CPoB

1. Continuous Proof of Bitcoin Burn for securing separate blockchains, optionally acting as Bitcoin sidechains via Bitcoin-pegged tokens without a need for a federated bridge or oracles.
2.  
3. by 3CJfFzmiwUmCXUWBXEUCH7jmQRHjKUcVsc
4.  
5. Disclaimer:
6. This is not an altcoin thread. I'm not making anything. The design discussed options for existing altcoins and new ways to built on top of Bitcoin inheriting some of its security guarantees. 2 parts: First, the design allows any altcoins to switch to securing themselves via Bitcoin instead of their own PoW or PoS with significant benefits to both altcoins and Bitcoin (and environment lol). Second, I explain how to create Bitcoin-pegged assets to turn altcoins into a Bitcoin sidechain equivalent. Let me know if this is of interest or if it exists, feel free to use or do anything with this, hopefully I can help.
7.  
8. Issue:
9. - how to create continuous sunk costs, permissionless entry, high cost of attacks?
10. - how to do it without needing building up new source of capital or energy costs?
11. - how to peg another chain's token value w/o incentivized collusion risk of federation or oracles?
12. - how to make sidechain use fully optional for all bitcoin parties?
13.  
14. Solution:
15. - Continuous Proof of Bitcoin Burn (CPoBB) to distribute supply control and sidechain consensus control to independent parties
16. - Distributes a shitcoin for permissionless access and sidechain-only sybil protection.
17. - In case of sidechain block-producer censorship, Bitcoin's independent data availability makes sidechain nodes trivially aware
18.  
19. PoW altcoin switching to CPoB would trade:
20. - cost of capital and energy -> cost of burnt bitcoin
21. - finality of their PoW -> finality of Bitcoin's PoW
22. - impact on environment -> 0 impact on environment
23. - unforgeable costliness of work -> unforgeable costliness of burn
24. - contract logic can include conditions dependent on real Bitcoins as it's Bitcoin-aware
25.  
26. PoS altcoin switching to CPoBB would trade:
27. - permissioned by coin holders entry -> permissionless entry by anyone with access to Bitcoin
28. - no incentive to give up control or sell coins -> incentive to sell coins to cover the cost of burnt bitcoin
29. - incentivized guaranteed centralization of control over time by staking -> PoW guarantees with same 0 environmental impact
30. - nothing at stake -> recovering sunk costs at stake
31. - contract logic can include conditions dependent on real Bitcoins as it's Bitcoin-aware
32.  
33. We already have a permissionless, compact, public, high-cost-backed finality base layer to build on top - Bitcoin! It will handle sorting, data availability, finality, and has something of value to use instead of capital or energy that's outside the sidechain - the Bitcoin coins. The sunk costs of PoW can be simulated by burning Bitcoin, similar to concept known as Proof of Burn where Bitcoin are sent to unspendable address. Unlike ICO's, no contributors can take out the Bitcoins and get rewards for free. Unlike PoS, entry into supply lies outside the alt-chain and thus doesn't depend on permission of alt-chain stake-coin holders. It's hard to find a more bandwidth or state size protective blockchain to use other than Bitcoin as well so altcoins can be Bitcoin-aware at little marginal difficulty - 10 years of history fully validates in under a day.
34.  
35. What are typical issues with Proof of Burn?
36. - limited burn time window prevents permissionless entry in the future. how many years did it take for most heavily mined projects to become known and well reviewed? many. thus entry into control of supply that's vital to control of chain cannot be dependent on the earliest stage of the project. (counterparty)
37. - "land grabs" - by having limited supply without continuous emission or inflation we encourage holding vs spending.
38.  
39. Solution:
40. - These issues can be fixed by having Proof of Burn be permanently accessible and continuous: Continuous Proof of Bitcoin Burn CPoBB
41.  
