Replying to Avatar Vlad, Bitcoin Takeover Podcast

https://www.youtube.com/live/RdyoOO_i7lk?si=7T63Nk_6izUQz5AM

Avatar
jimbocoin šŸƒ 2y ago

Iā€™m sorry you couldnā€™t find anyone to debate Sztorc. Listening now.

What BIP300 boils down to, as Sztorc said in the interview, is a peg-in/peg-out mechanism. My main problem is with the peg-out. Sztorc repeatedly says, and said in the interview, that thereā€™s no downside. I disagree. The downside is increased incentives for miner centralization and politicization.

Let me back up this claim. Iā€™m sorry, but itā€™ll take a few paragraphs. First Iā€™ll explain how the BIP300 peg-out mechanism works, then how it incentivizes centralization.

From the BIP300 abstract:

> In Bip300, txns are not signed via cryptographic key. Instead, they are "signed" by hashpower, over time. Like a big multisig, 13150-of-26300, where each block is a new "signature".

This is the crux of BIP300. Traditional Bitcoin outputs are locked by secrets and unlocked by signed transactions (proof-of-key). For the peg-out process to be decentralized, Drivechain needed a different unlocking mechanism.

Under BIP300, block producers vote with hashrate on which withdrawal requests they support. Bundles with sufficient votes succeed. Bundles with insufficient votes are dropped.

The capabilities of a 51% attacker on mainchain are well known. They can rewrite history, but they canā€™t steal coins other than writing history all the way back to when those coins were received. They can censor transactions, but this would incentivize competing miners to ramp up as fees increase, etc.

Under BIP300, a 51% attacker gains a new ability. Such an attacker can sweep sidechain escrow. That is, they can propose and then cast all the 13151 votes to withdraw the mainchain locked BTC supporting the peg.

In this scheme, the attackerā€™s blocks are otherwise normal, valid blocks, taking fees and earning subsidy. That is, the attacker is earning mainchain coin and rolling history forward. No rewriting necessary.

A cohort of mining pools could collaborate to carry out such an attack, without even bringing all the hash together under one controller. To do this: have the withdrawal bundle pay out proportionally to the participating pools. Any block creator can propose such a heist, and everyoneā€™s interest is to play along. Individual miners who want in on the action can then switch their hash to any of the participating pools.

One final note on politicization. Miners today choose pools based on various criteria like fee rate, pool size, payout schedule, payout mechanism (Lightning/on-chain), customer support, privacy, ease-of-use etc. But for the most part, miners are profit-maximizing businesses that choose pools based on profitability.

Under BIP300, there will be a new criterion for choosing pools: how the pool votes. Choosing where to point your hash will become a political choice in addition to an economic one.

I have other concerns about BIP300, but the pressure to centralize and politicize mining is my main one. Thanks for reading. šŸ™

Reply to this note

Please Login to reply.

Discussion

Avatar
Cyber Seagull 2y ago

The bundle happens or it does not. They are confirmation votes not passing votes. I already explained this yesterday and you keep repeating the same thing.

If a miner chooses not to vote on a specific bundle, someone else will.

The bundle is created by the sidechain, not the miner.

Avatar
LogicallyMinded 2y ago

Does this mean that miners canā€™t steal funds from a sidechain like Jimbocoin claims? My understanding is that they could still block the peg-out. Is this accurate? If so, what % of the votes is needed to block a peg-out? Are there any penalties for a miner to vote against a bundle that is accepted? Are there any penalties for a miner to vote for a bundle that is rejected? #Bip300 #Drivechain #Bitcoin #BTC

Avatar
Cyber Seagull 2y ago

No, to all of that.

Miners vote on a bundle hash the way you and your friends vote for pizza night being next tuesday. Its a pass or fail. If the bundle does not go through, nothing is stolen, transactions inside are delayed temporarily and an attempt to go through is made again.

It is not a vote in favor of one bundle over another.

they will eventually go through because some non-trivial number of miners will eant them to (to collect the fee)

Nothing can be stolen as the transactions are sidechain side user initiated, and their contents blinded.

If one bundle does not go through to prevent a specific transaction, miners do not know if that that is actualy in a completely different bundle seeking votes, or a future one.

Example: i want to peg out. The miners target the bundle they think that tx is in. I cancel my peg out. On the settlement date they've targeted a tx that's alreadycbeen cancelled and rebundled in one they are not targeting.

While there are no direct costs to non cooperation, there are rewards for cooperation and indirect costs.

https://www.drivechain.info/peer-review/peer-review-2/

Avatar
LogicallyMinded 2y ago

Thanks for the clarification, if miners canā€™t know which transaction is in which bundle then itā€™s not a legit concern. Is it still true that 25% of the hashpower can block a bundle? It seems that this could lower the barrier to entry censoring peg-out. It probably wouldnā€™t censor them forever but it could degrade the whole experience though. Imagine your withdrawals being delayed for an extended and unknown period of time. #Bitcoin #Bip300 #drivechain