Replying to Avatar Cyber Seagull

My reply to nostr:npub1h8nk2346qezka5cpm8jjh3yl5j88pf4ly2ptu7s6uu55wcfqy0wq36rpev #bitcoin #drivechain #bip300 #bip301

Bitcoin Audible #760

This recap and response is based on just this episode, independent of previous or future episodes on the topic i have not listened to yet.

> Security model based on Miners vote

- It’s not, https://www.drivechain.info/blog/hard-to-understand/ number 3 : novel “accumulation” of security.

> Underlining security of the above is not better than just raising blocksize, from the context of onboarding people unto the drivechain.

- The wording here is a bit off, but if i understand what you mean, it is better because we get to each have Bitcoin do what we want on L2 while it stays the same on L1. More veriety of tomato sauces increases overall pasta adoption. Only having chunky tomato sauce, reduces onboarding.

> Each new sidechain is a new softfork

- How ? DC is proposing one softwork (or two if bip 301 is adopted later) not one for each sidechain. One softfork of bip300 enables several sidechains, not several softforks (Not more or not many more soft forks may ever be needed again actually)

> You lose L1 key authority over a certain amount of bitcoin and give it over to miners

- For a certain amount of time, Or as is more likely only in the way that when you buy gold with fiat, you give over control of the fiat to whomever sold you the gold. Further, nothing prevents Bitcoin like sovereignty of the tokens on the sidechain, or after selling the tokens sending them back into your custody, or after several months returning it to your original wallet and custody. Bip300 is called a Hash escrow for a reason. Being smart contract based it is far less custodial than alternative such as mints and liquid.

> Random anonymous injection of hashpower can reorder history on the drivechain.

-Or bitcoin itself. Why doesn’t it. Read the whitepaper.

> If the entire side/drive chain goes away, the user can’t recover their peg.

- You need to decribe how this would happen. I’m going to assume you mean the project closes and disappears. In that case you wait 3 months or exchange out with someone willing to wait the 3 months for you. Risk of a drivechain “going” away should be in the users ability to decide after a cost benefit analysis.

> ~5 minute rant about being comfortable with a future base 1000$ fee for being a sovereign bitcoiner using other tools.

- Not an argument against DC especially if it can provide a market driven cheaper alternatives, your personal comfort with an arbitrary 1000$ or any other number is irrelevant to someone else’s choice and the market ability to deliver.

> I don’t think a bunch of different block chains all secured by the same miners that lose the “your keys, your coins” property, where real ownership is determined by a vote by miners [is the solution], it just puts the problem in a different place.

- Adding more blockchains is just one usecase. We don’t expect many new entire blockchains. Many other projects may never need to do that to scale bitcoin or provide useful features, such as a lightning drivechain. Even if true, it should be up to the invisible hand of the market and not what you think.

> Early drivechain adoption would not have placed us in a different place than we are now.

- Somewhat agree but this is conjecture. By definition we would have been in an entirely different place, a place with long since activated DC. That place being better or worse is unprovable and worst, political. What we do know is that DC is not new, has been hardened by the fire of critique for many years, and has functioning software. Other solutions are perenially on the horizon of scaling bitcoin.

> Adoption of a new currency is not a technological problem it’s a mental shift, akin to adopting a new language.

- Great Quote

> The shitcoin wave was fuelled by people trying to recreate the resale price increase,“token go up” of original Bitcoin. DC would have done nothing to mitigate that.

- We will never know. But the DC position is that the justifications for so many shitcoins would have been neutralizedand by things like a DC port, the way Ethereum has an EthDrive port, which you later admit is a valid use of DC...so....

> DriveChains do allow adoption of legitimate usecase technologies such as XMR.

- my personal favorite.

> Nothing at stake problem, malicious miner can Blind Merged Mine attack exit transactions for all sidechains at once.

- No. Not all sidechains will rely on BMM or even POW for their security, let alone asic compliant POW. So how will they attack all sidechains including POW chains. ? Also, mining is used to secure the sidechain through Bip 301. But it just akes it easier, it does not change the game theory or dynamics at lay. Bip 300 out pegging as you call it is a simple txn broadcast to the sidechains UTXO and withdrawal is a UTXO, just like anyother. I’m not sure why your mental picture of DC requires it to break bitcoin rules in some hard to understand way.

