This is an opinion editorial by Nikita Chashchinskii, a software developer working on BIP300 sidechains.
Today, Bitcoin is facing a challenge. There are two conflicting requirements necessary for success, and if we want to win, we must find a way to satisfy both. First, there is the requirement for security โ paramount when billions of dollars are at stake. In the security world professional paranoia and conservatism are a necessity. Any change made to Bitcoin software is a potential security vulnerability. The ideal would be to freeze the Bitcoin codebase and then never make any changes that don’t fix security vulnerabilities.
This first requirement is already on its way to being satisfied with a creeping ossification, which is not a conscious strategy, but an accidental political reality established as a result of historical events and technological limitations. Every change that touches consensus must go through a long, extensive and rigorous process of deliberation. You can see this with the Taproot soft fork, which took 46 months from proposal in January 2018 to activation in November 2021, and in the more recent OP_CTV activation controversy. It may be by chance, but we are well on our way to meeting the first requirement.
However, this unconscious “strategy” comes at a serious cost. In the existing regime of accidental ossification we are subject to an extreme, and perhaps even justified, level of risk aversion, because if a decision is reached and a risk is taken, each Bitcoin user must take this risk. Technological improvements take years to implement or are rejected outright. In this regime we will never see some technological advances.
As it stands, Bitcoin will never see zero-knowledge cryptography or ring signatures implemented. And so Bitcoin will never have strong privacy. Only Bitcoin competition will have strong privacy.
For scaling we will stick with the Lightning network and custody solutions. Lightning is great, but in terms of scale it has limitations. Its ability to onboard new users is limited and it still has unsolved UX challenges. Also, some proposals that make Lightning significantly better, such as SIGHASH_ANYPREVOUT, will take several years to activate or never activate.
All this not to mention more experimental ideas and technologies like Blockstream’s proposal for simplicity. It enables smart contracts in Bitcoin with a better design than existing smart contract implementations in altcoins. Given the complexity of this proposal, it is highly unlikely that it will see the light of day in the existing process. Only the biggest Bitcoin competitor will have smart contracts.
And that’s not all. In addition to this, there are already existing technological improvements in terms of privacy, scaling and smart contracts, which Bitcoin will not see implemented. We will willfully or, worse, accidentally relinquish the power of all future technological innovation to our competition. Our competence is not at all limited by ossification.
Significant improvements are already on the table. Imagine how far we will be in a decade or two of progress in cryptography and computing, if the situation does not change.
To win, Bitcoin requires a mechanism of change and adaptation to achieve victory in the competitive environment in which it finds itself. It doesn’t matter how great Bitcoin is in its current state. Without this mechanism, Bitcoin’s potential will remain fixed and the potential of its competitors and adversaries will increase. In this situation, no matter how far ahead you are, and no matter how far behind your competitors and adversaries, they will eventually catch up. Failure to adapt in a competitive environment usually does not work.
Unless at some point there is a transition from the tradition and isolation of the Edo period to the open-mindedness and modernization of the Meiji period, the British will show up with cuirass, Gatling guns and rifles, and you’ll be stuck with swords and horses samurais .
These are the two “irreconcilable” requirements we have: change and security. The only good way to reconcile them, that I’m aware of, is to separate Bitcoin into two isolated layers. Layer 1 must be a completely ossified base layer, never making any changes that don’t improve security (it would most likely be the existing Bitcoin Core). Layer 2 should be a sidechain layer that is free to take risks and implement arbitrary functions.
There must be a secure two-way binding that allows anyone to transfer funds between the base layer and any layer 2 side chain at a 1:1 exchange rate. This two-way pinning mechanism and perhaps a blind combined mining arrangement should be the only things connecting layer 1 and layer 2.
With this mechanism, the decision of how much technological risk to assume would be taken individually and unilaterally by each user. Any user could move funds to a given sidechain and voluntarily accept their trade-offs and risks, or return them to the ossified security of the base layer at any time.
This individual risk-taking and trade-offs, affecting only those who participate, would replace the existing process of collective risk-taking through community-wide deliberation and the all-or-nothing introduction of changes that affect each single bitcoin user.
A custodial implementation of this idea already exists: the liquid network. But because it is custody, it is flawed. To attack it, you need to compromise five custodians distributed around the world and not just one, which is a lot better than something like Coinbase, but it’s custody nonetheless.
Liquid’s success has been fairly limited. As of September 14, 2022, according to liquid.net, there are 3,560 BTC tied to the network. That’s around $71 million or 0.019% of the current circulating BTC supply of just over 19 million coins. It’s better than nothing, but an implementation that relies on an 11-of-15 multisig controlled by 15 official-embedded companies worldwide requires an unacceptable level of trust for a supposedly trustless distributed cryptocurrency, which is reflected in the reluctance of people to use it, so there is only ~ 71 million dollars.
There is a non-custodial implementation of the same idea proposed in BIP300 and BIP301: Drivechain. It requires a softfork to activate, but it’s distributed and trustless. Two-way pinning is ensured by paying all sidechain transaction fees to miners to perform a set of fixed and very simple functions. You can get the full description of the mechanism in the BIPs.
This is a substantial security improvement over Liquid. To attack Liquid you only need to compromise five incorporated officials, which is a woefully insufficient security arrangement given the types of adversaries Bitcoin could face if it continues to grow. To attack Drivechain, you need to perform a 51% attack for three months, while making it painfully obvious to every network participant that you are performing an attack and giving them enough time to respond.
With Drivechain we have a way to reconcile our two “irreconcilable” requirements of exchange and security. We can ossify Bitcoin more completely than with the existing “accidental political reality” type of ossification, we can preserve the distributed and trustless nature of Bitcoin, and at the same time we can ensure that, in the future, we would be the ” British”. โ with metaphorical battleships, guns and Gatling rifles, and our competitors and adversaries would be the ones sticking with metaphorical samurai swords and horses.
This is a guest post by Nikita Chashchinskii. The opinions expressed are entirely my own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.
