Adam Back I am the inventor of hashcash the proof of work function in bitcoin and co-inventor of sidechains with Greg Maxwell. Joined by co-authors Greg Maxwell, Pieter Wuille, Matt Corallo, Mark Friedenbach, Jorge Timon, Luke Dashjr, Andrew Poelstra, Andrew Miller; bitcoin protocol developers.

sidechains paper:

we are looking forward to your questions, ask us anything

We'll be signing off now (11:13 PDT). Many thanks for the great questions. We're regular participants in /r/Bitcoin subreddit and will come back to your questions. We'll look to do one of these again in the future with more notice. Thanks

Comments: 511 • Responses: 15  • Date: 

justusranvier22 karma

Who are the investors in Blockstream, and how will you respond if they want you to discourage future Bitcoin protocol upgrades that would reduce the need for sidechains?

Why shouldn't the rest of the community be concerned by the apparent financial incentive Blockstream has to get their soft fork in, and then filibuster any future protocol upgrades?

adam3us17 karma

We've been incredibly fortunate in that our investors understand open source efforts and appreciate the importance of working within the context of a technical standards-based community. We'll have more to say about our group of investors in the coming weeks, and many of them will be weighing in personally on questions like this. As co-founders of Blockstream, we firmly stand behind bitcoin and blockchain technology and the values embodied in its code, including decentralized, open, permissionless and trustless innovation.

aquentin19 karma


adam3us9 karma

Not really in competition, they are different concepts treechains are a scaling idea by petertodd. It would be convenient to experiment with treechains on a sidechain as sidechains are generic extension mechanism with significant flexibility in the rules that can be used on a sidechain.

For example zerocash could be implemented on a sidechain or other things that have radically different formats and ownership tracking mechanisms.

confident_lemming12 karma

Does anything prevent a sidechain from creating its own opcodes for implementing a recursive sidechain?

adam3us14 karma

yes you can have a side-chain recursively off a sidechain, and there can be reasons to do that.

Tulumbo4 karma

Any example uses cases of recursive sidechains?

TheBlueMatt5 karma

One example we've discussed is using SNARKs to increase security of the peg transfers to the full Bitcoin model. It could be implemented rather quickly between two sidechains.

adam3us6 karma

It needs a recursive sidechain because there are more constraining requirements to return peg to bitcoin main. By having a side-chain to return to it can have features to facilitate more advanced things.

oraclechain8 karma

Will Blockstream be developing sidechains?

TheBlueMatt7 karma

Of course Blockstream will be developing some sidechains, but sidechains is an open idea which anyone can (and should!) use to make any sidechain they want.

adam3us11 karma

i'm waiting for the zerocash sidechain :)

adam3us7 karma

We'll be signing off at the top of the hour. Many thanks for the great questions. We're regular participants in /r/Bitcoin subreddit and will come back to your questions.

We'll look to do one of these again in the future with more notice.


platonicgap6 karma

What will be the financial incentive for someone to create a sidechain, as opposed to an independent coin?

I get the feeling you may be first releasing an altcoin with sidechain tech, and that this is not necessarily about bitcoin. Can you put this concern to rest?

adam3us4 karma

we only anticipate building sidechains on bitcoin, and sidechains preserve the 21million bitcoin supply cap. part of the reason we think its useful to build on bitcoin is its a neutral currency, and has the network effect advantage.

Egon_16 karma

How will Sidechain impact existing and future altcoins?

adam3us4 karma

sidechains are quite flexible such that a wide-range of economic and technical experiments can be conducted on them.

_Mr_E5 karma

When you invented hashcash, when it was obviously not in the context of Bitcoin... What the heck was it for?

adam3us11 karma

yes actually I was operating an anonymous remailer at the time and hashcash was to throttle spam in anonymous networks because you cant ideally rely on identity there. there were a number of applications of hashcash.

bitcoin also is independent from identity, so there is a common theme there. see also b-money by Wei Dai and bit-gold by Nick Szabo two ecash ideas that predate bitcoin that propose to use hashcash mining. also Hal Finney's RPOW also uses hashcash mining.

oraclechain5 karma

A quote from the paper stuck with me "we have seen a volatile, unnavigable environment develop, where the most 90 visible projects may be the least technically sound." (p.90)

Can you elaborate?

adam3us8 karma

Andrew Poelstra has a paper about the common technical mistakes made by alt coins Blockchain consensus system are complex.

throwaway2 karma

Thanks for the link, very interesting. Do you know what he means here?

Progress-freeness: if proof production has any notion of “percent complete”, even a probabilistic one, then mining becomes a race and a disproportionate advantage is given to large mining operations. This encourages centralization

adam3us3 karma

Yes you need a poisson distribution, eg like a cointoss; hashcash & bitcoin mining is like tossing 64 coins and hoping they call come up tails (zero). If for example the proof of work had progress, like you had to find 100 small puzzles, that would be bad because variance is reduced so its more likely that the single faster computer wins. In the extreme case when there is no variance (zero) then the single fastest (liquid nitrogen OC etc) wins everytime, like a race with race cars where the car with the best performance tends to win. You want to have a chance of winning directly proportional to your hashrate otherwise its starts to be biased in favor of the faster player. Ie where they have 2x as much hashrate as you, they get 3x chance of winning or such.

oraclechain3 karma

How would altchains merge with sidechains on a protocol level?

adam3us7 karma

another concept is multiple pegging: different contracts or assets from different chains can be pegged to a given chain. this allows composability of assets and contracts between chains.

btc-ftw22 karma

You guys introduce the concept of Bitcoin as a DMMS (dynamic membership multiparty signature). One limitation of Bitcoin as such (if I understand the point properly) is the linear nature of the "signature". In other words, size of the signature grows linearly as time progresses.

Another DMMS would simply be ever increasing difficulty. That is, discovering a SHA256 of a particular document (+ changes) that has more initial zeros than the prior discovery. This DMMS has constant data size (and therefore validation time) but unfortunately each "block" is twice as hard to solve as the prior one.

Can we find a DMMS with constant data (and validation time) AND something better then exponential difficulty increase? (constant, linear, adjustable)

adam3us4 karma

Possibly. One of the reasons we wanted to describe DMMS as a crypto building block is that maybe the academic community can find a a more compact DMMS. The other reason is we found it an interesting way to think about the way the blockchain uses PoW - the effect it achieves.