In previous articles we have talked about two possible upcoming Bitcoin upgrades, following the already confirmed Taproot upgrade. These are BIP 118 and 119 (recall that all proposals are formalized in Bitcoin Improvement Proposals). Both improvements are important, though very uncontroversial and perhaps “boring”. But BIP 300 is different.
In this article we will explore the proposed BIP 300, a much more controversial, disruptive and crazy upgrade, also known as drivechains.
Drivechains are sidechains that operate with minimal trust (lower than today’s existing sidechains, RSK and Liquid). In other words, they are separate blockchains to that of Bitcoin where bitcoin is used as a native currency, and not an altcoin.
Because of this, bitcoin as an asset could be used in different blockchains with different characteristics. For example, it could be used in Ethereum and Zcash style blockchains. In fact, there are already versions of a drivechain with the anonymity features of Zcash.
The kid of the question is to transmit bitcoins between blockchains and for that we need the asset to be able to “jump” from blockchain to blockchain, being able to return to the main blockchain. This is achieved by drivechains with the use of hashrate escrow, which we will see below.
The bridge problem
In order to be able to use bitcoin in another blockchain, there must be a kind of bridge between the mainchain and the sidechain, called a “two way peg“.
Moving from mainchain to sidechain is easy because another blockchain can have visibility over Bitcoin. For example, I can send 1 BTC to address X (a specific address that the sidechain monitors), the other blockchain sees the transaction and generates 1 “sideBTC” for me. The problem is that this sideBTC is not backed by BTC, and is therefore an altcoin. It could be backed if the X address belonged to a third party or federation, but you have to trust them to get it back to you when you want to redeem your sideBTC.
That is, a requirement for sidechains is that their “side” bitcoins are exchangeable at a 1:1 ratio for bitcoins on the mainchain, and with as little trust as possible. This bridge and the path from sidechain to mainchain is the most difficult because someone has to “store” the BTC.
As the main developer of BIP 300, Paul Sztorc, explains, the point of a sidechain is that Bitcoin nodes (computers in the P2P network) do not need to know of its existence. Otherwise they would be validating their rules and we would be talking about an extension to Bitcoin (an effective increase in block size).
Let’s see an example to make it clear. A user uses the bridge to move 1 BTC to a sidechain. He receives 1 sideBTC on the sidechain, spends 0.5 sideBTC there and uses the bridge again to exchange his remaining 0.5 sideBTC for 0.5 BTC.
The problem is that since no Bitcoin node verifies the sidechain, they cannot know how much BTC belongs to that user. They do not know if it is 1 BTC or 0.5 BTC as is the case because sideBTC transactions occur outside the Bitcoin blockchain. The person in charge of processing that bridge could steal bitcoins and the network would not notice this.
Hashrate Escrow
Paul Sztorc’s solution, which since his proposal in 2015 has generated a lot of controversy, is to have the miners process the bridge. That is, the miners could theoretically steal all the BTC from the sidechains because the nodes don’t know if the bridge is processed honestly. Sounds terrible, doesn’t it?
The idea of hashrate escrows is that users send their coins to an escrow controlled by the miners to receive sideBTC. But beware, this coin escrow cannot be used immediately by the miners. To “get” the coins out of it, more than 50% of the miners need to vote their movement for months. With enough votes accumulated (in each block there is one vote), these coins can be spent.
In other words, if miners try to steal BTC from drivechains they will have to announce it publicly for months and everyone will witness their malicious actions. Here we can start to see the logic. What Paul is saying is: “bitcoin from sidechains can always be stolen, let’s make a system where stealing is undesirable“.
In case the majority of miners are honest, the BTC locked in the deposit would go to the users who have redeemed the sideBTC, after a few months of cumulative voting. To make the exchange faster, Atomic Swaps would be used in practice. That is, simply market swaps between BTC and sideBTC (but there would always be the option of using the bridge to maintain the 1:1 ratio).
Game theory
An important aspect of drivechains is that they can provide income to miners through user commissions. The more utility a sidechain has the more commissions it will generate.
Putting all the pieces together we have that miners can indeed steal BTC from drivechains, but… is it really economically profitable?
Paul explains that it depends on the drivechain and the market reaction. If miners try to steal money, it will be fully public and the price may react negatively. A negative reaction in the price would go against their own interests as Bitcoin miners, it would be a shot in the foot. They would also be losing all future commissions that could come from drivechains (people would stop using them as they are considered insecure).
However, if the market responds little or not at all negatively, the theft may be economically profitable. In this case Paul argues that time is available to defend against the miners.
He posits that a User Activated Soft Fork (a change of Bitcoin rules to repel the miners’ attack) could be performed, although this would be risky and probably unacceptable. Another possible interpretation is that since a majority of miners are malicious, a change in the mining protocol could be resorted to in order to drive the miners out, rendering their mining machines obsolete. Under threat from the community, the miners would be honest.
Reflections
For all these reasons, drivechains are very controversial and it does not seem clear that the price mechanism itself is sufficient.
However, Paul Sztorc argues that a majority of miners can steal today, and yet it doesn’t happen. Miners could double spend, they could freeze user funds (censoring transactions) until users pay large fees and even steal money from Lightning Network (censoring the penalty transaction).
All this is theoretically possible in Bitcoin. However miners do not want to destroy their reputation and business, so they are honest. With this in mind, it does not seem that drivechains are any different. Moreover, in the aforementioned attacks there is not enough time to react as a community, as there is in drivechains.
This is one of the reasons why I personally prefer the BIP 300. Far from being perfect, it seems to be the least bad solution we have and will have for years to come. But realistically it is highly unlikely to end up in Bitcoin, at least in the short term.
In any case, let’s hope that the community will continue with this unquenchable thirst to improve Bitcoin and we can continue to bring more proposals under discussion!
