Published on: 2019-02-01T09:19:00+00:00
In a recent discussion on the bitcoin-dev mailing list, ZmnSCPxj proposed a design for a proof-of-mainstake sidechain without any modifications to the Bitcoin mainchain. The writer suggests embedding sidechain block headers on the mainchain by spending the previous transaction, requiring authorization from the sufficient signatory set of stakers. Mainchain-to-sidechain requests are defined as indications that a mainchain coin owner wants to stake or transfer coins to the sidechain. The sidechain-to-mainchain withdrawals are left up to the sidechain to define.The writer also discusses the possibility of a revealed private key for time-locked funds creating a race to spend and suggests that races could be won by bidding up fees if Bitcoin had implemented RBF properly. The context further explores the security features of staking in sidechains, where miners can claim the stake themselves due to the public knowledge of the private key. However, it becomes unlikely for the staker to win unless they possess significant mining hash power. The integrity of the sidechain is proportional to the attacker's share of the Bitcoin hashrate. The storage of Bitcoin moved to the sidechain can be stolen if 67% of the stakers collude.A discussion on the bitcoin-dev mailing list suggests using fixed R values derived through standard hierarchical derivation to prevent multiple signatures in Bitcoin sidechains. The staking pubkey would be revealed as `staking_pubkey = P + hash(P || parent_R) * G`, with the specific R value obtained from hierarchical derivation using parent_R and the blockheight as an index. The potential downsides and impact on blockweight are still unclear.In a separate thread, the discussion focuses on Matt Bell's design for Bitcoin sidechains using the Tendermint BFT consensus protocol. The design is similar to Blockstream's Liquid sidechain and seeks feedback from the community. The source of voting power for the sidechain network is a topic of debate, with suggestions including time-locked Bitcoin and UTXOs on the Bitcoin blockchain. ZmnSCPxj proposes using fixed R values to prevent multiple signatures and introduces the concept of "mainstake," where UTXOs on the Bitcoin blockchain are used as the source of stake for voting power.In an email sent to Matt Bell via Bitcoin-dev, ZmnSCPxj proposed an idea called "mainstake," which involves using UTXOs on the Bitcoin blockchain as stakes for voting power. This approach is seen as more secure than having a blockchain with its own token that is self-attesting. The same script proposed by Bell for sidechains could be used for mainstake. Bell, who has been working on a design for Bitcoin sidechains using the Tendermint BFT consensus protocol, welcomes feedback about improvements or critical flaws in his design. The Tendermint consensus is commonly used to build proof-of-stake networks and is similar to Blockstream's Liquid sidechain, known for its "strong federation" consensus.The sidechain network may accept potential stakers on the mainchain if they prove the existence of a mainchain transaction. The value of this output would then be used as the weight of the vote of that stake. The designer acknowledges that there may be an issue with the fact that the Bitcoin itself is not slashable, but their voting power is. However, their UTXO can be blacklisted, making their attack costly as they lose out on the time-value of their stake.While the current thinking for the source of stake is to pay out stake to Bitcoin merged-miners, the designer is interested in exploring the idea of using time-locked Bitcoin as stake. The GitHub repository contains a simplified implementation of this sidechain design. For further details and a comprehensive understanding of the design, please refer to the design document available at https://github.com/mappum/bitcoin-peg/blob/master/bitcoinPeg.md.
Updated on: 2023-08-02T00:24:58.034506+00:00