Thoughts on Sidechains

Who is blockstream and what exactly are sidechains?

Blockstream is a company that recently raised $21M and has a bunch of bitcoin core developers as founders.

Their master plan is to extend bitcoin in ways that make it more expressible and open. The first part of this plan is to implement a proposal called sidechains, which is an idea for allowing bitcoin to interoperate with altcoin blockchains. The scheme requires forking changes to both the bitcoin protocol as well as the addition of special logic into any altcoin wishing to act as a sidechain.

“Interoperable blockchains” means I could create a sidechain-enabled altcoin, lets call it FOO, that can be 2-way-pegged to BTC instead of mined. This means people can buy/sell FOO at a fixed BTC rate (without exchanges) by sending special transactions to both the FOO and bitcoin blockchains. What does this get us? Firstly and foremost, I can incorporate almost any crazy rules I want to into FOO-coin without getting anyone’s permission or coordination (whereas rule changes to bitcoin would require miner consensus and potentially systemwide client updates) yet FOO is pegged to BTC so there is no need to worry about distribution or exchange rate issues. In theory sidechains make ideal labs for cryptocurrency experimentation.

What if the FOO sidechain has a flaw enabling it to be counterfeited. Wouldn’t this flaw leak into the bitcoin economy as people start selling tons of counterfeit FOO for BTC?

The sidechains proposal accounts for this. Bitcoin will track how much BTC has been converted to FOO and this places a strict limit on how much FOO can be converted back to BTC. A counterfeiting “leak” would only have the effect of destroying the value of FOO.

Is the sidechains proposal technically sound?

It’s worth stepping back and splitting up the question into “is the goal of what they are trying to do possible?” and “is the proposal in the paper they published workable?” I’m enthusiastic about former and lukewarm on the latter. However, the blockstream team is crackerjack enough that if a goal of theirs is technically possible, it’s unwise to bet against them realizing it long term even if the current proposal is ugly.

What they are trying to do is have the bitcoin blockchain be the “one PoW-based blockchain to rule them all”. IMHO this is a good thing because (big picture) if you aren’t on the PoW blockchain that the most work is being devoted to (regardless of algorithm), you are probably asking for trouble security-wise. Sidechains will also make it vastly easier to stage proposed changes to the bitcoin core protocol. However, I do have concerns with the sidechains proposal related to merged-mining.

What’s merged-mining and how does it relate to sidechains?

Merged-mining is a PoW-based consensus mechanism used by some altcoins (e.g. namecoin) that allows bitcoin miners to mine that altchain simultaneously with bitcoin at zero extra cost (other than the cost of running a node for that altcoin). Some large mining pools elect to merge mine a few other currencies because it makes them eligible for block rewards on all chains. It’s like being able to use your lottery ticket in multiple states lotteries at the same time. At the moment there are only 3 coins with any real level of [bitcoin] merged-mining hashpower: Namecoin (52%), Ixcoin (38%) and Devcoin (32%) [1]. Close to half of the hashpower of the latter two is due to the merged mining of a single pool operator (ghash.io).

IMHO realistically all sidechains will have to rely on merged-mining for consensus [2]. In a non-sidechain altcoin an attacker with sufficient hashpower can arbitrarily censor (or totally halt) transactions as well as double spend coins under his control. In the sidechains scenario the situation is much worse: an attacker can not only halt transactions but steal all the bitcoins backing the sidechain (or halt transfers between the altcoin and bitcoin). To be fair, the sidechains paper throws out several tentative ideas on how to incentivize honest behavior; however, none strike me a terribly workable. In particular, their ideas involving miner susidies on the altchain requiring abandoning the symmetry of the 2-way-peg seem to obviate a lot of the motivation for sidechains in the first place.

If you want to create a sidechain and your only realistic consensus option is merged-mining and you don’t want to get robbed, then you need a significant percentage of the bitcoin hashpower to merge-mine your coin. As others have pointed out, “Permissionless innovation” isn’t really “permissionless” if it requires getting a large percentage of bitcoin miners to merge-mine your coin. There’s only one merged-mined coin that’s managed to clear 50% of the bitcoin hashpower: namecoin, which coincidentally is the first major alt to implement merged mining and has been around for over 3 years.