>...which means all of the honest miners need to validate all of the chains to keep them all safe. Which means we are just moving the validation problem to a different place.

- If true, this would still be a good thing as that other place is one layer up away from a slow ossified base you never have to leave but can leave if you want to enjoy new things. The current state is you must comply with the consensus of dozens of other people on past and future changes to bitcoin core, main chain. As it happens there is a cost to supporting dead or harmful projects, a cost to not having used your resources on more productive projects. Again not all chain projects will work in such a way that they need bip301 or constant validation.

Avatar
Guy Swann 2y ago

One of us is misunderstanding the “attack all DCs at once” issue and it addresses multiple of your points either way.

When I say attack multiple drive chains, I’m not talking about attacking them within the drivechain rules, I’m talking about attacking the hash rate escrow. In that since they don’t care what the rules of the DC are. They are simply replacing the “valid” DC peg out with an invalid one, and ACKing it instead. But because there are blind merge mined, what stopping them from doing this on every side chain at once? They can apply their hash power to all of the escrow transactions simultaneously, and send the DC ecosystem into a scramble to do full validation of everything to know the “honest” from the “malicious” peg out. If they don’t, then there’s no way to know the truth. In other words, just like some of the coin pool proposals require a mass exit of all transactions to L1 to enforce security in the case of an attacker, then it seems that this trade off for DCs is to require a mass validation of the whole ecosystem by miners in order to ACK for the honest transaction.

Which means to me, that in many ways it has the same centralization concerns as bigger blocks. While a negative externality is that it has the potential to change the mining profitability dynamic on L1. And we don’t necessarily know how either.

I just think serious skepticism is warranted. I wish we could see it active with real value behind it and just test a large scale attack, like 70% of the hash power, to see how it plays out. Just having some testnet DCs isn’t giving us much there. I want to see the failure mode beaten to death.

Reply to this note

Please Login to reply.

Discussion

Avatar
Cyber Seagull 2y ago

Can you explain to me the difference between BMM, Blind Merged mining and Hash escrow ?

DC is a two part bitcoin improvement proposal. 300&301

300 came first, obviously, and 301 came later as an added bonus and logical extension.

In the above reply you are applying BMM and "securing the drive chain" to peg out, which i assume is what you mean by hash escrow. Which are not the same.

BMM does not need to be implemented by several types of technologies we might find on a sidechain. So if, out of 256 sideschains only 10 use POW and BMM, how are miners able to attacknall of them. I point this out again because if you think they still can there is a huge gap in understanding.

DC Peg outs are just like any other UTXO. Why don't miners "attack" any other UTXO. If they do or can, the bitcoin game theory or tech is broken and we have much bigger problems than adding one OP code to core.

Avatar
Guy Swann 2y ago

It isn’t about “attacking” the UTXO in my thinking. It’s about submitting a malicious one, and then ACKing it despite contradicting with the rules of the sidechain.

I’ll try to take some time this week to go back through the links you gave. I still just feel like I get dismissal with most of the concerns and I really want to see and get the process on *exactly what happens* in the case of a malicious miner. Not a statement that they won’t exist. Same thing we did with Ark, just spent the entire episode trying to break down and make a shape of this thing by attacking all of the edge cases.

Avatar
Cyber Seagull 2y ago

Also, the attack takes place in public for 3 to 6 months. So yes. DC is vulnerable to a 51% attack no one is noticing for 3 to 6 months. A lot more than DC is vulnerable to that level of coordination and ability to waste resources, and always has been.

Avatar
Guy Swann 2y ago

The difference is that this doesn’t cost the miner anything in addition, and the miner still can’t be censored form mining in the base chain despite being malicious against the DC.

And then of course the 3-6 months is a decent strategy for creating as much time as possible to enforce, but it still also relies on full validation of any affected DCs to be certain of maliciousness does it not? That’s what I mean when I say “moving the problem elsewhere.”

Avatar
Cyber Seagull 2y ago

Validation of what ? Let's use the EthSide on Dc chain as an example. Let's say you the user wants to withdraw from ethside back to main. Ethside happens not to use BMM, in this example, so nothing has ever or will ever be validated by a miner on the sidechain for security or anything.

