Author: Jorge Timón 2014-11-03 17:32:31
Published on: 2014-11-03T17:32:31+00:00
The conversation between Alex Mizrahi and an unknown person on Nov 3, 2014 discusses the security model of sidechains. Alex argues that anyone with sufficient hashpower can unlock a locked coin on the parent chain by producing an SPV proof. However, if the majority of the sidechain miners keep working on the honest chain, anyone can submit a reorg proof during the contest period that invalidates this "unlockment" on the parent chain. Honest sidechain miners will get rewarded in the sidechain, and those rewards will only be valuable if they form a shared valid history. The security model is not exactly the same as Bitcoin's, but it is similar in many senses. The security of sidechain depends on the assumption that an attacker won't control a majority of the network. Sidechains, like Bitcoin itself, relies on this assumption, and Satoshi's paper just says that p must be greater than q. The main thrust of the paper surrounds two-way peg using SPV proofs, which are forgeable by a 51%-majority and blockable by however much hashpower is needed to build a sufficiently-long proof during the transfer’s contest period. If an attacker controls, say, 10% of the network, he's losing 525.6 btc/year in opportunity costs for an extremely small chance of getting 1000 btc. Thus, proof of work is not free, that's the whole point of proof of work.The conversation also highlights another problem with the security of sidechains: a fraudulent transfer can happen without a reorganization, as an attacker can produce an SPV proof which is totally fake. So this is not similar to double-spending, and the attacker doesn't need to own coins to perform an attack. However, if honest miners control the majority of the hashing power, they will produce a valid chain longer than the fake chain. And then anyone can use that reorg proof to stop the attacker before the contest period. "SPV security" is not the same as "SPV security with more than 52560 confirmations of the transaction I'm receiving".
Updated on: 2023-06-09T03:22:27.970603+00:00