Pegged Sidechains: A Critique
We review and critique the Blockstream.com white paper on pegged sidechains.
The team at Blockstream.com recently released a paper, "Enabling Blockchain Innovations with Pegged Sidechains, which is found here: http://www.blockstream.com/sidechains.pdf
Blockstream describes itself as "a group of people who share a vision of how to transform global systems of value exchange that, by design, put you first." The authors of the paper are Adam Back, Matt Corallo, Luke Dashjr, Mark Friedenbach, Gregory Maxwell, Andrew Miller, Andrew Poelstra, Jorge Timón, and Pieter Wuille. Blockstream is a company developed by several of the authors. The idea of sidechains existed prior to the creation of the company, and is described in the paper as "an open proposal."
SilentVault is also an enterprise composed of people who wish to transform global systems of value exchange. We believe that the SilentVault system offers individuals two ways in which to exchange value between different types of assets. One way to accomplish that goal within the SilentVault system is to make a payment from one wallet to another. Another way to accomplish that goal is to make an escrow-guaranteed exchange using our built-in exchange service. Payments take place from wallet to wallet in a peer-to-peer or person-to-person manner. Escrow-guaranteed exchanges are posted to the SilentVault Exchange (SVX) with a payment to an escrow wallet, so that anyone agreeing to the terms of the proposed exchange knows that the funds have already been spent to a third party for prompt delivery once the terms are accepted and a corresponding payment is made.
In their abstract, the authors, Back, Corallo, et al., write, "We propose a new technology, pegged sidechains, which enables bitcoins and other ledger assets to be transferred between multiple blockchains. This gives users access to new and innovative cryptocurrency systems using the assets they already own. By reusing Bitcoin’s currency, these systems can more easily interoperate with each other and with Bitcoin, avoiding the liquidity shortages and market fluctuations associated with new currencies. Since sidechains are separate systems, technical and economic innovation is not hindered. Despite bidirectional transferability between Bitcoin and pegged sidechains, they are isolated: in the case of a cryptographic break (or malicious design) in a sidechain, the damage is entirely confined to the sidechain itself."
The paper goes into considerable detail about how bitcoin itself was developed, how it might be modified to provide for sidechains, and how pegged sidechains are proposed to work. Justin Turrell, the technology lead for SilentVault, comments, "The paper presents a solution that is very clever but represents an extremely complex concept and implementation. The overall idea is that a block of coins are spent to an address on the parent chain (Bitcoin), which "locks" the coins in place. An isomorphic "echo" of these coins is then minted (in equal quantity) on the sidechain (altcoin). The coins can then circulate on the secondary blockchain at will. Moving them back to the parent chain involves the same operations in reverse. These activities might be performed so that unique rules and innovations could be implemented on the sidechain.
"The core observation," Turrell continues, "is that Bitcoin the blockchain is conceptually independent from bitcoin the asset: if we had technology to support the movement of assets between blockchains, new systems could be developed which users could adopt by simply reusing the existing bitcoin currency. There are, however, some significant drawbacks to this approach." Turrell goes on to explain these points.
1) The transfer of a block of coins to a locking address requires a much longer confirmation period than an ordinary spend, on order of 1-2 days. This is because if a "reorganization" subsequently occurred (where a longer blockchain fork replaced the branch containing the spends to the locking address), the implication would be that all derivative transactions on the sidechain would be invalidated directly. Therefore after arriving on the sidechain, the transferred coins must sit in quarantine to wait out the "contest period." Thus moving between chains takes up to several days in both directions. There is no reason to think that, after circulating on the sidechain to new owners, the transported coins would all move back to the parent blockchain at the same time. This may create a significant obstacle to those coins' utility on the sidechain, or at least create a disincentive to migrate them back to the parent chain.
2) The SPV (Simplified Payment Verification) proofs used by the sidechain transfer algorithm are too complex for Bitcoin's existing script to incorporate them into a block. Therefore a change to the Bitcoin protocol would be required in order to facilitate sidechains. However this change would be a "soft fork," meaning that it would not affect other ordinary transactions which do not utilize the feature. The authors make a suggestion for a temporary work-around, called a "federated peg," where bitcoins are spent into an address controlled by "functionaries" employing multiple signatures to enter or exit from that address. Basically, this interim approach would be analogous to placing migrated coins into a multi-signature escrow.
