Let's put a myth to bed.
Thread on the history of sidechains, their security properites, concluded by their differences to Layer 2 solutions.
(there’s a lot of resources, feel free to skip/bookmark for later!)
👇
This is done by enabling the transfer of BTC between chains w/ varying feature sets
[1] blockstream.com/sidechains.pdf
Blockstream’s Liquid uses a multisig federation and doesn’t need SPV proofs for peg-in/out (more on that later on PoS sidechains).
A few years later @sol3gga, @socrates1024 and @dionyziz came up with NiPoPoWs [2], a succinct SPV proof technique where the main insight is that some blocks have a better mining target than others.
[2] nipopows.com
[3] arctan.gtklocker.com/thesis.pdf
[4] eprint.iacr.org/2019/226
[5] github.com/proofchains/py…
[6]
Constructing PoW sidechains is also described in [7].
[7] eprint.iacr.org/2018/1048.pdf
The moment your bitcoins move to an output that is spendable based on an event that happens on a chain with less hashrate than the bitcoin chain, you’re exposing yourself to counterparty risk (the miners of the other chain, or the validators if PoS)
BTC on the bitcoin chain is BTC-100. It is pure, inefficient, boring; but it is the most sovereign asset that has ever existed.
BTC-X would explore a different tradeoff space, as envisioned by the original @blockstream paper
Maybe that’s BTC-99.99?
[8] download.wpsoftware.net/bitcoin/pos.pdf (my favorite PoS paper)
Dionysis' work [9], [10] covers this area extensively
[9] eprint.iacr.org/2018/1239.pdf
[10] docs.google.com/presentation/d…
1. Send asset to special output on sending chain
2. Validator listens for deposit *with a light client* and signs it
3. If 2/3rds of validators weighted by stake signed, the asset gets minted on the receiving chain
1. Burn on sending chain
2. Make withdrawal request to validators with proof of burn
3. Validators signs on the withdrawal request
4. Output on receiving chain gets unlocked if signatures with 2/3rds of stake are shown
L2 security == L1 security
A L1 smart contract acts as an escrow.
Unlocking the assets relies on:
1. Playing a fixed duration game where honest players are guaranteed to win, OR
2. Cryptographically proving ownership with a ZKP.
In detail:
Client side validation with an L1 smart contract as adjudicator. Withdrawal requests take time T, after which you can unlock the claimed asset. If another user comes online and submits a fraud proof, the request is cancelled. (add slashing for incentives).
- L1 smart contract stores hash of state.
- Aggregator gathers state updates, generates & submits ZKP.
- Update contract hash If proof is valid.
- Supports instant withdrawals
- Has no liveness assumption
More about Fraud vs Validity Proofs in @StarkWareLtd's blog post:
medium.com/starkware/vali…
I am considering doing “Drivechains & Statechains are not Layer 2” & “Plasma & Rollup is Layer 2” threads, let me know on your thoughts.
{fin}