The Bitshares blockchain as the first public sidechain for Bitcoin

[complexring]

The original suggestion of using 15 witnesses to be holders of the private key of a multisig address seems simplest and best. 

Although, I am still unconvinced that bytemaster's suggestion of the top 15 is the best option.  bytemaster seems to think that it's not an issue, due to historical data, that a voting-out event could occur.  That's fine; however, we should always recall that past results are not indicative of future results.

The better solution (and I refuse to call any possible solution the best) is to randomly select 15 of the witnesses to be private key holders, with possibly a slightly weighted distribution towards the top ones.  This way, even if there is a switch between the 15th and 16th witness, we wouldn't have to constantly move to a new multi-sig address for the collateral. 

Best block producers of BitShares are probably not the best signers of BTC address. Imo we need another voting algorithm for the BTC multi-signers, for better security, for example one stake can only vote for one signer, so BTC38 can't control all signers. We can probably ask the signers to put some collateral in BitShares, for example to an account under the control of the committee (the voting algorithm of committee should also be revised), to make sure they won't steal customers' funds.

Great thoughts.  I'm not opposed to having others hold the private keys to the multisig address and you bring a good point that it may not be the best option to have block producers be the holders of the private keys.

Randomness is evil. Stake talks.

Randomness is not evil if a protocol is designed properly to handle it.  Making a blanket statement, without mathematical proofs is disingenuous.  There are plenty of mathematical algorithms where randomness is used and provides a better algorithm than ones that do not use (pseudo-or-pure) randomness. 

Point being that the unnecessary transactions that occur under any system design that has a vote for whom holds the private keys for the multisignature addresses will be costly (even if it's minute) and that randomness mitigates this issue.  I'm not saying it's the best, but even when you vote for the holders of the private keys to the multisig address, the person(s) / accounts at 15 and 16 could constantly be swapping positions, and the collateral would be eaten by the transaction fees.

This is good will. But I don't think BitShares is powerful enough to let other chains adapt BitShares's protocol.

I am unsure what you mean by this.  I wasn't suggesting BitShares protocol be adopted by other chains. What I mean is that if the sidechain protocol that BitShares implements works for BitCoin, then it will work for any other altcoin that uses multisignature addresses.

[abit]

The original suggestion of using 15 witnesses to be holders of the private key of a multisig address seems simplest and best. 

Although, I am still unconvinced that bytemaster's suggestion of the top 15 is the best option.  bytemaster seems to think that it's not an issue, due to historical data, that a voting-out event could occur.  That's fine; however, we should always recall that past results are not indicative of future results.

The better solution (and I refuse to call any possible solution the best) is to randomly select 15 of the witnesses to be private key holders, with possibly a slightly weighted distribution towards the top ones.  This way, even if there is a switch between the 15th and 16th witness, we wouldn't have to constantly move to a new multi-sig address for the collateral. 

Best block producers of BitShares are probably not the best signers of BTC address. Imo we need another voting algorithm for the BTC multi-signers, for better security, for example one stake can only vote for one signer, so BTC38 can't control all signers. We can probably ask the signers to put some collateral in BitShares, for example to an account under the control of the committee (the voting algorithm of committee should also be revised), to make sure they won't steal customers' funds.

Randomness is evil. Stake talks.

This extra transaction seems cumbersome and also is more costly, in terms of transaction fees on the bitcoin network.  If you foresee this sidechain business as something that could happen with any altcoin (which I do), then mitigating additional and unnecessary transactions by properly creating a sidechain protocol for any alt on bitshares is the proper way forward.

This is good will. But I don't think BitShares is powerful enough to let other chains adapt BitShares's protocol.

tl;dr -- side.btc seems superfluous and has potential issues.  Simpler solution is the original one offered, i.e. 15 of the witnesses hold the private keys to a multisignature address that contains the collateral of the bitcoin.

[abit]

Could we just use the witness order we have for signing blocks. Just make it last 15 witness have multisig.

