Abstract: In this piece we evaluate Paul Sztorc’s BIP-300 and BIP-301 Drivechain proposals. We assess the sidechain peg-out system and the benefits of blind merge mining. In particular we discuss some of the Bitcoin mining economic and incentive arguments around sidechains. There are potentially higher mining costs associated with merge mining and the claim that these costs can never contribute to centralisation risks, is somewhat fanciful, in our view. However, a successful blind merge mined sidechain with significant MEV opportunities could offer Bitcoin significant benefits, which could more than offset the disadvantages.
Overview
Way back in November 2015, Bitcoin researcher Paul Sztorc proposed Drivechains, an improved merged mined sidechain mechanism for Bitcoin. Merged mining is where Bitcoin is the parent chain and a commitment hash from another chain is located somewhere inside the Bitcoin blockchain. As we noted in our November 2020 report, merged mining has now been adopted by the overwhelming majority of Bitcoin miners. However, this is “regular” merged mining, not the superior “blind merged mining”, which has been proposed by Paul, but not yet adopted to a meaningful extent.
Drivechanis can be broken down into two related component parts, each of which requires a softfork protocol upgrade to Bitcoin:
- BIP-300 which includes the peg-out mechanism for the sidechains (The way Bitcoin are sent back to the mainchain), and
- BIP-301 a system which makes blind merge mining possible.
As of 2023, Paul continues to advocate for these two proposals.
Blind Merge Mining (BIP-301)
We have already discussed the benefits of blind merge mining in our November 2020 report. The key characteristic is the separation of the incentive payments on the sidechain from the Bitcoin miners. Blind merge mining works by a third party running the sidechain, building sidechain blocks and receiving the sidechain fees. This entity then creates a Bitcoin transaction, which passes on these fees to the Bitcoin miners in the form of Bitcoin transaction fees. The key consideration here is that the Bitcoin miner then receives these fees regardless of what happens to the sidechain. Therefore, the Bitcoin miner does not need to run the sidechain and if there is a sidechain re-organisation, the Bitcoin miner is unaffected. This mechanism thereby shelters Bitcoin from the risks of the sidechain. The fees are expected to be passed on to Bitcoin miners by an auction type system. There could be a variety of sidechain block producers who produce candidate sidechain blocks. Along with these proposals is a Bitcoin transaction, which includes a fee. Rational Bitcoin miners would select the transaction with the highest fee.
BIP-301 therefore requires a new Bitcoin transaction type and therefore a softfork upgrade. The new transaction, the sidechain commitment transaction needs several new features:
- The transaction needs to identify a specific sidechain
- The transaction must specify a sidechain block height
- A field for a root hash of the sidechain block candidate is also required
In addition to the above, the Bitcoin protocol rules would also need to enforce that the blockchain can only contain one sidechain commitment transaction for any given identified sidechain and given sidechain block height. Presumably, also, each Bitcoin block cannot contain more than one commitment for any given sidechain. This may add some complexity to Bitcoin, not only would full Bitcoin nodes need to monitor the UTXO set, but also an additional database of sidechain identities and sidechain commitment transactions. Nonetheless, increased usage of sidechains could potentially be positive for Bitcoin’s utility and blind merged mining may be an improvement over regular merged mining, therefore the benefits of BIP-301 may outweigh the risks of the added complexity. It should be noted that it may be possible to implement blind merged mining using BIP-118 and “Spacechains”, rather than with BIP-301. This method avoids the complexity of a specific new transaction type and is therefore considered as a superior way of implementing blind merge mining.
Peg-out System (BIP-300)
The key challenge with sidechains is enabling the peg-out of Bitcoin back to the Bitcoin mainchain in a trustless way. Implementing this in an effective way is proving extremely difficult and is a key barrier to the success of sidechains on Bitcoin. Of course, this is not a problem if you do not want to use Bitcoin on the sidechain, but if you do, then there is an issue. One can argue that the peg-out mechanism is so important that it takes precedence over the sidechain rules. Surely the sidechain that users would want to follow is the one where peg-out works, rather than the sidechain which their sidechain node considered as valid with the most merge mining?
The solution proposed in BIP-300 is essentially relying on Bitcoin miners. The idea is that the opportunity to peg-out applies once every three months in a process on the sidechain. The sidechain then produces a hash, which commits to the sidechain peg-out transactions. A Bitcoin miner is then expected to take this hash and include it in their coinbase transaction. The risk here is that the miner could be cheating and insert a different hash, which commits to a transaction that steals all the funds. To mitigate against this, there is then a six month long voting process which occurs among the Bitcoin miners. In order for the sidechain withdrawal transaction to be valid, over 50% of the miners must vote for a withdrawal in their coinbase transaction over the next six months. All blocks, whether the block includes a vote or not, count. Therefore if miner participation in the vote is lower than 50%, then the funds cannot be redeemed.
