En oversikt over avveiningene for forskjellige sidekjedeimplementeringer

Dette er en meningsredaksjon av Shinobi, en selvlært pedagog i Bitcoin-området og teknologiorientert Bitcoin-podcastvert.

This article is the last in a series diving into the major sidechain designs that exist for Bitcoin. It is highly recommended to read the preceding pieces before this: (1) Romkjeder(2) Spacechain Use Cases(3) Myke kjeder(4) Drivkjeder(5) Forenede kjeder.

What are sidechains in a nutshell? Blockchains that allow you to move your bitcoin from the Bitcoin blockchain to this other sidechain. Therein lies the issue and the difficulty with designing a sidechain — you can’t actually do that. You can’t move bitcoin from the Bitcoin blockchain to another blockchain; that’s not possible because the only place your bitcoin actually exists is on the Bitcoin blockchain. They can’t actually exist anywhere else. All that is really possible to do is to lock your bitcoin in some way on the Bitcoin blockchain and then create other tokens on a different chain to represent those bitcoin. The highest aspiration of a sidechain is to do so in a way where it is verifiable that these tokens only exist 1:1 with real bitcoin (easy), and where the only way to unlock bitcoin on the mainchain in any situation is to verifiably lock tokens you legitimately control on the other chain (very hard to do in a trustless way that doesn’t make bitcoin itself more expensive to verify).

Almost all the difficulties around designing a sidechain come down to how this locking and unlocking mechanism is designed: how locking them works, what conditions are required to unlock them and how those conditions are verified and enforced. One-way mechanisms, where you can only lock coins and never unlock them, are trivially simple. Just burn some bitcoin with OP_RETURN and require verifying that to mint tokens on the new chain and you’re done. Two-way mechanisms, supporting both locking and unlocking, are a lot more complicated. So far there is no designed two-way mechanism except ones that increase the validation cost of the main Bitcoin blockchain (softchains), or ones that introduce new trust assumptions on the security of coins locked “in the sidechain” (drivechains and federated chains).

The holy grail of sidechains is a mechanism for locking and unlocking coins that does not require any trust to enforce it, and that does not increase the validation costs of the main Bitcoin blockchain (i.e. a single sidechain interaction with the mainchain is no more expensive, give or take, to verify than a single Bitcoin transaction). Currently nothing accomplishes that, so time to go through the downsides.

Gruve sentralisering

All of the different designs I’ve gone through, except for Liquid, in one way or another depend on Bitcoin miners to provide security for the sidechain. RSK, even though it is a federated peg, still uses Bitcoin miners. Softchains could in theory use something else, but if it did not provide as much proof-of-work (PoW) security as Bitcoin miners, then it would be opening the Bitcoin blockchain up to denial-of-service (DoS) attacks. So, in reality, if a softchain were deployed, it would use Bitcoin miners. Spacechains PoW is based explicitly on Bitcoin miners confirming a commitment transaction for the sidechain. Drivechains are specifically designed for merge mining by Bitcoin miners. There is no escaping getting miners involved in sidechains if anything more except a pure federated sidechain is all that is ever deployed.

En klar forskjell må gjøres før man går inn på denne risikoen: forskjellen mellom gruvearbeidere selv (maskinvareoperatører) og gruvekoordinatorer (pooler; nodekonstruerende blokker). Bassenger er nødvendig for å samle inn en belønning regelmessig hvis du ikke har en veldig betydelig mengde fysisk gruvemaskinvare og er et legitimt punkt for sentralisering. Mining sentralisering / desentralisering er ikke et enkelt tema (mer her.) and there are important nuances in how different aspects of mining being centralized interact with other aspects of mining. Without mining pools, a miner’s income is a totally erratic, unpredictable revenue stream. This in, combination with the very real risk of potential regulation of mining pools in future (they are a custodial entity; they custody users’ funds until withdrawal), makes mining pools a very dangerous point of centralization for the space.

