We are bitcoin sidechain paper authors Adam Back, Greg Maxwell and others

Who are the investors in Blockstream, and how will you respond if they want you to discourage future Bitcoin protocol upgrades that would reduce the need for sidechains?

Why shouldn't the rest of the community be concerned by the apparent financial incentive Blockstream has to get their soft fork in, and then filibuster any future protocol upgrades?

We've been incredibly fortunate in that our investors understand open source efforts and appreciate the importance of working within the context of a technical standards-based community. We'll have more to say about our group of investors in the coming weeks, and many of them will be weighing in personally on questions like this. As co-founders of Blockstream, we firmly stand behind bitcoin and blockchain technology and the values embodied in its code, including decentralized, open, permissionless and trustless innovation.

[deleted]

Not really in competition, they are different concepts treechains are a scaling idea by petertodd. It would be convenient to experiment with treechains on a sidechain as sidechains are generic extension mechanism with significant flexibility in the rules that can be used on a sidechain.

For example zerocash could be implemented on a sidechain or other things that have radically different formats and ownership tracking mechanisms.

Does anything prevent a sidechain from creating its own opcodes for implementing a recursive sidechain?

yes you can have a side-chain recursively off a sidechain, and there can be reasons to do that.

Any example uses cases of recursive sidechains?

One example we've discussed is using SNARKs to increase security of the peg transfers to the full Bitcoin model. It could be implemented rather quickly between two sidechains.

It needs a recursive sidechain because there are more constraining requirements to return peg to bitcoin main. By having a side-chain to return to it can have features to facilitate more advanced things.

Will Blockstream be developing sidechains?

Of course Blockstream will be developing some sidechains, but sidechains is an open idea which anyone can (and should!) use to make any sidechain they want.

i'm waiting for the zerocash sidechain :)

We'll be signing off at the top of the hour. Many thanks for the great questions. We're regular participants in /r/Bitcoin subreddit and will come back to your questions.

We'll look to do one of these again in the future with more notice.

Thanks

What will be the financial incentive for someone to create a sidechain, as opposed to an independent coin?

I get the feeling you may be first releasing an altcoin with sidechain tech, and that this is not necessarily about bitcoin. Can you put this concern to rest?

we only anticipate building sidechains on bitcoin, and sidechains preserve the 21million bitcoin supply cap. part of the reason we think its useful to build on bitcoin is its a neutral currency, and has the network effect advantage.

How will Sidechain impact existing and future altcoins?

sidechains are quite flexible such that a wide-range of economic and technical experiments can be conducted on them.

When you invented hashcash, when it was obviously not in the context of Bitcoin... What the heck was it for?

yes actually I was operating an anonymous remailer at the time and hashcash was to throttle spam in anonymous networks because you cant ideally rely on identity there. there were a number of applications of hashcash. http://hashcash.org/papers/hashcash.pdf

bitcoin also is independent from identity, so there is a common theme there. see also b-money http://www.weidai.com/bmoney.txt by Wei Dai and bit-gold by Nick Szabo two ecash ideas that predate bitcoin that propose to use hashcash mining. also Hal Finney's RPOW also uses hashcash mining.

A quote from the paper stuck with me "we have seen a volatile, unnavigable environment develop, where the most 90 visible projects may be the least technically sound." (p.90)

Can you elaborate?

Andrew Poelstra has a paper about the common technical mistakes made by alt coins https://download.wpsoftware.net/bitcoin/alts.pdf Blockchain consensus system are complex.

Thanks for the link, very interesting. Do you know what he means here?

Progress-freeness: if proof production has any notion of “percent complete”, even a probabilistic one, then mining becomes a race and a disproportionate advantage is given to large mining operations. This encourages centralization

Yes you need a poisson distribution, eg like a cointoss; hashcash & bitcoin mining is like tossing 64 coins and hoping they call come up tails (zero). If for example the proof of work had progress, like you had to find 100 small puzzles, that would be bad because variance is reduced so its more likely that the single faster computer wins. In the extreme case when there is no variance (zero) then the single fastest (liquid nitrogen OC etc) wins everytime, like a race with race cars where the car with the best performance tends to win. You want to have a chance of winning directly proportional to your hashrate otherwise its starts to be biased in favor of the faster player. Ie where they have 2x as much hashrate as you, they get 3x chance of winning or such.

How would altchains merge with sidechains on a protocol level?

another concept is multiple pegging: different contracts or assets from different chains can be pegged to a given chain. this allows composability of assets and contracts between chains.

You guys introduce the concept of Bitcoin as a DMMS (dynamic membership multiparty signature). One limitation of Bitcoin as such (if I understand the point properly) is the linear nature of the "signature". In other words, size of the signature grows linearly as time progresses.

Another DMMS would simply be ever increasing difficulty. That is, discovering a SHA256 of a particular document (+ changes) that has more initial zeros than the prior discovery. This DMMS has constant data size (and therefore validation time) but unfortunately each "block" is twice as hard to solve as the prior one.

Can we find a DMMS with constant data (and validation time) AND something better then exponential difficulty increase? (constant, linear, adjustable)

Possibly. One of the reasons we wanted to describe DMMS as a crypto building block is that maybe the academic community can find a a more compact DMMS. The other reason is we found it an interesting way to think about the way the blockchain uses PoW - the effect it achieves.