Could sidechains be the enabler of “semi-decentralised” Bitcoin products and services?

An important paper was published this week:

If you’ve followed Bitcoin for any time, you’ll know this is a seriously eminent group of authors

It describes a way to build “pegged sidechains”. Sidechains themselves are not new – the idea, and how to build them, has been discussed for some time and the key breakthrough was outlined earlier in the year. But this paper gives more detail on the concept and has attracted a lot of comment.

But what are they? And why should anybody care?

A mental model for Bitcoin

The key to understanding most innovations in the Bitcoin space is to make sure you have the right mental model for how Bitcoin itself works. It turns out that most people I speak to don’t really understand how it works and, as a result, have a faulty mental model.

To help with this, I came up with an analogy for Bitcoin earlier in the year, based on thinking of Bitcoin “unspent transaction outputs” as parcels of land. Some people hated the analogy but I still think it has value 🙂

But in this piece, I’ll skip the analogy and net it down to the basics.

First, clear your head of anything related to money, currency or payments. And clear your head of the word ledger, too. The mind-bending secret of Bitcoin is that there actually isn’t a ledger! The only data structures that matter are transactions and blocks of transactions. And it’s important to get this clear in your head if sidechains are going to make sense.

When you “move” Bitcoins, what you’re saying is:

Hello everybody… I’d like to move these specific Bitcoins, please.

Here is the proof that I am entitled to move them

And here is how the recipient will, in turn, prove that they are entitled to move them.

The critical three parts of a Bitcoin transaction

There are several important points here:

Bitcoins are not perfectly fungible… when you move (or spend) them, you’re spending some specific bitcoins In order to spend them, you have to prove you’re entitled to do so. And you do that by providing the solution to a challenge that was laid down when they were sent to you in the first place. This challenge is usually just: “prove to the world that you know the public key that corresponds to a particular Bitcoin address and are in possession of the corresponding private key”. But it can be more sophisticated than that. When you send Bitcoins somewhere, you lay down the challenge for the next owner. Usually, you’ll simply specify that they need to know the public and private keypair that correspond to the Bitcoin address the coins were sent to. But it can be more complicated than that. In the general case, you don’t even know who the next owner is… it’s just whoever can satisfy the condition.

Keep saying the three steps to yourself until they’re etched on your memory!

Fine. So the “grammar” of a Bitcoin transaction is clear: “Here are the coins I want to move, here’s the proof I’m entitled to and here’s what the recipient must do, in turn, if they want to spend them”.

This transaction is published into the network, it will eventually find its way into a block and, after other blocks have been built on top, everybody can be pretty sure it won’t be reversed and the world moves on. What more do you need?

The core Bitcoin “grammar” works just fine, mostly…

This three-part structure to a Bitcoin transaction works well and it turns out that you can do some really interesting things with it. For example, you can use the “not-entirely fungible” feature to “tag” coins. This is the basis of the “Colored Coins” and “Smart Property” worlds.

But there are problems, such as:

Block interval

Bitcoin’s block interval is ten minutes so it takes about five ten minutes on average for a new transaction to find its way into a block, even if it pays a high fee. This is too slow for some people so they have experimented with alternative cryptocurrencies, based on the Bitcoin code-base, which employ quicker block intervals [UPDATED 2014-10-27 to correct my embarrassing misunderstanding of mathematics…]

Transaction Structure

The “three-part” transaction structure is very general but it only allows you to transfer ownership of Bitcoins. Some people would like to transmit richer forms of information across these sorts of systems. For example, a decentralized exchange needs a way for participants to place orders. Projects such as Mastercoin, Counterparty, NXT and others either build layers on top of Bitcoin or use entirely different codebases to achieve their goals.

Transaction Transfer Conditions

I said above that you can build sophisticated rules into Bitcoin transactions to specify how ownership is proved. However, the Bitcoin scripting language is deliberately limited and many ideas in the Smart Contracts space are difficult or impossible to implement. So projects such as Ethereum are building an entirely new infrastructure to explore these ideas

One-size-fits-all security model

It doesn’t matter if you’re moving $1bn or 0.01c across the Bitcoin network, you get the same security guarantees. And you pay for this in fees and time. What if you were prepared to trade safety for speed? Today, your only real option is to send the coins to a centralized wallet provider, whom you must trust not to lose or steal your coins. You can then do all the transactions you like on their books, with their other customers and you never need touch the Bitcoin blockchain. But now you lose all the benefits of a decentralized value-transfer network.

One-size fits all doesn’t help if the size doesn’t fit you!

Now, making experimental or rapid changes to Bitcoin is very risky and so change happens slowly. So if the one-size-fits-all architecture of Bitcoin doesn’t suit a particular use-case, you have a problem. You either have to use an entirely different cryptocurrency (or build one!). Or you have to use (or build) a centralized service, which brings new risks.

