Tag Archives: sidechains

Standard

Posted by

Posted on

June 10, 2015

Posted under

blockstream, sidechain

Comments

9 Comments

Quick notes on Sidechains “Elements”

I’ve written a lot recently about the potential of replicated, shared ledgers that are private/semi-private. For example, I suggested that industries with duplicated systems across firms might get benefit from adopting this technology.  But I also keep an eye on what’s happening in the Bitcoin world.  So the BlockstreamElements” launch caught my attention this week.

I wrote about the idea behind sidechains late last year and so it’s interesting to see parts of the vision turn into real code. Back then, I said that a way to think about this is as a system that lets you “move” bitcoins from the Bitcoin blockchain onto another bitcoin-like system and back again in a way that doesn’t harm the Bitcoin network and doesn’t require you to trust a central entity like a Bitcoin exchange.

Why would you want to do that?

  • First, it could be a good way to prototype proposed changes to the core Bitcoin protocol with lower risk: the change could first be implemented and tested on a sidechain, a relatively safe environment. And, should the new system work well, those who needed the feature could transfer their coins to that sidechain, knowing they could bring them back again in the future.
  • Secondly, and looking further ahead, this approach could also provide a migration path for existing bitcoin holders to a new version of the network – offering an alternative to a hard-fork.

It’s an attractive idea and one can intuitively sense why it could be valuable. Of course, the idea is not perfect. Developers such as Peter Todd, have argued that sidechains would be vulnerable to attack under various circumstances. But, leaving that to one side for now, what was announced this week and what does it mean?

Sidechains Announcement

What follows is deliberately brief in order to share thoughts quickly:

  • A sidechain is now up and running and accessible from the Bitcoin testnet.
  • The sidechain can be thought of as “just like Bitcoin” (or just like Bitcoin testnet) but with several additional features, or “elements”.
  • These elements include features such as “confidential transactions” and “relative locktime” (full details here and I explore two in a little more detail below)
  • A mechanism for moving coins to and from the sidechain is up and running… but this mechanism currently relies on a network of semi-trusted oracles, or “functionaries”, to validate the return of coins to testnet. This is because the necessary changes to enable this in a decentralized fashion do not yet exist in Bitcoin and one should remember there is no guarantee such a change would ever happen
  • The sidechain is also currently secured by this network of functionaries”. I understand this is a temporary situation but one could argue it means the distinction between permissioned and permissionless ledgers could be becoming somewhat blurred. Preston Byrne of Eris Industries has said something similar.
  • The code is open source so other people could set up their own sidechains and run their own functionaries.
  • In what I think could be a smart move for gaining mindshare, blockstream have signed up several universities with Bitcoin projects/programmes, such as MIT and Princeton to run these “functionaries”.

Elements

The individual features being explored initially have been called “Elements

Of particular interest to my readers might be Confidential Transactions and Issued Assets.

Issued Assets is an attempt to add support for Colored Coins-style assets to the core protocol. This is the one feature that is not yet deployed to the sidechain but it is also one of the most intriguing. I’ll be watching for comment from those projects in the coming days.

Confidential Transactions are a very clever application of cryptography to hide the value of transactions whilst still allowing them to be fully validated by the network. If this works well, it could be a partial solution to the confidentiality issue faced by Replicated, Shared Ledgers.

The fundamental characteristic of these systems – both permissioned and permissionless – is that multiple copies of the ledger are maintained and that these copies are widely distributed. Without features like Confidential Transactions (or related technology such as ZeroCoin or ZeroCash), these systems may be  unsuitable for those with confidentiality and privacy requirements. Do you want everybody in the network knowing your positions?

Based on what I’ve read so far, I’m not sure this is a full solution – financial firms care about more than just the value of transactions – but it’s a good start.

Next Steps

The test for me in coming weeks will be the extent to which non-Blockstream developers engage with this and other sidechains. I’ll also be paying particular attention to the Bitcoin Dev mailing list to see if any debate begins about making changes to the core protocol to allow decentralised pegging to work directly.   [Update 2015-06-11 to correct pegging terminology. Thanks to joeykrug for the correction]

Standard

Posted by

Posted on

October 26, 2014

Posted under

Bitcoin

Comments

483 Comments

A simple explanation of Bitcoin “Sidechains”

Could sidechains be the enabler of “semi-decentralised” Bitcoin products and services?

An important paper was published this week:

Sidechains

If you’ve followed Bitcoin for any time, you’ll know this is a seriously eminent group of authors

It describes a way to build “pegged sidechains”. Sidechains themselves are not new – the idea, and how to build them, has been discussed for some time and the key breakthrough was outlined earlier in the year. But this paper gives more detail on the concept and has attracted a lot of comment.