Technically impossible.
The multi-sig wallet address is on bitcoin network, which has an average of 10 minutes block interval. It means we need to wait for 1 hour to make sure a transaction is included in a good fork (6 confirmations). You're saying "the last 15 witnesses hold the private keys of a bitcoin address", which means we need to change the multi-sig in bitcoin network every 3 seconds.

[Pheonike]

Could we just use the witness order we have for signing blocks. Just make it last 15 witness have multisig.

[complexring]

@abit
* The witness who hold the second key could be killed, so the key lost, and the locked BTC become non-redeemable, hence no value.
* The witness who hold the second key could be the same person who deposited the BTC which is supposed to be locked, but actually the person have both keys, she can just unlock the fund without destroy the issued bitBTC.

1 all witnesses would hold the second key
2 the software will only allow a witness to sign the bitcoin transaction once the corresponding SIDEBTC has been destroyed. Remember SIDEBTC is not transferable only BITBTC is.

Re 2): How does the software prevent someone with both bitcoin private keys from signing a "bitcoin" transaction? They would sign it on the bitcoin network, which doesn't care about the rules of the sidechain.

In general, I think this scheme is overly complicated and prone to some basic pitfalls. First and foremost, with potentially locked up BTC forever, all the BitBTC isn't redeemable for BTC, so it shouldn't trade as 1-1 for BTC.

I think BM's solution is much simpler, easier to understand, and therefore easier to trust. It's pretty safe except in the case of large scale collusion by the custodians of the SBA keys. To reduce this chance for collusion, the custodians could be compensated by some stream of income that goes away if they do collude.

Obviously there's political decisions involved in determining how to balance the amount of income to the custodians, the number of custodians, etc as the balance held increases. The biggest problem is this regard is probably the limited size of Bitcoin's multisig.

I'm glad to see a BTC expert came in.

Imo what we need is a reputation system which will provide trusts. "Reputed signers hold the keys".

By the way multi-sig feature of BTC is too expensive, perhaps we can't afford the operating cost if eventually implemented the side chain thing.

I agree.  SIDE.BTC makes the entire system too convoluted, is unnecessary, and is prone to potential problems.

The original suggestion of using 15 witnesses to be holders of the private key of a multisig address seems simplest and best. 

Although, I am still unconvinced that bytemaster's suggestion of the top 15 is the best option.  bytemaster seems to think that it's not an issue, due to historical data, that a voting-out event could occur.  That's fine; however, we should always recall that past results are not indicative of future results.

The better solution (and I refuse to call any possible solution the best) is to randomly select 15 of the witnesses to be private key holders, with possibly a slightly weighted distribution towards the top ones.  This way, even if there is a switch between the 15th and 16th witness, we wouldn't have to constantly move to a new multi-sig address for the collateral. 

This extra transaction seems cumbersome and also is more costly, in terms of transaction fees on the bitcoin network.  If you foresee this sidechain business as something that could happen with any altcoin (which I do), then mitigating additional and unnecessary transactions by properly creating a sidechain protocol for any alt on bitshares is the proper way forward.

tl;dr -- side.btc seems superfluous and has potential issues.  Simpler solution is the original one offered, i.e. 15 of the witnesses hold the private keys to a multisignature address that contains the collateral of the bitcoin.

[abit]

@abit
* The witness who hold the second key could be the same person who deposited the BTC which is supposed to be locked, but actually the person have both keys, she can just unlock the fund without destroy the issued bitBTC.

2 the software will only allow a witness to sign the bitcoin transaction once the corresponding SIDEBTC has been destroyed. Remember SIDEBTC is not transferable only BITBTC is.

Re 2): How does the software prevent someone with both bitcoin private keys from signing a "bitcoin" transaction? They would sign it on the bitcoin network, which doesn't care about the rules of the sidechain.

Who would have both keys? As a depositor you guard your 1 of 2 key as well as you would a single key.

abit's original point was simple, so I've just requoted his point, your reply,  and my reply. To answer your question: the
witness would have both keys: his "witness" key and his "sender" key. With these two keys, you can sell your BitBTC, then release your BTC.