This is very inconvenient. It creates risk and fragmentation and slows the build-out of products, services and infrastructure.

Centralised Wallet Providers as a “poor-man’s sidechain”?

But there’s an interesting observation we can make. Think about what happens if you send Bitcoins to a centralized wallet such as circle.com for safekeeping.

You send your coins to a particular Bitcoin address

They appear inside your circle wallet and are out of your control on the blockchain.

At some point in the future, you might send your coins back out of your circle wallet to a Bitcoin address you own

You now have control of some coins on the Bitcoin blockchain again!

From the perspective of the Bitcoin network, Circle is a black box. You had some coins… you sent them to a specific address… some stuff happened that Bitcoin couldn’t see…. And at some point later, you had control of some coins again. It’s as if those coins had been moved from Bitcoin to somewhere else and then back again.

Here’s the Sidechains insight

The key idea behind the sidechains concept is:

What if you could send Bitcoins not only to individuals, addresses and centralized services but to other blockchains?

Imagine there is a Bitcoin-like system out there that you’d like to use. Perhaps it’s litecoin or ethereum or perhaps it’s something brand new. Maybe it has a faster block confirmation interval and a richer scripting language. It doesn’t matter. The point is: you’d like to use it but would rather not have to go through the risk and effort of buying the native tokens for that platform. You have Bitcoins already. Why can’t you use them?

The sidechains ideas is this:

Send your Bitcoins to a specially formed Bitcoin address. The address is specially designed so that the coins will now be out of your control… and out of the control of anybody else either. They’re completely immobilized and can only be unlocked if somebody can prove they’re no longer being used elsewhere (I’ll explain what I mean by this in a minute). In other words, you’ve used the core bitcoin transaction rules I described above to lay down a specific condition that the future owner – whoever it ends up being – needs to fulfil in order to take control

Once this immobilisation transaction is sufficiently confirmed, you send a message to the other blockchain – the one you were wanting to use. This message contains a proof that the coins were sent to that special address on the Bitcoin network, that they are therefore now immobilized and, crucially, that you were the one who did it

If the second blockchain has agreed to be a Bitcoin sidechain, it now does something really special… it creates the exact same number of tokens on its own network and gives you control of them.

So it’s as if your Bitcoins have been transferred to this second chain. And remember: they’re immobilized on the Bitcoin network… so we haven’t created or destroyed any…. Just “moved” them.

You can now transact with those coins on that second chain, under whatever rules that chain chooses to implement.

Perhaps blocks are created faster on that sidechain. Perhaps transaction scripts are “turing complete”. Perhaps you have to pay fees to incent those securing that sidechain. Who knows. The rules can be whatever those running that sidechain want them to be. The only rule that matters is that the sidechain agrees to follow the convention that if you can prove you put some Bitcoins out of reach on the Bitcoin network, the same number will pop into existence on the sidechain.

And now for the second clever part. The logic above is symmetric. So, at any point, whoever is holding these coins on the sidechain can send them back to the Bitcoin network by creating a special transaction on the sidechain that immobilises the bitcoins on the sidechain. They’ll disappear from the sidechain and become available again on the Bitcoin network, under the control of whoever last owned them on the sidechain.

Sidechains use the standard bitcoin “three-step” transaction to immobilise bitcoins whilst they’re “on” the sidechain

So, to repeat, we’ve used standard Bitcoin transaction functionality to move coins out of reach and we then prove to a second, unrelated chain, that we’ve done this. And when we’re done, whoever owns them on the sidechain can do the same thing and send them back to the bitcoin network.

So developers get the opportunity to experiment with different types of cryptocurrency rules without needing to create their own currency.

And it now becomes possible to do some very interesting things in the Bitcoin space.

Step back from the details for moment and consider what’s been described. We now have a way to move coins from Bitcoin onto another platform (a sidechain) and move them back again. That’s pretty much what we do when we move them to a wallet platform or an exchange. The difference is that the “platform” they’ve been moved to is also a blockchain… so it has the possibility of decentralised security, visibility and to gain from other innovation in this space.

For example, one could imagine a sidechain that is “mined” only by one company. That would be identical to a single-company wallet, but with full visibility of transactions.

Going further, you could imagine a sidechain that is mined by 100 different companies in a loose federation. Not totally decentralized, but harder to censor or subvert than if it were just one.

And there are lots of other possibilities. The key is that you can build these experiments and products and services without also needing to create a new currency or fall back into the old centralised style.

So when I look at sidechains, I’m looking at them as an architecture for building semi-decentralised products and services for Bitcoin that were simply impossible before.

Now there are some serious issues with the scheme. Peter Todd has raised doubts about how secure it might be and it might require a one-off change to Bitcoin.

But it’s early days. I’m looking forward to watching this space develop