Miners have to validate the blockchain in order to mine, regardless of whether or not this function is outsourced. Without validating the chain, they have no clue whether the block they are mining contains only valid transactions; all it takes is a single invalid one to invalidate the block they find and lose them all the money they could have earned. This requirement for validation is, however, not the reason mining pools are used: it’s the predictability of rewards. A miner with 1% of the hashrate will only very rarely find a block and collect the whole reward, while a miner with 1% of the hashrate using a pool will regularly collect roughly 1% of the block reward that the pool collectively earns. The validation cost is tiny. The reward predictability is the selling point, which is why utviklere prøver å finne en måte å få de samme fordelene uten å kreve en sentralisert pool. Dette vil tillate gruvearbeidere å ikke være avhengige av en sentralisert enhet som har kontroll over hvilke transaksjoner som går inn i en blokk.

Now imagine if the validation costs were higher. There is no limit to the number of spacechains that can be created. And while they are not pegged to bitcoin in price like other designs, any of them that holds a significant value would be worth it for mining pools (and miners) to run in order to gain more money. Miners who did so would be more competitive than those who didn’t, and if mining in the long term becomes an industry with razor-thin profit margins, this effectively becomes a requirement to mine these other chains. If you don’t you aren’t profitable. Miners who do run them can drive costs higher for miners who don’t and still profit, driving the others out of business.

Also remember, there is no limitation on the validation costs of a sidechain. It can be very costly to validate some cryptographic functions, arbitrary complexity like Ethereum or even full-on gigablock stupidity like BSV. Softchains have the exact same risk, in addition to increasing the validation cost of regular users running full nodes. The only “saving grace,” if you want to call it that, is the requirement to activate a single sidechain at a time with a unique softfork. That at least means that each individual proposal and its validation cost will be heavily scrutinized before being activated.

Drivechains? They claim to solve this issue, but the reality is they don’t. The notion of a drivechain is that the block creator winds up paying most of the fees to miners to have their block mined, keeping only a small portion for themselves. That small portion in a world of razor-thin profit margins is more profit that can be had, which again comes back to being able to drive other miners out of business if you do it yourself. Even if you assume drivechain block creators keep none of the fees for themselves, giving 100% to miners, why would they do this if there was not some other aspect of this sidechain that they can monetize? That’s likely a form of Miner utvinnbar verdi (MEV) som gruvearbeidere kunne tjene penger på, med samme sentraliserende effekt. På lang sikt vil enhver type desentralisert gruvebasseng måtte involvere gruvearbeidere som driver alle disse sidekjede-nodene i tillegg til en hovedkjede-node, noe som kan ende opp med å bli et veldig urealistisk prospekt for småskala gruvearbeidere. Det ville sette et kunstig gulv som begrenser hvor desentralisert gruvedrift kan være.

Only federated sidechains avoid this centralizing effect on Bitcoin mining because they in no way interact with miners, except by virtue of paying miner fees on transactions pegging coins out of the sidechain.

Risikoen ved knagger og konsensus

The process of how sidechains are mined presents risks to mining centralization and the process of how coins are locked and unlocked from a sidechain peg can present risks to consensus. Federated pegs and one-way pegs do not present a serious risk to consensus. In the case of a federated peg, because it is fundamentally not any different than a custodial exchange — you can deposit to and withdraw from them — it does not have any fundamental interaction with the consensus process that exchanges do and so presents no new risk. One-way pegs are simply a way to burn your bitcoin and make them irrecoverable. This is not a risk or interference in consensus. Softchains and drivechains, however, both in different ways present risks to Bitcoin consensus.

Softchains present a very clear consensus risk to the main Bitcoin network. Firstly it raises the cost of validation per softchain added for mainchain-only nodes, and depending on the size of blocks or complexity of rules to validate this, can be a marginal increase or a quite drastic increase. Secondly, any consensus split due to a non-deterministic bug could affect the mainchain. Such a feilen var årsaken til kjededelingen that occurred in 2013. Due to how the database Bitcoin uses to handle reading and writing data works, some nodes would “run out of” times they could read and write data and invalidate an otherwise invalid block. Because these operations were limited based on individual computer resources, there was no consistent situation that would cause this, as each individual node’s resources are different.

