchet is not
about withdrawals, it is exclusively about Blind Merged Mining, and
making a better OP BribeVerify that offers better guarantees to both sides.
Paul
Paul Sztorc [ARCHIVE] /
npub10t…w9uu9
2023-06-07 18:03:50
in reply to nevent1q…695j
Author Public Key
npub10tqt6wdc2neye0cxwyphtre6n5uccgur94khtqjdry9wxhrvywlq6w9uu9Published at
2023-06-07 18:03:50Event JSON
{
"id": "efde5a52a29be9051cd8f8873249ba55f40e76fe3c39b00bd4f1b3ce375d1169",
"pubkey": "7ac0bd39b854f24cbf067103758f3a9d398c23832d6d75824d190ae35c6c23be",
"created_at": 1686161030,
"kind": 1,
"tags": [
[
"e",
"52b451de2ab6d599e8057dc09a8d1c72b1915752195eef8652787bc553d99caf",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2017-07-02\n📝 Original message:Hi,\n\nSorry for the delay, I overlooked this email until now. I see that Chris\nand CryptAxe both answered but I will also answer, because the message\nwas addressed to me.\n\nOn 6/30/2017 12:00 AM, ZmnSCPxj wrote:\n\u003e \u003eYour way is actually very similar to mine. Mine _forces_ the bribe to be\n\u003e \u003ein the earliest txn (the coinbase) and to only occur once. Yours doesn\"t\n\u003e \u003edo anything to refund the briber, if the sidechain (but not the\n\u003e \u003emainchain) reorganizes (as it can easily do, if an older sidechain\n\u003e \u003eparent is extended while the mainchain proceeds normally). This creates\n\u003e \u003eadditional risk.\n\u003e\n\u003e I don't understand this part. In my scheme, a sidechain cannot\n\u003e reorganize unless the mainchain reorganizes, since the consensus loop\n\u003e only cares about matching the current block; it ignores splits and\n\u003e does not consider them valid.\n\nIf I've understood you correctly, you have said that each OP Return\nlinks the (ex)-latest block to a brand new block, and that whichever\nmessage of this kind comes first (in the mainchain) wins and the rest\nare discarded.\n\nSo what if I had a sidechain represented by a jumble of capital letters,\ndiscarded entries as lowercase letters.\n\nMainchain Block #200001: [0 --\u003e Q], [0 --\u003ev], [0 --\u003es], [0 --\u003eb],\nMainchain Block #200002: [Q --\u003e H], [Q --\u003e z],\nMainchain Block #200003: [H --\u003e F]\nMainchain Block #200004: [F --\u003e J], [F --\u003ew]\nMainchain Block #200005: [H --\u003e P], [J --\u003ex]\nMainchain Block #200006: [P --\u003e D]\n\nIsn't the chain {{ Q --\u003e H --\u003e F --\u003e J }} now starting to reorg, with a\ncompeting chain {{ Q --\u003e H --\u003e P --\u003e D }} ?\n\n\u003e But I suppose you are considering something like the Ethereum\n\u003e mutability feature, which I do not think is something you would want\n\u003e in a sidechain.\n\nWhat I do want to do, is retain the existing model to some extent.\nSpecifically, to the degree where sidechains could salvage some bad\nsituations (eg value overflow incident, or March 2013 incident).\n\n\u003e \u003eI think mine is also much more space-efficient. Even if ours each had\n\u003e \u003eexactly one h* per sidechain per block, it seems that I only require one\n\u003e \u003ehash to be communicated (plus an indicator byte, and a ~2 byte counter\n\u003e \u003efor the ratchet), whereas you require two. Since its overhead per\n\u003e \u003esidechain per block, it actually might really add up.\n\u003e\n\u003e Do you not provide a single sidechain's h* twice in the block? Once\n\u003e in the coinbase and once in the briber's separate transaction?\nThat is a good point. Technically, we do include it twice, but the\nsecond instance (briber-transaction) can be \"shuffled\" out if the\ncounterparties are part of the same Lightning Network (which I expect to\nthe be the case, in equilibrium).\n\n\u003e\n\u003e In my scheme at least there is no indicator byte -- the \"previous\n\u003e block\" hash is the indicator of which sidechain it is extending. From\n\u003e your other emails on this list, it seems the ratchet is for\n\u003e withdrawals from sidechain to mainchain? If so, should it not only\n\u003e appear in only some of the sidechains (the ones which are currently\n\u003e doing some withdrawal?)?\n\nNo, sorry. There are many tangled issues (Drivechain (total system);\nside-to-main withdrawals (OP CountACKs); individual Drivechains\nthemselves; Blind Merged Mining (OP BribeVerify)). The ratchet is not\nabout withdrawals, it is exclusively about Blind Merged Mining, and\nmaking a better OP BribeVerify that offers better guarantees to both sides.\n\nPaul",
"sig": "3dd0832a35f4907c66b2b695f1878ed6a2a59d30eaa61f528d184a2552f93b4f3c381ac0f9130d0de3effafa292ad98fb28cef1314de7e4b508c781c3ed511ff"
}