Author: Russell O'Connor 2017-06-29 01:09:27
Published on: 2017-06-29T01:09:27+00:00
The email conversation between Chris Stewart and Russell O'Connor discusses the use of a new opcode, OP_BRIBEVERIFY, which would allow for the Blind Merge Mining (BMM) of sidechains in Bitcoin. This means that different factions of the community can realize their own separate vision on a blockchain that is interoperable with the Bitcoin blockchain and use Bitcoin as a 'reserve currency' for their own network. The proposed op code will allow users to bribe miners to include a hash in the coinbase transaction's output without necessarily following the sidechain.There is a competition as to which Bribe TXO is included per coinbase slot, but the losing set of Bribe TXOs can be included in later blocks. The proposal is meant to address the BMM process of drivechains and not the withdrawal process from drivechain -> bitcoin. Russell suggests using a 0 output value with some currently non-standard OP_RETURN output script that specifies the critical hash, which would allow sidechain-miners to bribe mainchain-miners by paying a transaction fee if the transaction containing this OP_RETURN is included in a block and committed to by a mainchain-miner in the Merkle tree root.ZmnSCPxj suggests an alternate proposal that sidechains and altcoins that want to do "blinded" merge mining can use without a softfork. In his proposal, when a sidechain-node wants to know the consensus, it downloads mainchain-blocks and looks for OP_RETURN's. When a sidechain-miner wants to create a side-block, it generates a new cons-pair and creates an OP_RETURN transaction for it, paying a mainchain-miner to include it in the next mainchain-block.Chris Stewart agrees that his commitment scheme is flawed but he is looking for ways to fix it. He considers manipulating a coinbase transaction into spending these OP_BV outputs, but according to instagibbs, we cannot have coinbase transactions spend any outputs in previous blocks without a hard fork. Another way we could fix this is by fixing the drivechain indices. Therefore the mining rewards and witness commitments must not occupy one of those indices -- but can occupy any other indice in the coinbase output.The commitment structure requires that the miner's coinbase reward be at index 0 in the coinbase transaction's output vector and fixes the witness commitment output to be at index 1 of the coinbase transaction's output vector. The commitment is recorded in a scriptPubKey of the coinbase transaction and must be at least 34 bytes in size. The proposed OP_BRIBEVERIFY op code reads two arguments from the stack, the stack top being the sidechain id for which the user is attempting to blind merge mine for and the next element being the block hash. The BRIBEVERIFY program has a standard format which includes pushing the following 32 bytes, the block hash and the sidechain id.The proposed op code checks to see if the hash in the block matches the hash inside of the BRIBEVERIFY program and if the hashes match, the OP_BRIBEVERIFY acts as an OP_NOP. If the comparison between the two hashes fail, the script fails. The motivation behind this proposal is the contentious political climate of Bitcoin and the differing visions of what Bitcoin is. The proposed op code allows sidechains to be merged mined against Bitcoin without burdening Bitcoin miners with extra resource requirements.Credit is given to Paul Sztorc for the original idea of Blind Merge Mined sidechains and to CryptAxe for writing the foundational layer of software for drivechains so that OP_BRIBEVERIFY could be implemented. The document is placed in the public domain. Deployment details are yet to be announced.
Updated on: 2023-06-12T03:06:39.657614+00:00