So basically you're saying that witnesses would be able to double spend their own BTC by redeeming SIDEBTC and dumping BITBTC at the same time?

Correct. More probably a compromised block-signing witness_node (those running in VPS but not in a dedicated server).

[dannotestein]

@abit
* The witness who hold the second key could be the same person who deposited the BTC which is supposed to be locked, but actually the person have both keys, she can just unlock the fund without destroy the issued bitBTC.

2 the software will only allow a witness to sign the bitcoin transaction once the corresponding SIDEBTC has been destroyed. Remember SIDEBTC is not transferable only BITBTC is.

Re 2): How does the software prevent someone with both bitcoin private keys from signing a "bitcoin" transaction? They would sign it on the bitcoin network, which doesn't care about the rules of the sidechain.

Who would have both keys? As a depositor you guard your 1 of 2 key as well as you would a single key.

abit's original point was simple, so I've just requoted his point, your reply,  and my reply. To answer your question: the
witness would have both keys: his "witness" key and his "sender" key. With these two keys, you can sell your BitBTC, then release your BTC.

So basically you're saying that witnesses would be able to double spend their own BTC by redeeming SIDEBTC and dumping BITBTC at the same time?

I'm saying they can sell their BitBTC and also reclaim their BTC since reclaiming only requires the two Bitcoin keys (no redeeming of SIDEBTC required). I don't really view this as a double spend, but it certainly doubles your money.

[JonnyB]

@abit
* The witness who hold the second key could be the same person who deposited the BTC which is supposed to be locked, but actually the person have both keys, she can just unlock the fund without destroy the issued bitBTC.

2 the software will only allow a witness to sign the bitcoin transaction once the corresponding SIDEBTC has been destroyed. Remember SIDEBTC is not transferable only BITBTC is.

Re 2): How does the software prevent someone with both bitcoin private keys from signing a "bitcoin" transaction? They would sign it on the bitcoin network, which doesn't care about the rules of the sidechain.

Who would have both keys? As a depositor you guard your 1 of 2 key as well as you would a single key.

abit's original point was simple, so I've just requoted his point, your reply,  and my reply. To answer your question: the
witness would have both keys: his "witness" key and his "sender" key. With these two keys, you can sell your BitBTC, then release your BTC.

So basically you're saying that witnesses would be able to double spend their own BTC by redeeming SIDEBTC and dumping BITBTC at the same time?

[dannotestein]

@abit
* The witness who hold the second key could be the same person who deposited the BTC which is supposed to be locked, but actually the person have both keys, she can just unlock the fund without destroy the issued bitBTC.

2 the software will only allow a witness to sign the bitcoin transaction once the corresponding SIDEBTC has been destroyed. Remember SIDEBTC is not transferable only BITBTC is.

Re 2): How does the software prevent someone with both bitcoin private keys from signing a "bitcoin" transaction? They would sign it on the bitcoin network, which doesn't care about the rules of the sidechain.

Who would have both keys? As a depositor you guard your 1 of 2 key as well as you would a single key.

abit's original point was simple, so I've just requoted his point, your reply,  and my reply. To answer your question: the
witness would have both keys: his "witness" key and his "sender" key. With these two keys, you can sell your BitBTC, then release your BTC.

[tbone]

Obviously we should be pushing to get a sidechain implementation going ASAP.  But I think we're dramatically overcomplicating it in this thread and should probably leave the precise details to the devs (primarily @bytemaster). 

Beyond that, I think we should be concentrating on pushing to incentivize a) creation of the primary fiat BitAssets and b) participation in BitAsset liquidity pools, among other liquidity measures. 

Speaking of liquidity, I think we should be doing what we can to establish robust markets in any new cryptocurrencies that hit the market.  The Lisk ICO will go for another 3 weeks and then it will launch and trade on the open market.  I'll probably say this until I'm blue in the face.  But we should make sure we are among the first exchanges (if not THE first) to trade Lisk.  That would generate plenty of buzz and new users for the DEX.

