[Bitcoin-development] 2-way pegging (Re: is there a way to do bitcoin-staging?)
Jorge Timón
jtimon at monetize.io
Sun Mar 16 23:22:32 UTC 2014
Some comments.
On 3/16/14, Adam Back <adam at cypherspace.org> wrote:
> 6. a fraud proof is an SPV proof with a longer chain showing that the proof
> of burn was orphaned.
As discussed, "reorg proof" it's a more appropriate term since the
reorg can happen without any fraud. It also prevents the term from
being confused with the fraud proof that auditors (full nodes that
can't create blocks) produce for private chains.
> Apart from pegging from bitcoin to a side-chain, if a private chain is made
> with same rules to the side-chain it becomes possible with some
> modifications to the above algorithm to peg the side-chain to a private
> chain. Private chain meaning a chain with the same format but signature of
> single server in place of hashing, and timestamping of the block signatures
> in the mined side chain. And then reactive security on top of that by full
> nodes/auditors trying to find fraud proofs (rewrites of history relative to
> side-chain mined time-stamp or approved double-spends). The reaction is to
> publish a fraud proof and move coins back to the side chain, and then
> regroup on a new server. (Open transactions has this audit + reactive
> model
> but as far as I know does it via escrow, eg the voting pools for k of n
> escrow of the assets on the private server.) I also proposed the same
> reactive audit model but for auditable namespaces [4].
>
> Private chains add some possiblity for higher scaling, while retaining
> bitcoin security properties. (You need to add the ability for a user to
> unilaterally move his coins to the side-chain they came from in event the
> chain server refuses to process transactions involving them. This appears
> to be possible if you have compatible formats on the private chain and
> side-chain).
In this case you can't require a side chain proof of burn to move back
to the side chain or the funds could be locked by the dishonest
private chain operator (accountant in freimarkets[1] terminology). By
allowing unilateral withdrawals, you impose on the private chain the
task of observing the side chain looking for double-spends, censoring
those transactions or maybe updating its committed utxo when it has
proofs that the coins have been withdrawn.
[1] http://freico.in/docs/freimarkets.pdf
https://github.com/jtimon/freimarkets/blob/master/doc/freimarkets_specs.org#private-ledgers
--
Jorge Timón
http://freico.in/
More information about the bitcoin-dev
mailing list