[bitcoin-dev] Two Drivechain BIPs

Chris Stewart chris at suredbits.com
Mon Dec 4 20:11:13 UTC 2017

>As far as I can tell there is no opportunity cost to casting a malicious
vote, no repercussions, and no collective action barrier that needs to be

There is another interesting analysis on BMM and drivechains from /u/almkglor
on reddit
I'm going to share here for visibility.

The problem with drivechains and blind merged mining is the disconnect
> between voting and "blind" merge mining. With BMM, a miner can do:
>    1. Not accept BMM, not vote.
>    2. Not accept BMM, operate their own sidechain node, mine sidecoin,
>    and vote correctly.
>    3. Not accept BMM, always upvote (i.e. allow theft).
>    4. Not accept BMM, always downvote (i.e. strangle).
>    5. Accept BMM, not vote.
>    6. Accept BMM, operate their own sidechain node, and vote correctly.
>    (not mine sidecoin directly: they get paid in maincoin by sidecoin-only
>    miners).
>    7. Accept BMM, always upvote (i.e. allow theft).
>    8. Accept BMM, always downvote (i.e. strangle).
> 3 and 7 will mean that non-verifying miners will be (inadvertently)
> complicit in theft. Drivechains have 1008-block cycles ostensibly to
> protect against theft, so that someone can "raise the alarm" and tell
> miners to downvote a particular theft withdrawal, but that sounds too much
> like centralized collusion to me.
> Strategy 8 will dominate over strategy 6, since the miner does not have to
> run a sidechain node (reduced cost) while still earning the same as
> strategy 6.
> Strategies 5->8 are all strictly superior to 1->4, so BMM does not really
> change anything: strategy 8 (equivalent to strategy 4 if BMM is not
> implemented) will still choke strategy 6 (equivalent to strategy 2 if BMM
> is not implemented)
> It seems Drivechain's security model is: miners always upvote by default.
> If a theft withdrawal is done on the mainchain, some sidechain nodes call
> up their miner friends (which makes me worry about miner centralization) to
> downvote it instead.
> The problem is: what if after a theft withdrawal is defeated, another
> theft withdrawal is done? And another, and another? This weakens the peg:
> while a theft withdrawal is on-going, a genuine withdrawal can't be posted
> (at least as I understand Sztorc's explanation). This chokes the sidechain
> withdrawal.
> The difference from maincoin is that attempts to choke the block are
> somewhat costly and a maincoin user can offer a higher transaction fee to
> beat the spam. If side->main is choked, no amount of sidecoin can be
> offered to beat the spammed theft transactions.
> I don't know, it seems like very weak security to me.
TLDR: a miner is most profitable if he always accepts BMM bribes, but
downvotes withdrawal transactions (WT). This obviously isn't ideal because
a withdrawal will never occur from the drivechain if enough miners employ
this strategy -- which seems to be the most profitable strategy.


On Mon, Dec 4, 2017 at 1:36 PM, Chris Pacia via bitcoin-dev <
bitcoin-dev at lists.linuxfoundation.org> wrote:

> I think you are missing a few things.
> First of all, I think the security model for sidechains is the same as
> that of every blockchain
> People will say things, like "but with sidechains 51% hashrate can steal
> your coins!", but as I have repeated many times, this is also true of
> mainchain btc-tx.  is something else?
> There are substantial opportunity costs as well as a collective action
> problem when it comes to re-writing the mainchain.
> Is there anything similar for drivechains? As far as I can tell there is
> no opportunity cost to casting a malicious vote, no repercussions, and no
> collective action barrier that needs to be overcome.
> Unless I'm missing something I wouldn't liken the security of a drivechain
> to that of the mainchain.
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev at lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20171204/dd24792f/attachment-0001.html>

More information about the bitcoin-dev mailing list