> āSide chains will create more incentives to 51% attack in the same way doubling users will.ā
No. Drivechain creates a different category of incentive.
> āIf more BTC users create more transactions, the incentives to 51% also grows.ā
No. The number of users of the network does not change the characteristics of a 51% attack (its costs and benefits).
How and what is this different category ?
Is it through bip300 or 301 ?
I explained this in the message you originally responded to.
Under BIP300, a majority miner can sweep sidechain coins by building forward. No rewriting of history is necessary. Contrast that to todayās attack, which requires rewriting history to steal coins.
How exactly does bip300 do this.
Miners vote to deactivate chains. Where do locked coins go when a chain is deactivated?
You haven't answered my question.
Within Bip 300, how are new blocks built forward that coins can be swept into.
Majority miner creates an M6 withdrawal and assigns themselves the sidechain coin.
Why do that ? If they can withdraw your funds from a sidechain using M6 there is no need to also mine the hash, or even be a miner. You have still not answerd the question.
You've basicly just said miners can hack your sidechain account/ wallet and withdraw the money. But this ability has nothing to do with them being miners. It's like saying your internet provider can hack your email delete your emails, or assign all of them to a new address. There are several privacy and safety barriers between that happening.
What you have done is actually started reading the Bip and its description so i encourage you to keep reading about it, but what you've claimed up to now remains unfounded and groundless.
What people are not aware of is technically miners can steal from lightning channels as well. No one seems to care about that.
entrenched projects with sunk cost dev time are skewing the narative in their favor.
Are you saying bitcoin has dictators?
I thought it was rules without rulers?
M6 is user/sidechain side initiated. Miners can't just invent awithdrawal out of thin air that will sustain for 3 to 6 months in public.
Even assuming they capture the sidechain or your side chain account and start withdrawing.
A 51% attack on DC is the same as a 51% on main. You keep using the word majority miner, a term for a 51% main chain attacker, but are not showing how DC is so very different a side chain is more vulnerable than any other part of bitcoin.
> Miners can't just invent awithdrawal out of thin air that will sustain for 3 to 6 months in public.
A majority miner can, and is incentivized to do so.
> but [you] are not showing how DC is so very different a side chain is more vulnerable than any other part of bitcoin.
Iām sorry I havenāt been clear. My argument has nothing to do with the machinations of the sidechain. It could be a spreadsheet. How consensus is achieved on the sidechain is immaterial.
My point is about the locked coin on mainchain. That coin may be unlocked and spent by a majority miner (51%āer) who votes to give it to themselves. They can do so by building otherwise normal, valid blocks, reaping mainchain fees and subsidy along the way.
Such an attacker cannot take mainchain Bitcoin in the traditional sense (locked by private key) in the same way. To steal traditionally locked coin, the attacker must rewrite history. But to drain a sidechain, no history rewriting is necessary, just regular, profitable, forward mining.
Hope this clarifies. š
>But to drain a sidechain, no history rewriting is necessary, just regular, profitable, forward mining. [By a 51%].
Ok, this is a little more clear.
Traditional 51% attack from the bitcoin wiki:
An attacker that controls more than 50% of the network's computing power can, **->for the time that he is in control,<--** exclude and modify the --->[forward] ordering of transactions. This allows him to:
Reverse transactions that he sends ---> while he's in control<---. This has the potential toĀ double-spend transactionsĀ that previously had already been seen in the block chain, affecting all coins that share a history with the reversed transaction
Reverse confirmations for any transaction that had previously been seen in the block chain ---->while heās in control.<-----
Prevent some or all transactions from gaining any confirmations [forward]
Prevent some or all other miners from mining any valid blocks
The attackerĀ can't:
Reverse other people's transactions without their cooperation (unless their coin history has been affected by a double-spend)
Prevent transactions from being sent at all (they'll show as 0/unconfirmed) [Drivechain M6]
Change the number of coins generated per block
Create coins out of thin air
Send coins that never belonged to him [DriveChain M6]
End
I think thatās what Iām saying, yes. By going through the motions (M3, 13150 M4s, M6), a 51% attacker can spend coins that donāt belong to them (drain the sidechain escrow). This is a new incentive that was not previously present for a 51% attacker on mainchain alone.
That's not how a Drivechain softfork would work though. It does not add some new ability to both hack the sidechain and give more power to do a 51% attack than already exists. It uses tools that already exist on bitcoin: merged mining, script contracts, miner fees. Lightning and liquid are both softforks that are as vulnerable to 51% and in the same ways as DC. DC democratizes Liquid and simplifies lightning (BMM no need for a seperate node).
Either these two projects and their vulnerabilites are useful, or they are an existential risk to Bitcoin.
Either Or.
Not
Either Or And Drivechain is bad.
In boolean terms.
> It does not add some new ability toā¦ hack the sidechain
It does though. The first paragraph of the BIP300 abstract:
> In Bip300, txns are not signed via cryptographic key. Instead, they are "signed" by hashpower, over time. Like a big multisig, 13150-of-26300, where each block is a new "signature".
āTransactions are āsignedā by hashpower.ā This is a direct quote. Enforcing these hashpower-signed transactions is the reason that BIP300 requires a softfork.
The ability to sign with hashpower is a new ability enabled by BIP300. This new ability is exploitable by a 51% attacker to take sidechain escrow.
Within the sidechain. Not main.
Notice the single quotes on either side of that word "signed" ? In the github version they are solid double quotes. Meaning, something like or similar to.
Bip300 does not sign a transaction the way you or several people use your keys to sign a transaction.
It's a vote over time ON THE SIDECHAIN, that some txn is valid. It's like saying changing from single round voting to 3 rounds of voting in a small town election, changes the outcome of national presidential election.
Bip300 ads one new Op code, with sidechain parameters and no mainchain affects for people not participating in it. It does not increase the number of bitcoins, it does not change the turing incompleteness of bitcoin script or break anything on chain.
It's going to happen, if you don't get it at this point i've spent enough time explaining, and wish you the best.
I mispoke here, the signing by hashpower is for an on chain transaction, for example pegging out from the side chain to main. But this process is a simple poll vote by miners over time. 51% or more of global hash dominance has no bearing on who gets to vote or how much their vote is valued. The FAQ describes it better.
> But this process is a simple poll vote by miners over time. 51% or more of global hash dominance has no bearing on who gets to vote or how much their vote is valued.
It absolutely does! A 51% miner has the privilege of mining 100% of blocks because they can afford to ignore anyone elseās. Therefore, under BIP300, a 51% miner CASTS ALL VOTES.
Apologies for the emphasis caps, but I want there to be no mistake. In #Bitcoin, a 51% miner doesnāt just mine 51% of blocks. They mine ALL of the blocks.
To use the specific nomenclature of BIP300 (had to reread, itās been a while), the majority miner (51% attacker):
1. Creates a withdrawal bundle (M3) either assigning themselves the coin, or sending all the coin to the fee (or any combination).
2. Mines otherwise regular, valid blocks using M4 signaling to vote for their own bundle(s), earning mainchain fees and subsidy along the way.
3. After 13150 blocks, includes an M6 transaction to sweep the locked coins and update the CTIP.