That said, it’s not clear even 50% would be sufficient. One bitcoin mining pool operator, Luke Dashjr, (who also happens to be one of the co-authors of the sidechains paper, although not a blockstream founder), in early 2012 attacked (to death) a thinly merged-mined altcoin he found obnoxious. Due to the nature of how merged mining works he was able to mount this attack without disrupting his pool’s bitcoin mining and without informing or asking the consent of pool contributors. In his defense the altcoin attacked was arguably obnoxious; however, this incident vividly demonstrates the plausibility of merged-mining related attacks orchestrated by small groups or individuals. Given the centralizing forces at work in the bitcoin mining ecosystem and the vastly larger incentives for attacking merged-mined sidechains (i.e. being able to steal all the bitcoins backing the sidechain), I reiterate my concern that sidechains will find it difficult to recruit sufficient hashpower to secure themselves.

Does blockstream have the technical/political clout to get sidechains adopted?

IMHO, Yes. The politics surrounding governance of changes to the bitcoin core protocol is a book waiting to be written, but my short answer is I could see the changes they are proposing being introduced by 2016-2017. They also have ghetto ways of demonstrating it’s feasibility before that time that do not require forking protocol changes (a scheme they refer to in their paper as a federated peg, which IMHO could happen as soon as early 2015).

What does this mean for the altcoin ecosystem and altcoin investors?

Pervasive adoption of sidechains would definitely put a damper on altcoin speculation. In fact, the blockstream founders have explicitly stated they see sidechains as a mechanism for “innovation without speculation” (aside from bitcoin speculation of course) and a subset of the blockstream team are arguably altcoin haters.

Sidechains will makes it harder for an alt to accrue value on the merits of many categories of innovation. Since all serious altcoins are open source anyone can create a sidechained fork of an altcoin that isn’t already a sidechain. People are already talking about trying to do this with Ethereum and many are arguing Zerocash should be implemented this way as well (although neither of those two has announced an intention to).

However, I see three major reasons why sidechains (assuming they work) won’t spell the end of all altcoins:

It’s not clear PoW-based consensus is the last and only word in cryptocurrency consensus. It has known problems and almost all alternatives invented since are incompatible with sidechains. Systems based on these alternative consensus mechanisms are largely immune from being sidechain-forked for this reason. Examples include Proof-of-Stake currencies (e.g. NXT, BitsharesX) as well as mechanisms resembling more traditional Byzantine consensus protocols (e.g. Stellar, Ripple). Certain coins embody a thesis that the initial distribution of coin holders matters greatly to the probability of ultimate widespread adoption. Altcoins attempting novel coin distribution mechanisms don’t make sense as sidechains since an altcoin that elects to sidechain no longer has explicit control over distribution (it’s coins are only created and destroyed by the 2-way-pegging mechanism). Examples of coins with novel distribution strategies include Auroracoin (they tried to distribute half the coins to the entire population of Iceland … failed) and Stellar (they are in the process of attempting to initially give them away to everyone on the planet). Another factor to consider is that altcoin developers / early adopters are in part economically motivated and the economics favor creation of an independent currency over a sidechain. For example, it is unlikely Ethereum would have had access to the level of crowd-funding or talent had they not decided on a independent currency approach. A sidechain fork may be uncompetitive with an otherwise-identical independent cousin if the devs of the sidechain are merely copypasta opportunists hacks in comparison to the original team.

Where does this leave Ethereum?

If you really want to experiment with innovative cryptocurrency ideas that don’t relate to new consensus or distribution mechanisms and would rather have both of those issues abstracted away, IMHO you will be better off implementing your idea as as subcurrency (or smart contract) of Ethereum (once it launches) than as a sidechain. Ethereum is explicitly designed as a platform for cryptocurrency innovation. You would be spared from having to convince half the mining world to merge-mine your altchain and you can implement arbitrarily complex network-enfoced rules for convertibility to/from your new subcurrency and the network’s parent currency, ether (ETH).

One possible scenario I could see emerging is a bitcoin sidechain based on an ethereum-fork gets a large majority of bitcoin miners to merge-mine it (thus actually securing it) and then everyone could do their cryptocurrency experimentation on this sidechain. However, in light of point 3 in my last section, it would be interesting to see how such a scenario would ultimately play out.

Notes

[1] Percentages are current as of 2014-12-18.

[2] The sidechains authors will likely disagree with me here, but I challenge them to cite a compelling alternative decentralized consensus mechanism. Picking a different PoW algorithm, (e.g. scrypt) I view as a short-term dodge. I can see how centralized consensus schemes would work with sidechains; however, if you are OK with centralized consensus there are likely much more efficient ways to go about your business than using sidechains.

Futher Reading