42. This should be required for any design for it to stay permissionless. Optional is constant fixed emission rate for shitcoins not trying to be money if goal is to maximize accessibility. Since it's not depending on brand new PoW for security, they don't have to depend on massive early rewards giving disproportionate fraction of supply at earliest stage either. If 10 coins are created every block, after n blocks, at rate of 10 coins per block, % emission per block is = (100/n)%, an always decreasing number. Sidechain coin doesn't need to be scarce money, and could maximize distribution of control by encouraging further distribution. If no burners exist in a block, shitcoin block reward is simply added to next block reward making emission predictable.
43.  
44. Sidechain block content should be committed in burn transaction via a root of the merkle tree of its transactions. Sidechain state will depend on Bitcoin for finality and block time between commitment broadcasts. However, the throughput can be of any size per block, unlimited number of such sidechains can exist with their own rules and validation costs are handled only by nodes that choose to be aware of a specific sidechain by running its consensus compatible software.
45.  
46. Important design decision is how can protocol determine the "true" side-block and how to distribute incentives. Simplest solution is to always :
47.  
48. 1. Agree on the valid sidechain block matching the merkle root commitment for the largest amount of Bitcoin burnt, earliest inclusion in the bitcoin block as the tie breaker
49. 2. Distribute block reward during the next side-block proportional to current amounts burnt
50. 3. Bitcoin fee market serves as deterrent for spam submissions of blocks to validate
51.  
52. e.g.
53. sidechain block reward is set always at 10 shitcoins per block
54. Bitcoin block contains the following content embedded and part of its transactions:
55. tx11: burns 0.01 BTC & OP_RETURN <sidechain id> <sha256 root of valid sidechain block version 1> <sidechain address for reward>
56. tx56: burns 0.05 BTC & OP_RETURN ... <...root of valid sidechain block version 1> ...
57. tx78: burns 1 BTC & OP_RETURN ... <...root of valid sidechain block version 2> ...
58. tx124: burns 0.2 BTC & OP_RETURN ... <...root of INVALID sidechain block version 3> ...
59.  
60. Validity is deterministic by rules in client side node software (e.g. signature validation) so all nodes can independently see version 3 is invalid and thus burner of tx124 gets no reward allocated. The largest valid burn is from tx78 so version 2 is used for the blockchain in sidechain. The total valid burn is 1.06 BTC, so 10 shitcoins to be distributed in the next block are 0.094, 0.472, 9.434 to owners of first 3 transactions, respectively.
61.  
62. Censorship attack would require continuous costs in Bitcoin on the attacker and can be waited out. Censorship would also be limited to on-sidechain specific transactions as emission distribution to others CPoB contributors wouldn't be affected as blocks without matching coin distributions on sidechain wouldn't be valid. Additionally, sidechains can allow a limited number of sidechain transactions to happen via embedding transaction data inside Bitcoin transactions (e.g. OP_RETURN) as a way to use Bitcoin for data availability layer in case sidechain transactions are being censored on their network. Since all sidechain nodes are Bitcoin aware, it would be trivial to include.
63.  
64. Sidechain blocks cannot be reverted without reverting Bitcoin blocks or hard forking the protocol used to derive sidechain state. If protocol is forked, the value of sidechain coins on each fork of sidechain state becomes important but Proof of Burn natively guarantees trust minimized and permissionless distribution of the coins, something inferior methods like obscure early distributions, trusted pre-mines, and trusted ICO's cannot do.
65.  
66. More bitcoins being burnt is parallel to more hash rate entering PoW, with each miner or burner getting smaller amount of shitcoins on average making it unprofitable to burn or mine and forcing some to exit. At equilibrium costs of equipment and electricity approaches value gained from selling coins just as at equilibrium costs of burnt coins approaches value of shitcoins rewarded. In both cases it incentivizes further distribution to markets to cover the costs making burners and miners dependent on users via markets. In both cases it's also possible to mine without permission and mine at a loss temporarily to gain some shitcoins without permission if you want to.
67.  
68. Altcoins benefit by inheriting many of bitcoin security guarantees, bitcoin parties have to do nothing if they don't want to, but will see their coins grow more scarce through burning. The contributions to the fee market will contribute to higher Bitcoin miner rewards even after block reward is gone.
69.  
70. Sidechain pegs:
71.  