3) Any wallet client which could take advantage of sidechains would need to be able to work with both blockchains (that is, parent plus side) and connect to both networks. No existing wallets do this. All "full clients" (e.g. Bitcoin Core) connect to exactly one blockchain or network, and so consequently every altcoin necessarily has a distinct wallet client. Hence sidechains would also practically require substantial client-side development.
4) A similar problem occurs with mining. The logical solution would be for miners to do merged mining of both the parent chain and the sidechain, so that they could inspect both chains in order to better prevent fraud. However, this activity is made more difficult when the hashing power on the sidechain is very much less than that of Bitcoin (as most altcoins are or likely would be). The risk is therefore that only a few such sidechains would be well-supported, and that centralization of miners would increase, since smaller outfits might not be able to afford to do the merged mining. This mining centralization risk mitigates against isolation of the parent and side chains, which ironically is one of the design goals of the system. One might also ask what privacy benefits are realized if the same big miners are monitoring both parallel public blockchains? Increased privacy (through breaking the links between wallets) is surely a major motivation for the practical use of sidechains.
5) Because the quantity of coins is the same on both chains (that is, inputs must equal outputs), this approach does not open up new coin domains or quantities.
Turrell concludes, "It appears that this white paper on pegged sidechains represents a primarily theoretical proposal at this point. It cannot be implemented at this time without a mod to the Bitcoin protocol. After such a mod, it would still require widespread adoption by miners and wallet clients in order to get very far. So, compared with what we have available today already, I think it's brilliant without currently functioning as a solution."
What SilentVault has available today is a set of encrypted payment and exchange tools. A bitcoin user can bring in as little as 0.01 bitcoin and redeem as little as 0.02 bitcoin. The fee for bailing in bitcoin is zero and the fee for redeeming Silent Bitcoin to any bitcoin wallet is also zero. There are small fees for tokens which are used by the SilentVault wallets to pay for transaction events such as making a payment or storing a receipt. (Storing receipts is optional and determined by user preferences.)
This technology allows SilentVault wallet users to bail their bitcoin into secure storage and receive an equivalent digital voucher in exchange, after only the normal half dozen confirmations. Silent Bitcoin vouchers can be spent to other SilentVault wallets instantly, and without leaving any footprints on the blockchain. Unlike blockchain coins, which carry their whole history on their backs like a snail, vouchers are always destroyed and re-created in every transaction, making circulation tracking of the underlying coins impossible. Silent Bitcoin can also be spent (via redemption) directly to any arbitrary bitcoin address, within seconds. From a privacy perspective at least, this provides all the utility of a sidechain without incurring any of the difficulties discussed above. And if a user doesn't want to leave their coins inside Silent Bitcoin then they don't have to: simply transfer in, conduct your business, and transfer back out.
The SilentVault wallets currently work with bitcoin, litecoin, and silver. A gold currency is under development. The SilentVault wallets are built on the Voucher-Safe technology which is an open-source protocol for encrypted asset exchange. Other currencies may be supported in the SilentVault system if a voucher issuer comes forward and wants to provide for them. Meanwhile, today, it is possible to add litecoin to your wallet, compose an exchange offer from Silent Litecoin into Silent Bitcoin, pay the Silent Litecoin to an escrow agent, and, upon acceptance by another party, receive Silent Bitcoin in your wallet. It is also possible for two parties to exchange bitcoin for litecoin by each making a manual payment to the other.
In addition to providing open source wallets, the SilentVault system provides for encrypted communications among users with its SVSpark plugin, which uses the Jabber/XMPP protocol for online chat. SVSpark provides for OTR or "off the record" encrypted chat. Users are therefore free to discuss their exchange needs with one another, establish business relationships, and test them using the person-to-person payment approach, or using the escrow exchange service have the confidence that exchange orders are already paid up.
In other words, SilentVault has available, today, tools for accepting one blockchain currency and converting it into another. The establishment of pegged sidechains represents a potentially useful alteration in bitcoin. However, if bitcoin is modified to support pegged sidechains, SilentVault will continue to accept bitcoin into our system. If bitcoin isn't modified to support pegged sidechains, SilentVault remains a useful approach to swapping one type of asset for another.