Moving coins from the side chain back to the main chain is the hard part. The white paper says you "use the proof to unlock a number of previously-locked outputs with equal denomination on the parent chain." You have to lock up N bitcoins to create N side chain coins, but those form part of a locked pool which can later be used to redeem sidechain coins. It's conceptually elegant, but the process is complex and delicate. Lots of things can go wrong, and it needs "challenge periods" of about a day during which things get sorted out.
"Security for the blockchain is provided by a set of predefined functionaries"
Uh oh. Remember Paycoin, with its "Prime Controllers" and "guaranteed minimum value". That didn't end well. The whole point of all this cryptographic machinery is supposed to be to eliminate the need to trust some central party or parties. This sidechain scheme doesn't do that.
The federated model is a temporary solution, as a workaround due to the lack of native support in Bitcoin Testnet. Once the Bitcoin network itself can validate the SPV proofs from the sidechain, this model will be replaced with a completely decentralized one.
What's the incentive for people to merge mine this? Namecoin issues its own currency, and it only has a third of the hashrate of Bitcoin. If this sidechain follows that example, it seems like it will be much easier to mount 51% attacks and forge proofs.
A sidechain can be made to pay out bitcoin rewards to its miners, but it needs to get the coins from somewhere, as it can't generate them from thin air like the main blockchain. For example, it could get the coins from transaction fees, or demurrage (interest paid from everyone holding coins).
This is arguably a better incentive than altcoin mining since miners would be paid in real bitcoins.
This is a temporary solution, the whitepaper addresses moving to merged mining (it's not being used in the beginning since sidechains that don't have a lot of hashpower are easily attackable).
>Uh oh. Remember Paycoin, with its "Prime Controllers" and "guaranteed minimum value". That didn't end well. The whole point of all this cryptographic machinery is supposed to be to eliminate the need to trust some central party or parties.
Personally, I'd compare this to Ripple; semi-centralized transaction timestamping seems to work ok for them.
>It's conceptually elegant, but the process is complex and delicate. Lots of things can go wrong, and it needs "challenge periods" of about a day during which things get sorted out.
As I understand sidechains there's a complicated proof mechanism that gets set up for transfer of bitcoin 'value tokens' between the bitcoin blockchain and alternative blockchains without creating any additional currency units, and a fall back to a much simpler exchange mechanism for actual practical day to day exchange.
But the whole thing about not creating additional currency units actually seems fairly arbitrary to me, given that this adds a whole bunch of otherwise unnecessary complexity.
The fallback exchange mechanism for sidechains is based on an atomic exchange algorithm that is well known for many years now.
This is something that could easily be standardised in the form of a relatively simple 'pay on reveal secret' transaction type to permit decentralised exchange between arbitrary pairs of blockchains, as I discussed in the following blog post: http://upcoder.com/11/atomic-cross-chain-exchange/
Neat proposal. It's worth mentioning that it can't be implemented in the current bitcoin implementation, yet the alpha sidechain introduced here happens to add exactly the bits it requires to work, namely time locked transactions and a more plausible malleability fix.
Which means if you find/build another altcoin with similar capabilities, you can start exchanging testnet coins with those altcoins using the very approach you describe today.
I don't believe that's a happy accident, but rather one of those core reasons for getting sidechains off the ground, as it provides a clear path toward finally building all the insane stuff people have been dreaming about for years.
It feels like there are much simpler ways to support pay on reveal secret directly on the bitcoin blockchain, if this is accepted as an important goal (e.g. with explicit conditional redemption conditions based on spending transaction blockcount).
But I guess a more general solution for time locking and malleability can give you other stuff as well (e.g. off chain payment microchannels).
I understand the people in the Bitcoin community are trying to prepare for the future, but is there any evidence at all that Bitcoin transactions will grow to a point where the blockchain can't handle them and sidechains will actually be necessary?
Sidechains are about more than simply allowing extra capacity on the bitcoin network. They fundamentally enable the pace of innovation to increase in the cryptocurrency space.
In the past, if someone wanted to improve bitcoin technically (for a trivial example, let's say improving block confirmation times), they had to fork bitcoin, and release an "altcoin" (thus creating an entirely separate currency at the same time). This inevitably led to many bystanders speculating on the altcoins - getting distracted from the technical improvements, and focusing on whether it was a good investment or not. In the past, it was not possible to separate the bitcoin network from the currency.
Sidechains allow us to create entire new blockchain networks, which use the bitcoin currency natively. This means that I can now test changes to the bitcoin protocol, and allow people to move their existing bitcoin (currency) on and off my new network. For a popular sidechain, hosted wallets could even transparently support sending and receiving coins on both networks. This is a major step forward for cryptocurrency, because it means we no longer need every innovation to have 100% consensus on the main bitcoin blockchain - we can simply try out new ideas on sidechains.
Longer term, I can see sidechains allowing us to even migrate to a Bitcoin 2.0 protocol (think IPv6) - once a new standard is formalized, people can begin using the new network in parallel, and eventually everyone will migrate to the new "main" network.
Sidechains are a potential solution to the scalability problem you mention, but can also be better for other needs (e.g., privacy, speed of settlement) that Bitcoin may not be optimized for.
From my experience people seek alternative cryptocurrencies for different rules governing this community. Where it fails most often - adoption. Being able to piggyback to bitcoin blockchain gives you opportunity to get all the benefits of large infrastructure in place and develop your toy system with little to no effort.
> As a side-effect of its design, CT also enables the additional exchange of private "memo" data (such as invoice numbers or refund addresses)
This is a very interesting detail.
So it's finally possible to use bitcoin as a public ledger, by adding the hash value of any large dataset to the "memo". Up to now, we needed workarounds involving non-existing account, such as provided by Bitcoinproof: https://vog.github.io/bitcoinproof/
Moving coins from the side chain back to the main chain is the hard part. The white paper says you "use the proof to unlock a number of previously-locked outputs with equal denomination on the parent chain." You have to lock up N bitcoins to create N side chain coins, but those form part of a locked pool which can later be used to redeem sidechain coins. It's conceptually elegant, but the process is complex and delicate. Lots of things can go wrong, and it needs "challenge periods" of about a day during which things get sorted out.
"Security for the blockchain is provided by a set of predefined functionaries"
Uh oh. Remember Paycoin, with its "Prime Controllers" and "guaranteed minimum value". That didn't end well. The whole point of all this cryptographic machinery is supposed to be to eliminate the need to trust some central party or parties. This sidechain scheme doesn't do that.