You initiate a withdraw. 3-6 months later the Bundle hash goes through. You get your utxo. Where along this path, this user journey, is a unique atrack vector to Drivechain that does not exist for any other aspect of bitcoin.

From Bip 300:

What are Bundles?

Sidechain withdrawals take the form of "Bundles" -- named because they "bundle up" many individual withdrawal-requests into a single rare layer1 transaction.

Sidechain full nodes aggregate the withdrawal-requests into a big set. The sidechain calculates what M6 would have to look like, to pay all of these withdrawal-requests out. Finally, the sidechain calculates what the hash of this M6 would be. This 32-byte hash identifies the Bundle.

This 32-byte hash is what miners will be slowly ACKing over 3-6 months, not the M6 itself (nor any sidechain data, of course).

A bundle either pays all its withdrawals out (via M6), or else it fails (and pays nothing out).

Avatar
Guy Swann 2y ago

Ok, let me ask about more specific scenarios then and we can see which pieces of this I’m missing:

Let’s start with a really simple one to make sure we are on the same page:

Let’s assume a mining pool with 70% of the hashrate, but no mining users in the pool with the DC full node, the pool OP writes a transaction that includes a bunch of honest transactions, but one malicious one that pays out of the DC like 10k BTC to themselves. Then they put it in the mining pool’s blocks and everyone starts blindly ACKing it without realizing.

What is it about the transaction/nodes/etc that prevent this transaction from either being written, or prevents it from being confirmed?

(I realize this is unlikely and I don’t want the normal “it won’t happens because” arguments, I want this played out so I can understand how it works)

Avatar
Guy Swann 2y ago

I realize I didn’t stipulate that the transaction here is one that pays out of the DC hash rate escrow, if that wasn’t obvious.

Avatar
Cyber Seagull 2y ago

Nothing is payed out of the DC hashrate escrow, besides regular main chain fees for a regular utxo. Fees payed to miners in Bip 301 (the other DC bip, NOT hash escrow) are different. I will not describe them here as this clarification reply from you question is not related.

Avatar
Cyber Seagull 2y ago

Basicly you mean: what if a mining pool has 70% control of a specific sidechain using bip 301 to secure its sidechain transactions.

And then that pool starts validating false transactions on the sidechain that pay them more fees.

Correct ?

Avatar
Guy Swann 2y ago

Ok let’s start a step earlier then:

How does the peg out work? Nobody on BTC main chain can verify that the transaction submitted to peg out is actually valid ownership, because all that activity happens off chain. So what “keys” are required to write a peg out, and what stops a miner from writing one that has nothing to do with the sidechain?

Avatar
Cyber Seagull 2y ago

There are several ways. On the Sidechain side of things, scripting can assign a token or set amount of tokens that the project and users agree is part of the design, to whoever signed the peg-in. This creates a sidechainnside user and account with forward rights to those tokens.

If some specific set of sidechain scripting favored miners, and thus made users vulnerable, everyone would know and reject the project OR accept it as part of some larger benefit. Let the market decide. Our main contention is that the market and market competition is a greater innovative force than the vitcoin devs and priesthood that have directed it up to now. It's essentially an argument between a communist or capitalist bitcoin future. Are things like RGB, Lightning, ect, market driven innovation or dev (politburo) driven.

The point is, as a user of bitcoin, none of this affects your normal use. You benefit from a means to adopt any potential challenger to bitcoin technology that might arise in the unknowable future, voluntarily. You benefit from a more secure network, through a more decentralized and incentivised miner environment. But if you want to just keep using bitcoin the way you have and never risk it in a sidechain you can.

But i think what interests you is the scaling ability, while maintaining the security and sovereignty features of main bitcoin.

Avatar
Cyber Seagull 2y ago

For one potential scaling solution :

Truthcoin.info/blog/thunder

Basicly, Where big blocks are bad on L1 they can be good on a L2.

Avatar
Cyber Seagull 2y ago

Primary sources:

The difference between bip 300 and 301

https://drivechain.xyz/

DRIVECHAIN’S SECURITY

https://www.truthcoin.info/blog/drivechain/#drivechains-security

Why Drivechain Is Harder to Understand Than Previous Soft Forks: 3. NOVEL “ACCUMULATION” OF SECURITY

https://www.drivechain.info/blog/hard-to-understand/