Hacker News new | past | comments | ask | show | jobs | submit login
A simple explanation of Bitcoin “Sidechains” (gendal.wordpress.com)
77 points by nvk on Oct 27, 2014 | hide | past | web | favorite | 24 comments

Small point but:

> Bitcoin’s block interval is ten minutes so it takes about five minutes on average for a new transaction to find its way into a block

is wrong. The block interval is ten minutes on average, but not ten minutes uniformly. And in particular because hashing works via random trials whose probabilities of finding a sufficiently long zeroed prefix are constant, the amount of time since the last block is no information about how much more time remains until the next one. It's always ten minutes away from now, on average, which means the average transaction takes ten minutes, not five.

The error here was in multiplying the average block interval (10 minutes) by the average fraction of that interval remaining when transactions occur (0.5). But the first operand is only valid if you assume the average block interval weighted over all transactions is the same as the average block interval weighted over all blocks, however transactions are over-represented among blocks that take longer: on average a block which took 15 minutes will have three times as many transactions as one which took 5.

Argghhh! This is EXTREMELY embarrassing... and you're not the first to point it out. I've just corrected the post. Thanks :) Quick question: do I need to return my mathematics degree certificate by post? Or do they send a courier?

From the paper [1]:

> Essentially, an SPV proof is composed of (a) a list of blockheaders demonstrating proof-of-work, and (b) a cryptographic proof that an output was created in one of the blocks in the list. This allows verifiers to check that some amount of work has been committed to the existence of an output. Such a proof may be invalidated by another proof demonstrating the existence of a chain with more work which does not include the block which created the output.

which reads to me like embedding a full copy of the rules engine of one blockchain inside the other, meaning 1) all chains likely need to be Turing complete, and 2) a hard fork of one chain is a hard fork of all transitively connected chains. These seem like undesirable properties to me, but it's possible I've misunderstood something.

[1] http://www.blockstream.com/sidechains.pdf

What happens if a sidechain network is insecure, and someone creates coins out of nowhere and integrates them back into the main bitcoin blockchain? Do sidechains increase the surface area for bitcoin vulnerabilities?

My understanding is that the worst two things that can happen are: 1) an attacker prevents a holder of bitcoins on a sidechain from reclaiming them on the bitcoin network (e.g. by preventing the relevant transaction getting into a block on the sidechain side)... this would be a net-plus for other bitcoin holders, I guess... since they would then own relatively more of them. 2) an attacker finds a way to release the coins on the bitcoin side. That would be bad for the rightful owner, of course, but it has no impact on anybody else on the bitcoin side.

If this happened, then the sidechain would effectively become "insolvent" (because the original bitcoin blockchain will never allow more coins to be returned than have been taken out of it).

There would then be a bank run from the sidechain, and some people would be left with unredeemable sidechain tokens.

I'm trying to get my head around it but one thing looks particularly confusing.

The article says that "If the second blockchain has agreed to be a Bitcoin sidechain, it now does something really special… it creates the exact same number of tokens on its own network and gives you control of them."

Does "the exact same number of tokens" mean the same exact amount in Bitcoin? Therefore, does it mean that there's no exchange rate and you always move coins 1:1 between Bitcoin and a sidecoin?

This doesn't make much sense to me. How does the actual currency amount get converted from BTC to a sidecoin?

There isn't any "sidecoin" here. One of the slogans for sidechains is "altchains without altcoins". The idea is that you are in some sense still using bitcoin tokens, even though you're doing so in an unorthodox way.

It can be implemented either way - it's up to the sidechain. For example, a simple sidechain might lock its exchange rate at 1=1 to the bitcoin network (if the creator just wanted to test out protocol improvements, such as faster block times).

On the other hand, someone could create something totally different, like a lotto coin, where each week one of the holders is allowed to "withdraw" all bitcoin in the network back to the bitcoin blockchain.

All that matters is that all the miners/participants in the sidechain agree what the rules are for importing and exporting bitcoin. If the sidechain miners allow the withdrawal to go ahead (and it reaches enough confirmations to mitigate a double spend attack), then the bitcoin blockchain allows the original coins to be unlocked.

Can anyone give the gist of how the bitcoin blockchain knows/cares that the sidechain is not using them any more, and how it knows who to transfer them to?

The actor wanting to reanimate the coins on the Bitcoin network provides a proof to the Bitcoin network that 1) the coins on the sidechain have been moved to a particular address that puts them out of reach, 2) that this transaction has been buried by sufficient blocks so that it's unlikely to be reversed, 3) that it was this actor that did it.

This is why the sidechains paper suggests a one-off change to Bitcoin might be needed: there's no out-of-the-box Bitcoin feature to validate this proof. The authors propose an interim measure where n-of-m "functionaries" are trusted to validate the proof.

With a small change to bitcoin protocol it should be possible in some cases. But right now the only viable option is to use M of N oracles:

https://github.com/orisi/wiki/wiki/Orisi-White-Paper http://gavintech.blogspot.com/2014/06/bit-thereum.html

Basically, you choose a panel of up to 15 independent entities to verify that the funds were locked indeed. The panel can be modified by a majority of votes if some of the entities prove to be unreliable - kind of like the Supreme Court works.

