Drivechain May Ossify Bitcoin Blockchain – Bitcoin Magazine
This is an opinion editorial by Nikita Chashchinskii, a software developer working on BIP300 sidechains.
Today, Bitcoin is facing a challenge. There are two conflicting demands necessary for success, and if we want to win, we must find a way to satisfy both. First there is the requirement for security – that is crucial when billions of dollars are at stake. In the security world, professional paranoia and conservatism are a necessity. Any single change introduced to Bitcoin software is a potential security vulnerability. Ideally, we would freeze Bitcoin’s codebase and then never introduce any changes that don’t fix security vulnerabilities.
This first demand is already on the way to being satisfied with a creeping ossification, which is not a conscious strategy, but an accidental political reality established as a result of historical events and technological limitations. Every single change that affects consensus must go through a long, extensive and rigorous process of deliberation. You can see this with the Taproot soft fork, which took 46 months from proposal in January 2018 to activation in November 2021, and in the more recent OP_CTV activation controversy. It may be random, but we are on our way to satisfying the first requirement.
However, there is a serious cost to this unconscious “strategy”. In the existing accidental ossification regime, we are subject to an extreme, and perhaps even justified, level of risk aversion, because if a decision is made and a risk is taken, every single Bitcoin user must bear that risk. Technological improvements either take years to implement or are rejected outright. In such a regime we will never see any technological progress.
In its current state, Bitcoin will never see zero-knowledge cryptography or ring signatures implemented. And so Bitcoin will never have strong privacy. Only Bitcoin’s competition will have strong privacy.
For scaling, we will be stuck with Lightning Network and with custody solutions. Lightning is great as far as it goes, but when it comes to scaling it has limitations. Its capacity to onboard new users is limited, and it still has unsolved UX challenges. Also, some proposals that make Lightning meaningfully better, such as SIGHASH_ANYPREVOUT, will either take years to enable or never be enabled.
This is to say nothing of more experimental ideas and technologies such as Blockstream’s simplicity proposition. It enables smart contracts on Bitcoin with a better design than existing smart contract implementations on altcoins. Given the complexity of this proposal, it is highly unlikely that it will ever see the light of day under the existing process. Only Bitcoin’s biggest competitor wants smart contracts.
And that’s not all. Besides that, there are already existing technological improvements in terms of privacy, scaling and smart contracts, which Bitcoin will not see implemented. We will voluntarily, or worse, accidentally give away the power of all future technological innovation to our competitors. Our competition is not limited by ossification at all.
Significant improvements are already on the table. Imagine how far behind we will be within a decade or two in cryptography and computer science progress, if the situation does not change.
To win, Bitcoin requires a mechanism of change and adaptation to achieve victory in the competitive environment it is in. It doesn’t matter how good Bitcoin is in its current state. Without such a mechanism, Bitcoin’s potential will remain fixed, and the potentials of its competitors and adversaries will grow. In this situation, no matter how far ahead you are, and no matter how far behind your competitors and opponents, they will eventually catch up. Failure to adapt in a competitive environment usually does not work.
Unless at some point there is a transition from the tradition and isolation of the Edo period to the open-mindedness and modernization of the Meiji period, the British will show up with ironclads, Gatling guns and rifles, and you’ll be stuck with samurai swords and horses.
These are the two “incompatible” requirements we have – change and security. The only good way to reconcile them, that I am aware of, is to separate Bitcoin into two isolated layers. Layer 1 must be a fully ossified foundation, never making non-security-enhancing changes (it will in all likelihood be the existing Bitcoin Core). Layer 2 must be a sidechain layer that is free to take risks and implement arbitrary functions.
It needs to be a secure two-way peg that allows anyone to transfer funds between the base layer and the side chain at layer 2 at a 1:1 exchange rate. This two-way pin mechanism and perhaps a blind merged mining arrangement should be the only things connecting Tier 1 and Tier 2.
With this mechanism, the decision on how much technological risk to take will be taken individually and unilaterally by each individual user. Any user can move funds into a particular sidechain, voluntarily accepting its trade-offs and risks, or move them back to the ossified security of the base layer at any time.
This individual risk-taking or non-taking risk and trade-offs, affecting only the people participating in it, would replace the existing process of collective risk-taking through community-wide deliberation and all-or-nothing introduction of changes affecting every single Bitcoin user .
There already exists a custody implementation of this idea – Liquid Network. But because it is custody, it is wrong. To attack it, you have to compromise with five custodians spread around the world and not just one, which is much better than something like Coinbase, but it is still custodial.
Liquid’s success has been quite limited. As of September 14, 2022, according to liquid.net, there are 3,560 BTC connected to the network. That’s about $71 million or 0.019% of the current circulating BTC supply of just over 19 million coins. It’s better than nothing, but an implementation that relies on an 11-of-15 multisig controlled by 15 officially incorporated companies worldwide requires an unacceptable level of trust for a supposedly trustless distributed cryptocurrency, which is reflected in people’s reluctance to actually use it – that’s why there’s only ~$71 million in it.
It is a non-custodial implementation of the exact same idea proposed in BIP300 and BIP301 – Drivechain. It requires a soft fork to activate, but it is distributed and trustless. The two-way pin is secured by paying all sidechain transaction fees to miners to perform a fixed and very simple set of functions. You can get the full description of the mechanism in the BIPs.
This is a significant security improvement compared to Liquid. To attack Liquid, you only need to compromise five integrated clerks, which is a woefully inadequate security arrangement given the kind of adversaries Bitcoin could face if it continues to grow. To attack Drivechain, you need to perform a 51% attack in three months, while making it painfully obvious to every single participant in the network that you are performing an attack and giving said participants plenty of time to respond.
With Drivechain, we have a way to reconcile our two “irreconcilable” demands for change and security. We can ossify Bitcoin more completely than with the existing “random political reality” form of ossification, we can preserve Bitcoin’s trustless and distributed nature, and at the same time we can ensure that in the future we will be “British” with metaphorical iron-clad, Gatling guns and rifles, and our competitors and opponents would be those stuck with metaphorical samurai swords and horses.
This is a guest post by Nikita Chashchinskii. Opinions expressed are entirely their own and do not necessarily reflect the opinions of BTC Inc or Bitcoin Magazine.