But what are they? And why should anybody care?

A mental model for Bitcoin

The key to understanding most innovations in the Bitcoin space is to make sure you have the right mental model for how Bitcoin itself works. It turns out that most people I speak to don’t really understand how it works and, as a result, have a faulty mental model.

To help with this, I came up with an analogy for Bitcoin earlier in the year, based on thinking of Bitcoin “unspent transaction outputs” as parcels of land. Some people hated the analogy but I still think it has value 🙂

But in this piece, I’ll skip the analogy and net it down to the basics.

First, clear your head of anything related to money, currency or payments. And clear your head of the word ledger, too. The mind-bending secret of Bitcoin is that there actually isn’t a ledger! The only data structures that matter are transactions and blocks of transactions. And it’s important to get this clear in your head if sidechains are going to make sense.

When you “move” Bitcoins, what you’re saying is:

  • Hello everybody… I’d like to move these specific Bitcoins, please.
  • Here is the proof that I am entitled to move them
  • And here is how the recipient will, in turn, prove that they are entitled to move them.

three pictures

The critical three parts of a Bitcoin transaction

There are several important points here:

  1. Bitcoins are not perfectly fungible… when you move (or spend) them, you’re spending some specific bitcoins
  2. In order to spend them, you have to prove you’re entitled to do so. And you do that by providing the solution to a challenge that was laid down when they were sent to you in the first place. This challenge is usually just: “prove to the world that you know the public key that corresponds to a particular Bitcoin address and are in possession of the corresponding private key”. But it can be more sophisticated than that.
  3. When you send Bitcoins somewhere, you lay down the challenge for the next owner. Usually, you’ll simply specify that they need to know the public and private keypair that correspond to the Bitcoin address the coins were sent to. But it can be more complicated than that. In the general case, you don’t even know who the next owner is… it’s just whoever can satisfy the condition.

Keep saying the three steps to yourself until they’re etched on your memory!

Fine. So the “grammar” of a Bitcoin transaction is clear:   “Here are the coins I want to move, here’s the proof I’m entitled to and here’s what the recipient must do, in turn, if they want to spend them”.

This transaction is published into the network, it will eventually find its way into a block and, after other blocks have been built on top, everybody can be pretty sure it won’t be reversed and the world moves on.   What more do you need?

The core Bitcoin “grammar” works just fine, mostly…

This three-part structure to a Bitcoin transaction works well and it turns out that you can do some really interesting things with it.   For example, you can use the “not-entirely fungible” feature to “tag” coins. This is the basis of the “Colored Coins” and “Smart Property” worlds.

But there are problems, such as:

Block interval

Bitcoin’s block interval is ten minutes so it takes about five ten minutes on average for a new transaction to find its way into a block, even if it pays a high fee. This is too slow for some people so they have experimented with alternative cryptocurrencies, based on the Bitcoin code-base, which employ quicker block intervals   [UPDATED 2014-10-27 to correct my embarrassing misunderstanding of mathematics…]

Transaction Structure

The “three-part” transaction structure is very general but it only allows you to transfer ownership of Bitcoins. Some people would like to transmit richer forms of information across these sorts of systems. For example, a decentralized exchange needs a way for participants to place orders. Projects such as Mastercoin, Counterparty, NXT and others either build layers on top of Bitcoin or use entirely different codebases to achieve their goals.

Transaction Transfer Conditions

I said above that you can build sophisticated rules into Bitcoin transactions to specify how ownership is proved. However, the Bitcoin scripting language is deliberately limited and many ideas in the Smart Contracts space are difficult or impossible to implement. So projects such as Ethereum are building an entirely new infrastructure to explore these ideas

One-size-fits-all security model

It doesn’t matter if you’re moving $1bn or 0.01c across the Bitcoin network, you get the same security guarantees.   And you pay for this in fees and time.   What if you were prepared to trade safety for speed?   Today, your only real option is to send the coins to a centralized wallet provider, whom you must trust not to lose or steal your coins. You can then do all the transactions you like on their books, with their other customers and you never need touch the Bitcoin blockchain. But now you lose all the benefits of a decentralized value-transfer network.

One-size fits all doesn’t help if the size doesn’t fit you!

Now, making experimental or rapid changes to Bitcoin is very risky and so change happens slowly. So if the one-size-fits-all architecture of Bitcoin doesn’t suit a particular use-case, you have a problem. You either have to use an entirely different cryptocurrency (or build one!). Or you have to use (or build) a centralized service, which brings new risks.

This is very inconvenient. It creates risk and fragmentation and slows the build-out of products, services and infrastructure.

Centralised Wallet Providers as a “poor-man’s sidechain”?