The idea is that this long voting period helps prevent theft. If a miner submits an invalid proposal, according to the sidechain rules, the sidechain community has six months to act. The sidechain community could engage in several actions to prevent the left, for example lobbying miners not to vote for the withdrawal or lobbying the Bitcoin community for a UASF to block the theft transaction.
This miner voting system for sidechain peg-out is controversial and has many significant weaknesses:
- Miners could steal funds – Sidechain users need to trust the miners not to steal their funds.
- Miner apathy – Miners may not participate in the voting to a sufficient extent and therefore the funds may be stuck. This uncertainty could prevent people from sending funds to new sidechains or small sidechains.
- Time consuming redemption process – The redemption process is quite slow and takes at least three months. Of course users could use atomic swaps to get their coins out of the chain earlier, but in order for this to work there needs to be sufficient liquidity. The long time delay could also cause price differentials between mainchain Bitcoin and sidechain Bitcoin. In contast, a peg-out trasaction from Arbitrum to the Ethereum mainchain takes around a week.
- Inability to initiate a sidechain peg-out on demand – In addition to being a slow process, users would also be unable to initiate a withdrawal on demand and would need to wait for a scheduled peg-out transaction which happens every three months, therefore the time it takes to withdraw will be inconsistent depending on when the withdrawal is required.
- UASFs – The security system to some extent depends on the threat of UASFs to deter thefts. However, some may argue that we should minimise the number of changes to the Bitcoin protocol and not adopt a system which makes softfork wars more frequent. On the other hand, BIP-300 advocate and developer “fiatjaf” has written a list of reasons why a majority of miners would not want to steal from the sidechain and therefore many think that the threat of a UASF is not necessary.
- More complex network rules – In order for Bitcoin nodes to assess the validity of some Bitcoin transactions, clients would need to tally up votes in the coinbase transactions of historic Bitcoin blocks.
- Encourages miners to run the sidechain node – Miners may want to run the sidechain node in order to submit or vote on a peg-out sidechain redemption request. This therefore negates the advantages of blind merged mining as now miners may need to be running the node anyway for the peg-outs.
In our view, the above issues make the BIP-300 peg-out system somewhat weak. However, there appears to be no good peg-out system for Bitcoin sidechains. Perhaps it’s time to revisit the original Blockstream sidechain fraud proof ideas from 2014 again? On the other hand 51% of the miners could also censor the fraud proof transaction and therefore in the miner theft scenario we have similar risks as under BIP-300, 51% of the miners could steal sidechain funds. In a way, Paul’s proposal embraces the reality that under any known peg-out system, for example: fraud proofs, actual proofs or ones with a central sidechain administor signing withdrawals, Bitcoin miners could either censor data, fake data or cooperate with the administor and steal the sidechain Bitcoin. Therefore rather than building one of those potentially unnecessary security systems, BIP-300 just gives the power to withdraw directly to the Bitcoin miners. On the other hand adding a simple actual proof using merkle roots and hash functions might have some benefits, as it would make it more complicated for miners to steal funds. The downside here is it could give users a false sense of security.
Mining Economics & Incentives
In the second part of this article we are going to examine the mining economics and incentives of sidechains, in particular the idea that sidechains could significantly increase mining costs. For instance to remain competitive miners may need to validate the sidechains or perhaps perform complex MEV farming on the sidechain, these high costs could cause mining centralisation. At the same time a bug or re-organisation on the sidechain could cause problems for the main Bitcoin chain.
Vertical Integration
Firstly, there is the claim that blind merge mining mitigates away most or even all of the above mining incentive problems. With blind merge mining miners receive their compensation on the mainchain in Bitcoin, therefore this is just like a “normal” transaction fee from an incentive perspective. If the fees are really large, for example the size of Ethereum fees, this could cause issues, such as fee snipping, but in theory the situation should be no worse than if Bitcoin fees had organically increased to this level without a sidechain. Miners should never need to validate the sidechain or care if there is a sidechain re-organisation. Sidechain validation and Bitcoin mining is separated by the auction process.
Bitcoiner Alex B (@bergealex4) has claimed that the above is not true and that blind merge mining may not solve all of these problems. Even with blind merged mining the situation is worse than with normal transaction fees, because miners may vertically integrate their business models and run the sidechains themselves. For example block building may not be sufficiently competitive in some small sidechains. Therefore the sidechain block producers could only pass on 80% of their fee income to the miners, earning a 20% profit margin. Bitcoin miners could then decide to cut out the middleman, validate the sidechains themselves and generate more profits. Sidechain block producers may also require signifcant capital on hand to pay Bitcoin miners their fees before they can sell their sidechain rewards. This could be burdensome, therefore vertical integration could make sense, as the capital would no longer be required. With Bitcoin miners running the sidechains, many of the benefits of blind merge mining may no longer apply.