This obviously introduces a new vulnerability to the system, but is the best solution available right now.

well, if a vulnerabillity like this is the best it can do, I guess I will not switch to the best alternative to fiat, not anytime soon. /s

To be clear, IMHO it is a mitigation or heuristic, not a solution at all.

Disclaimer: slightly disgruntled and provokative because I don't really understand the technicalities and a lot of hype makes it even more unbelievable.

Note that this is only a compatibility measure (the equivalent of an IPv6 tunnel to move traffic between networks). The longer term solution is to add a new opcode to bitcoin, which would natively support moving bitcoin between sidechains.

Any side chain must therefore be able to generate currency out of the blue and on-demand. This might be possible to do in other protocols but not bitcoin. So the symmetry is basically lost. am I missing something?

The only thing that matters is that Y amount of sidechain issued currency/protocol must be pegged to X amount of currency in the bitcoin network. And this ownership must be verifiable by crypto. At the higher level, it is basically a 2 way agreement.

The sidechain-coin could have many different features, for instance it could be a clone of Ethereum and its "currency": "ether", being able to replicate its functionalities like issuing subcurrencies or assets (out of the blue) completely decoupled from the bitcoin blockchain. But the higher level currency (the Y issued ether) is pegged to X amount of bitcoin.

The concept is not new and is similar to the proposed spin-offs... https://bitcointalk.org/index.php?topic=563972.0

I don't think you are. The idea seems to be that you don't have alternative tokens at all, really. Instead you would use an alternative blockchain using what are for most intents and purposes still bitcoin tokens. It's not really intended to be compatible with existing altcoins, but rather to supplant them.

How does mining and the coin generated by mined blocks work in a sidechain?

If a sidechain has a smaller blocktime and larger rewards, wouldn't that undermine the two-way peg?

Or do sidechains not have their own mining?

Mining is entirely up to the sidechain. A simple sidechain could be merge mined with bitcoin, and offer no block reward (only transaction fees). This would allow the 1=1 exchange rate to be maintained.

If a different block reward is created, then the sidechain would need to be inflationary (either the relative value of all bitcoin in the sidechain will need to decrease, or in a network which natively supported multiple asset types, the block reward could be denominated in a currency other than BTC).

Either way, the bitcoin blockchain will not allow more money to be withdrawn from the sidechain than was put into it, so the sidechain creators must come up with exchange rules which are fair to both those who import BTC into the sidechain, and to the miners.

How can Bitcoin trust the sidechain?

How does the Bitcoin network keep track of the total currency amount and therefor the inflation on the sidechain?

The Bitcoin chain only has to know how many Bitcoins exist in the sidechain, and only that number of Bitcoins is permitted to be resurrected from the sidechain's dead address. The rules for how units in the sidechain relate to units on the Bitcoin chain don't matter; as long as the work is done to resurrect a Bitcoin on the Bitcoin chain, then it will be resurrected and decremented from the sidechain's count.

Step through this with me...

I've got 5 Bitcoins. I transfer all of them to a new sidechain for 50 Sidecoins. This Sidecoin sidechain has a different block reward. Let's say 3 weeks go by. Now there are 10,000 total Sidecoins. Let's say I've got 2,000 of those Sidecoins because I've sold the rest. How do I convert them back to Bitcoins? Can I only transfer 50 back? Can I transfer all 2,000 back? What are they worth in Bitcoin now?

You freeze your 2000 Sidecoins. That is then converted into some number of Bitcoins, the conversion of which is entirely dependent on how the Sidecoins work. (Likely the ratio of the number of Bitcoins dedicated to the sidechain to the number of existant Sidecoins.) A transaction is then submitted to the main chain, submitting the required proofs that you have frozen / destroyed the appropriate amount of Sidecoins to unfreeze a number of Bitcoins.

If the number of Bitcoins trying to be created exceeds the number committed to the sidechain, the transaction will fail. Otherwise, it will succeed.

So the main Bitcoin network needs to be aware of and to be able to analyze the entire Sidecoin sidechain?

So if only a total of 5 Bitcoin were ever sent/frozen to the sidechain, then only 5 Bitcoin can ever be retrieved/unlocked?

So when the Sidecoin sidechain was first created each Sidecoin was worth 0.1 Bitcoin. So after three weeks there are now 10,000 Sidecoins, each worth 0.0005 Bitcoin? Is this a general rule for sidechains? Why did you say "likely"? Is that because none of the details of sidechains have been worked out?

Transactions on sidechains are mined in to blocks, right? So if someone mined 8,000 Sidecoins of those 10,000, they've now got 4 Bitcoin? If someone then sent/froze an additional 5 Bitcoin to the Sidecoin sidechain, then that would generate 10,000 new Sidechains?

So the incentives to mine Sidecoins would correspond to the total number of Bitcoin that has been sent to the sidechain? If 5 Bitcoin were only ever sent to Sidecoin, then all the mining in the world could only ever lead to a total of 5 Bitcoins?

So for Sidecoins to be economically viable and therefor functional, someone would need to be constantly injecting Bitcoin in to the sidechain, right?

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact