Securing Longterm Value On A Sidechain

The future of sidechains is exciting to me. However, one thing about it has been bugging me. How can we ever expect a sidechain with much less mining power than Bitcoin to be secure from a 51% attack? I asked Pieter Wuille this question in person, and he shrugged and responded [paraphrasing] that every small coin basically has this problem.

I’m going to propose a simple solution to this problem which I call “Blind Anchoring”. Blind Anchoring allows for:

Funds held longterm (over 2–3 hours) are secured by the hashrate power of the Bitcoin network (or the most secure chain at the time). Short-term transactions (under 2–3 hours) are secured by the smaller hashrate of the smaller chain. No additional data has to be written to the Bitcoin blockchain. Miners on a small chain collect all rewards and fees for that chain. Every existing altcoin can implement this today with a soft fork.

A Little Background On The State Of Altcoins

There are currently 645 currencies listed on http://coinmarketcap.com/ , and many of them have the problem described above.

The Bitcoin blockchain is secured by “Proof of Work” (PoW), and it’s a massive amount of work. Currently, over 1 million U.S. households could be powered by the electricity used to mine bitcoins. An average single transaction consumes more electricity than 3.8 U.S. households for a day.

PoW altcoins are vulnerable to a 51%+ attack if a small percentage of Bitcoin mining power ever shifted to attacking them for a short time. This doesn’t happen often for a few reasons:

Most bitcoin miners simply aren’t interested in attacking altcoins. Bitcoin requires specialized mining hardware. Different hardware is required to optimize performance for different PoW algorithms.

Regarding point #2, many altcoins share the same PoW algorithm and can be mined on the same hardware. For example, Zcash and Zclassic both are mined using the equihash algorithm. Zclassic currently has about 2% of Zcash’s mining power.

Existing Solutions To This Problem (and drawbacks)

Merged Mining — (Incentivizes miners to do work for multiple chains. There are likely to still be massively dominant chains over smaller ones.) Blind Merged Mining — (Requires an additional opcode to be added to the main chain. Requires sidechain to bribe main chain miners to write additional data to the main chain).

How It Blind Anchoring Works

Every ZCL block stores the latest Merkle Root of a BTC block (simplified version)

The process for blind anchoring is very simple.

Every altcoin (or sidechain) block contains the Merkle Root of the latest Bitcoin block. Miners of a sidechain won’t fork a chain after N Bitcoin blocks (N is configurable: N=6, N=12, etc.).

To further guard against forks on the bitcoin network, it probably makes more sense to look a constant number of blocks back from the latest Bitcoin block. This could be 100, or even 1000 blocks back.

Why Satoshi Added Checkpoints To Bitcoin

Satoshi adds checkpoints to Bitcoin

People who have read the Satoshi whitepaper might assume a blockchain could get forked back to the genesis block with enough proof of work. Anyone who looks at chainparams.cpp will see a different story.

Bitcoin Hardcoded checkpoints

However, it’s also worth noting that a checkpoint has not been added to the Bitcoin source code since 2014. Bitcoin Core developers say that they hope to remove the checkpoints in bitcoin entirely.

For Bitcoin, it makes sense that people would want to avoid the low probability that a rogue developer might be able to sneak in an invalid checkpoint.

The process of adding hardcoded checkpoints each version is happening in many altcoins, however, such as Zcash or Zclassic.

Blind Anchoring to Bitcoin would be functionally equivalent to having a new checkpoint added every N bitcoin blocks (instead of waiting for a new software version every few weeks or months).

Request For Comments

As explained above, the process is very simple, and similar to things that have been done in the past like checkpoints.

Future Posts

With regards to sidechains, I’m discovering that the two-way peg (specifically on the return trip) is not exactly a solved problem. Though, here is a good place to get started.