We really need to get serious about making some of these pieces of the puzzle come together.

@bytemaster solution is just a bitcoin master wallet where the witnesses share the private keys and issue IOU tokens much like OPEN.BTC minus the multisig

Can we keep on topic with this thread. Please start a new thread if you want to discuss adding lisk.

You missed my point.  It wasn't about adding Lisk.  That was just one example and my point was that we'd probably be far better served if non-technical people focused more on working toward helping the important pieces of the puzzle to come together rather than over-complicating sidechains and getting into the weeds over the details of its implementation.

Having said that, @bytemaster's solution seems to be sensible and elegant.  In your estimation, where is he going wrong? 

[JonnyB]

@abit
* The witness who hold the second key could be killed, so the key lost, and the locked BTC become non-redeemable, hence no value.
* The witness who hold the second key could be the same person who deposited the BTC which is supposed to be locked, but actually the person have both keys, she can just unlock the fund without destroy the issued bitBTC.

1 all witnesses would hold the second key
2 the software will only allow a witness to sign the bitcoin transaction once the corresponding SIDEBTC has been destroyed. Remember SIDEBTC is not transferable only BITBTC is.

Re 2): How does the software prevent someone with both bitcoin private keys from signing a "bitcoin" transaction? They would sign it on the bitcoin network, which doesn't care about the rules of the sidechain.

In general, I think this scheme is overly complicated and prone to some basic pitfalls. First and foremost, with potentially locked up BTC forever, all the BitBTC isn't redeemable for BTC, so it shouldn't trade as 1-1 for BTC.

I think BM's solution is much simpler, easier to understand, and therefore easier to trust. It's pretty safe except in the case of large scale collusion by the custodians of the SBA keys. To reduce this chance for collusion, the custodians could be compensated by some stream of income that goes away if they do collude.

Obviously there's political decisions involved in determining how to balance the amount of income to the custodians, the number of custodians, etc as the balance held increases. The biggest problem is this regard is probably the limited size of Bitcoin's multisig.

I'm glad to see a BTC expert came in.

Imo what we need is a reputation system which will provide trusts. "Reputed signers hold the keys".

By the way multi-sig feature of BTC is too expensive, perhaps we can't afford the operating cost if eventually implemented the side chain thing.

Who would have both keys? As a depositor you guard your 1 of 2 key as well as you would a single key.

[abit]

@abit
* The witness who hold the second key could be killed, so the key lost, and the locked BTC become non-redeemable, hence no value.
* The witness who hold the second key could be the same person who deposited the BTC which is supposed to be locked, but actually the person have both keys, she can just unlock the fund without destroy the issued bitBTC.

1 all witnesses would hold the second key
2 the software will only allow a witness to sign the bitcoin transaction once the corresponding SIDEBTC has been destroyed. Remember SIDEBTC is not transferable only BITBTC is.

Re 2): How does the software prevent someone with both bitcoin private keys from signing a "bitcoin" transaction? They would sign it on the bitcoin network, which doesn't care about the rules of the sidechain.

In general, I think this scheme is overly complicated and prone to some basic pitfalls. First and foremost, with potentially locked up BTC forever, all the BitBTC isn't redeemable for BTC, so it shouldn't trade as 1-1 for BTC.

I think BM's solution is much simpler, easier to understand, and therefore easier to trust. It's pretty safe except in the case of large scale collusion by the custodians of the SBA keys. To reduce this chance for collusion, the custodians could be compensated by some stream of income that goes away if they do collude.

Obviously there's political decisions involved in determining how to balance the amount of income to the custodians, the number of custodians, etc as the balance held increases. The biggest problem is this regard is probably the limited size of Bitcoin's multisig.

I'm glad to see a BTC expert came in.

Imo what we need is a reputation system which will provide trusts. "Reputed signers hold the keys".

By the way multi-sig feature of BTC is too expensive, perhaps we can't afford the operating cost if eventually implemented the side chain thing.