Such an incident on a softchain presents a consensus risk to the mainchain because of how they are intertwined. Lastly, how the difficulty requirements are defined for mining a softchain can have huge implications for the validation cost of mainchain-only nodes. Any detection of a softchain chainsplit triggers downloading and validating every block down to the root of that chainsplit, which, depending on the validation costs of a specific softchain, could create a massive validation increase for mainchain nodes. If the mining difficulty is or can even be allowed to be too low of a percentage of the total Bitcoin hash rate, it could become very cheap to attack Bitcoin creating chainsplits on the softchain just to increase mainchain node costs.

Drivkjeder utgjør en mer subtil risiko for konsensus. Som diskutert ovenfor har de faktisk dynamikk som andre sidekjededesigner som skaper press som ytterligere sentraliserer gruvedrift. Dette samhandler veldig dårlig med det faktum at tappen i hovedsak bare er gruvearbeidere som har total kontroll over myntene i drivkjeder; et flertall av dem kan effektivt gjøre hva de vil med mynter låst i drivkjeder. Sikkerheten til alle mynter på drivkjeder avhenger av at gruvearbeidere er desentralisert nok til å gjøre 51 % angrep upraktisk, men skaper samtidig press som sannsynligvis vil øke sentraliseringen av gruvedriften på lang sikt.

Hvis en slik dynamikk spiller ut med drivkjeder og gruvearbeidere stjeler mynter fra tappen, er det bokstavelig talt ingen mulighet for brukere av den sidekjeden bortsett fra en brukeraktivert myk gaffel (UASF) for å ugyldiggjøre den knaggen. Dette ville være en helt annen dynamikk enn den forrige UASF; i 2017 spilte brukere i hovedsak et spill kylling der de ville ha mynter på begge sider av gaffelen. Begge alternativene var tilgjengelige for personer som støttet en UASF. I tilfelle en UASF for å stoppe drivkjedetyveri, vil ikke brukerne ha begge alternativene tilgjengelig. Bare på UASF-siden av gaffelen ville de ha mynter; på den gamle kjeden ville de ikke ha noe. De har bokstavelig talt ikke noe insentiv til å komme tilbake til den gamle kjeden hvis UASF mislykkes og resulterer i en kjededeling.

Some even argue that miners should attack certain “bad” sidechains (though it’s not certain what constitutes “bad” in a sidechain). If drivechains were widely adopted, this entire dynamic could fragment the Bitcoin blockchain and dilute its network effect. People victimized by a drivechain theft have every incentive in the world to keep a fork going, as letting it die means they have lost everything.

Wrap Up

It would be remiss of me to not mention federated sidechains in this piece; they do not present direct threats to Bitcoin consensus like other designs, but by their nature are effectively a trusted system. Users of such systems should consider deeply whether the utility offered by such systems are worth the trade off in security model, and whether the federation operating the system is trustworthy enough to hold custody of their funds.

In the end, no currently proposed sidechain design comes close to fulfilling the original promise of sidechains laid out in the original 2014 paper. They all either fail to provide the level of security desired in a pegging mechanism to move between chains or present risks to the main Bitcoin network itself. Maybe one day things like zero-knowledge proofs could provide a way to design a peg that does not impose increased validation costs on mainchain nodes like softchains, or not require new trust assumptions like drivechains or federated chains in terms of the security of users’ funds. But as of now, no such concrete design exists. If you think truly trustless sidechains are an important improvement for Bitcoin, hopefully one day the technology to implement them will be developed, but currently nothing in existence has come close.

Dette er et gjesteinnlegg av Shinobi. Uttrykte meninger er helt deres egne og reflekterer ikke nødvendigvis meningene til BTC Inc eller Bitcoin Magazine.