Ethereum MEV
As evidence for this vertical integration claim, Alex compares blind merge mining to a situation in Ethereum. In Ethereum there is an attempted somewhat analogous separation between block producers and stakers, with an auction separating them, just like the proposed auction for the sidechain fees in blind merged mining. In Ethereum this is called proposer builder separation. Ethereum block producers would then pass on most of the Ethereum transaction fees to the stakers in their candidate blocks and then the stakers are incentivised to select the candidate blocks with the highest fees. This system has not been implemented in the Ethereum protocol yet, however it is implemented in Flashbot’s MEV-Boost. MEV-Boost has c93% adoption among Ethereum stakers. Therefore, for all practical purposes, a proposer builder separation system already exists in Ethereum.
According to a recent analysis conducted by EigenPhi, vertical integration between stakers and block producers within MEV-Boost may have increased considerably in the last few months to 45% by value (compared to just 12.2% at the start of 2023). Anecdotally, EigenPhi also mentioned that “we just met a big validator who is doing block-building during ETHCC”. This is a very active issue in Ethereum at the moment and therefore perhaps Bitcoiners could wait and see how proposer builder separation plays out in Ethereum before deciding to push ahead with BIP-301.
In advocating for sidechains, one is likely to hope the sidechains will be successful and perhaps generate significant MEV opportunities. Extracting MEV can be highly complex, capital intensive and expensive, therefore this can be a centralising force. This represents a risk. To clarify, we are not claiming this is a reason to oppose sidechains for Bitcoin, sidechains offer many potential benefits and a successful Bitcoin sidechain generating a large amount of MEV could be highly desirable. However, we refute the claim that there are no risks or that all the MEV risks are solved by blind merge mining.
Mining Centralisation Debate – Economic Arguments
Paul Sztorc has an interesting defence to the assertion that merged mined sidechains could increase mining costs and therefore increase mining centralisation. We mentioned the risk that merged mining could increase centralisation pressure in our November 2020 blog post, something that Paul picked up and refuted. We are focusing on this point in this report as we consider it an interesting economic argument about Bitcoin mining incentives, not because it’s especially important in considering the merits of Drivechains.
Paul argues that merged mining costs are just like any other mining costs. Mining is supposed to have costs and be a competitive industry. If weak miners can’t handle the higher merged mining costs and therefore have to shut down, that is fine. This is just like if a miner cannot handle a higher difficulty adjustment and has to shut down. We want strong miners to succeed and weak miners to fail, that is the nature of competition. Therefore, Paul asserts, the higher costs associated with merge mining (Even the costs of MEV extraction) is not a valid argument against merged mining. While it is important to keep the costs of running a full node low, to ensure the network is decentralised, other mining costs should be considered differently. It does not matter so much if these other costs are high. Paul would no doubt believe that some of the people oppose merged mining based on a misconception, as an artefact of the blocksize war. People may wrongly oppose all mining cost increases, while only full node costs matter. Perhaps this is part of Bitcoin’s autoimmune disorder.
Examples of possible Bitcoin mining costs
|
In a way, Paul is right here. Running a sidechain can be thought of as just another cost and should be evaluated as such. Paul is certainly correct that these other costs should be considered very differently to full node costs, which it is critical to keep low. However, our view is that just because it is another cost, that does not negate any economic disadvantages the costs may have. If we care about the decentralisation of mining, we would prefer that the mining industry has certain economic characteristics:
- Low barriers to entry
- Low of economies of scale
- High degree of competitiveness
If any of Bitcoin mining costs jeopardise some of these features, it seems reasonable to argue that, if possible, we consider trying to minimise these costs. For example if a government wanted to impose an expensive mining licence with high upfront fees, that is something Bitcoiners may want to oppose. On the other hand, the cost of the higher difficulty adjustment, does not seem to undermine the desired economic cost characteristics. If merge mining could cause a high barrier to entry (For example due to expensive MEV extraction opportunities), this may be something to be concerned about, even if there are also other costs which may also cause problems.
That is not to say we consider this problem a significant weakness of merge mining nor is it a reason to oppose BIP-301. This is merely an interesting economic argument. Afterall, we have already experienced mass adoption of merged mining schemes from the Bitcoin miners anyway and BIP-301 is not likely to make this potential problem any worse. If we do ever have a successful sidechain on Bitcoin, the benefits of the fees this generates may outweigh the disadvantages of the possible higher centralisation pressure.
Conclusion
The peg-out mechanism in BIP-300 appears to have many weaknesses and adds a reasonable amount of complexity to the Bitcoin protocol. Therefore, in our view, it may struggle to achieve the consensus needed for activation. On the other hand, we have not yet seen a peg-out mechanism design that is strictly superior to BIP-300.
Blind merge mining is certainly a potential improvement over the current “regular merge mining” and therefore it may be worth the added complexity to try and enable this in Bitcoin. Claiming that blind merged mining solves all the risks is a somewhat fanciful claim, in our view. However, a successful blind merge mined sidechain with significant MEV opportunities could offer Bitcoin significant benefits and therefore it could be worth the risks.