But there’s an interesting observation we can make. Think about what happens if you send Bitcoins to a centralized wallet such as circle.com for safekeeping.

  • You send your coins to a particular Bitcoin address
  • They appear inside your circle wallet and are out of your control on the blockchain.
  • At some point in the future, you might send your coins back out of your circle wallet to a Bitcoin address you own
  • You now have control of some coins on the Bitcoin blockchain again!

From the perspective of the Bitcoin network, Circle is a black box.   You had some coins… you sent them to a specific address…   some stuff happened that Bitcoin couldn’t see…. And at some point later, you had control of some coins again.   It’s as if those coins had been moved from Bitcoin to somewhere else and then back again.

Here’s the Sidechains insight

The key idea behind the sidechains concept is:

What if you could send Bitcoins not only to individuals, addresses and centralized services but to other blockchains?

Imagine there is a Bitcoin-like system out there that you’d like to use. Perhaps it’s litecoin or ethereum or perhaps it’s something brand new.   Maybe it has a faster block confirmation interval and a richer scripting language. It doesn’t matter.   The point is: you’d like to use it but would rather not have to go through the risk and effort of buying the native tokens for that platform. You have Bitcoins already. Why can’t you use them?

The sidechains ideas is this:

  • Send your Bitcoins to a specially formed Bitcoin address. The address is specially designed so that the coins will now be out of your control… and out of the control of anybody else either. They’re completely immobilized and can only be unlocked if somebody can prove they’re no longer being used elsewhere (I’ll explain what I mean by this in a minute).   In other words, you’ve used the core bitcoin transaction rules I described above to lay down a specific condition that the future owner – whoever it ends up being – needs to fulfil in order to take control
  • Once this immobilisation transaction is sufficiently confirmed, you send a message to the other blockchain – the one you were wanting to use. This message contains a proof that the coins were sent to that special address on the Bitcoin network, that they are therefore now immobilized and, crucially, that you were the one who did it
  • If the second blockchain has agreed to be a Bitcoin sidechain, it now does something really special… it creates the exact same number of tokens on its own network and gives you control of them.
  • So it’s as if your Bitcoins have been transferred to this second chain. And remember: they’re immobilized on the Bitcoin network… so we haven’t created or destroyed any…. Just “moved” them.
  • You can now transact with those coins on that second chain, under whatever rules that chain chooses to implement.
  • Perhaps blocks are created faster on that sidechain. Perhaps transaction scripts are “turing complete”. Perhaps you have to pay fees to incent those securing that sidechain. Who knows. The rules can be whatever those running that sidechain want them to be. The only rule that matters is that the sidechain agrees to follow the convention that if you can prove you put some Bitcoins out of reach on the Bitcoin network, the same number will pop into existence on the sidechain.
  • And now for the second clever part. The logic above is symmetric. So, at any point, whoever is holding these coins on the sidechain can send them back to the Bitcoin network by creating a special transaction on the sidechain that immobilises the bitcoins on the sidechain. They’ll disappear from the sidechain and become available again on the Bitcoin network, under the control of whoever last owned them on the sidechain.

sidehcains_ex

Sidechains use the standard bitcoin “three-step” transaction to immobilise bitcoins whilst they’re “on” the sidechain

So, to repeat, we’ve used standard Bitcoin transaction functionality to move coins out of reach and we then prove to a second, unrelated chain, that we’ve done this.  And when we’re done, whoever owns them on the sidechain can do the same thing and send them back to the bitcoin network.

So developers get the opportunity to experiment with different types of cryptocurrency rules without needing to create their own currency.

And it now becomes possible to do some very interesting things in the Bitcoin space.

Step back from the details for moment and consider what’s been described.  We now have a way to move coins from Bitcoin onto another platform (a sidechain) and move them back again.   That’s pretty much what we do when we move them to a wallet platform or an exchange.  The difference is that the “platform” they’ve been moved to is also a blockchain… so it has the possibility of decentralised security, visibility and to gain from other innovation in this space.

For example, one could imagine a sidechain that is “mined” only by one company. That would be identical to a single-company wallet, but with full visibility of transactions.

Going further, you could imagine a sidechain that is mined by 100 different companies in a loose federation. Not totally decentralized, but harder to censor or subvert than if it were just one.

And there are lots of other possibilities. The key is that you can build these experiments and products and services without also needing to create a new currency or fall back into the old centralised style.

So when I look at sidechains, I’m looking at them as an architecture for building semi-decentralised products and services for Bitcoin that were simply impossible before.

Now there are some serious issues with the scheme. Peter Todd has raised doubts about how secure it might be and it might require a one-off change to Bitcoin.

But it’s early days.  I’m looking forward to watching this space develop