Author: Matt Bell 2019-01-24 18:46:11
Published on: 2019-01-24T18:46:11+00:00
In the context provided, it is mentioned that miners can claim the stake for themselves as the private key is public knowledge. This is a security feature since it would not be economically feasible for a miner to accept a bribe from an attacker as it would have to be less than the stake amount. However, it becomes unlikely for the staker to win unless they already possess a significant mining hash power. If the staker has significant hash power, the Bitcoin layer itself is at risk, let alone sidechains built on top of it.The likelihood of a successful attack is proportional to the attacker's share of the Bitcoin hashrate, and the integrity of the sidechain essentially has the same level of security as the Bitcoin main chain. However, Bitcoin moved to the sidechain can be stolen if 67% of the stakers collude, which weakens the storage of funds to some degree.Further discussion in the context includes a conversation between Dustin and ZmnSCPxj regarding the revealed private key for time-locked funds. ZmnSCPxj mentions that if Bitcoin had implemented RBF properly, such races are won by bidding up fees. A random person who is not the original staker would be willing to pay miners a fee up to the entire staked amount minus dust limit satoshis. In contrast, a staker would be far less willing to pay a fee like that, giving the random person slashing the funds a significant advantage in that race.Finally, ZmnSCPxj discusses another possibility for deriving R values using standard hierarchical derivation. The staking pubkey must be revealed to the sidechain network as actually being staking_pubkey = P + hash(P || parent_R) * G (possibly with some trivial protection against Taproot). To sign for a blockheight h, you must use your public key P and the specific R derived from hierarchical derivation from parent_R and the block height as the index.
Updated on: 2023-06-13T16:42:56.982918+00:00