[dannotestein]

@abit
* The witness who hold the second key could be killed, so the key lost, and the locked BTC become non-redeemable, hence no value.
* The witness who hold the second key could be the same person who deposited the BTC which is supposed to be locked, but actually the person have both keys, she can just unlock the fund without destroy the issued bitBTC.

1 all witnesses would hold the second key
2 the software will only allow a witness to sign the bitcoin transaction once the corresponding SIDEBTC has been destroyed. Remember SIDEBTC is not transferable only BITBTC is.

Re 2): How does the software prevent someone with both bitcoin private keys from signing a "bitcoin" transaction? They would sign it on the bitcoin network, which doesn't care about the rules of the sidechain.

In general, I think this scheme is overly complicated and prone to some basic pitfalls. First and foremost, with potentially locked up BTC forever, all the BitBTC isn't redeemable for BTC, so it shouldn't trade as 1-1 for BTC.

I think BM's solution is much simpler, easier to understand, and therefore easier to trust. It's pretty safe except in the case of large scale collusion by the custodians of the SBA keys. To reduce this chance for collusion, the custodians could be compensated by some stream of income that goes away if they do collude.

Obviously there's political decisions involved in determining how to balance the amount of income to the custodians, the number of custodians, etc as the balance held increases. The biggest problem is this regard is probably the limited size of Bitcoin's multisig.

[JonnyB]

Obviously we should be pushing to get a sidechain implementation going ASAP.  But I think we're dramatically overcomplicating it in this thread and should probably leave the precise details to the devs (primarily @bytemaster). 

Beyond that, I think we should be concentrating on pushing to incentivize a) creation of the primary fiat BitAssets and b) participation in BitAsset liquidity pools, among other liquidity measures. 

Speaking of liquidity, I think we should be doing what we can to establish robust markets in any new cryptocurrencies that hit the market.  The Lisk ICO will go for another 3 weeks and then it will launch and trade on the open market.  I'll probably say this until I'm blue in the face.  But we should make sure we are among the first exchanges (if not THE first) to trade Lisk.  That would generate plenty of buzz and new users for the DEX.

We really need to get serious about making some of these pieces of the puzzle come together.

@bytemaster solution is just a bitcoin master wallet where the witnesses share the private keys and issue IOU tokens much like OPEN.BTC minus the multisig

Can we keep on topic with this thread. Please start a new thread if you want to discuss adding lisk.

I don't know the details of bytemaster's solution.  What are the pitfalls of it?  Sounds like a straightforward solution:  bring bitcoin in one-way via sidechain, treat it as a token to trade inside bitshares, redeem via a convert to BTS then to shapeshift.

It is straightforward and will be much better than what we have now.
I just think we should be more ambitious and create a solution where the depositor at least retains control of half of their private key. Ie a true sidechain.

@tbone

[kingslanding]

Obviously we should be pushing to get a sidechain implementation going ASAP.  But I think we're dramatically overcomplicating it in this thread and should probably leave the precise details to the devs (primarily @bytemaster). 

Beyond that, I think we should be concentrating on pushing to incentivize a) creation of the primary fiat BitAssets and b) participation in BitAsset liquidity pools, among other liquidity measures. 

Speaking of liquidity, I think we should be doing what we can to establish robust markets in any new cryptocurrencies that hit the market.  The Lisk ICO will go for another 3 weeks and then it will launch and trade on the open market.  I'll probably say this until I'm blue in the face.  But we should make sure we are among the first exchanges (if not THE first) to trade Lisk.  That would generate plenty of buzz and new users for the DEX.

We really need to get serious about making some of these pieces of the puzzle come together.

@bytemaster solution is just a bitcoin master wallet where the witnesses share the private keys and issue IOU tokens much like OPEN.BTC minus the multisig

Can we keep on topic with this thread. Please start a new thread if you want to discuss adding lisk.

I don't know the details of bytemaster's solution.  What are the pitfalls of it?  Sounds like a straightforward solution:  bring bitcoin in one-way via sidechain, treat it as a token to trade inside bitshares, redeem via a convert to BTS then to shapeshift.