72. What is the ideal goal of the sidechains? Ideally to have a token that has the bi-directionally pegged value to Bitcoin and tradeable ~1:1 for Bitcoin that gives Bitcoin users an option of a different rule set without compromising the base chain nor forcing base chain participants to do anything different.
73.  
74. Issues with value pegs:
75. - federation based pegs allow collusion to steal bitcoins stored in multi-party controlled accounts
76. - even if multisig participants are switched or weighted in some trust minimized manner, there's always incentive to collude and steal more
77. - smart contract pegs (plasma, rollups) on base chain would require bitcoin nodes and miners to validate sidechain transactions and has to provide block content for availability (e.g. call data in rollups), making them not optional.
78. - bitcoin nodes shouldn't be sidechain aware so impossible to peg the value
79.  
80. Let's get rid of the idea of needing Bitcoin collateral to back pegged coins 1:1 as that's never secure, independent, or scalable at same security level. As drive-chain design suggested the peg doesn't have to be fast, can take months, just needs to exist so other methods can be used to speed it up like atomic swaps by volunteers taking on the risk for a fee.
81.  
82. In continuous proof of burn we have another source of Bitcoins, the burnt Bitcoins. Sidechain protocols can require some minor percentage (e.g. 20%) of burner tx value coins via another output to go to reimburse those withdrawing side-Bitcoins to Bitcoin chain until they are filled. If withdrawal queue is empty that % is burnt instead. Selection of who receives reimbursement is deterministic per burner. Percentage must be kept small as it's assumed it's possible to get up to that much discount on shitcoin emissions.
83.  
84. Let's use a really simple example case where each burner pays 20% of burner tx amount to cover withdrawal in exact order requested with no attempts at other matching, capped at half amount requested per payout. Example:
85.  
86. withdrawal queue:
87. request1: 0.2 sBTC
88. request2: 1.0 sBTC
89. request3: 0.5 sBTC
90.  
91. same block burners:
92. tx burns 0.8 BTC, 0.1 BTC is sent to request1, 0.1 BTC is sent to request2
93. tx burns 0.4 BTC, 0.1 BTC is sent to request1
94. tx burns 0.08 BTC, 0.02 BTC is sent to request 1
95. tx burns 1.2 BTC, 0.1 BTC is sent to request1, 0.2 BTC is sent to request2
96.  
97. withdrawal queue:
98. request1: filled with 0.32 BTC instead of 0.2 sBTC, removed from queue
99. request2: partially-filled with 0.3 BTC out of 1.0 sBTC, 0.7 BTC remaining for next queue
100. request3: still 0.5 sBTC
101.  
102. Withdrawal requests can either take long time to get to filled due to cap per burn or get overfilled as seen in "request1" example, hard to predict. Overfilling is not a big deal since we're not dealing with a finite source. The risk a user that chooses to use the sidechain pegged coin takes on is based on the rate at which they can expect to get paid based on value of shitcoin emission that generally matches Bitcoin burn rate. If sidechain loses interest and nobody is burning enough bitcoin, the funds might be lost so the scale of risk has to be measured. If Bitcoins burnt per day is 0.5 BTC total and you hope to deposit or withdraw 5000 BTC, it might take a long time or never happen to withdraw it. But for amounts comparable or under 0.5 BTC/day average burnt with 5 side-BTC on sidechain outstanding total the risks are more reasonable.
103.  
104. Deposits onto the sidechain are far easier - by burning Bitcoin in a separate known unspendable deposit address for that sidechain and sidechain protocol issuing matching amount of side-Bitcoin. Withdrawn bitcoins are treated as burnt bitcoins for sake of dividing block rewards as long as they followed the deterministic rules for their burn to count as valid and percentage used for withdrawals is kept small to avoid approaching free shitcoin emissions by paying for your own withdrawals and ensuring significant unforgeable losses.
105.  
106. Ideally more matching is used so large withdrawals don't completely block everyone else and small withdrawals don't completely block large withdrawals. Better methods should deterministically randomize assigned withdrawals via previous Bitcoin block hash, prioritized by request time (earliest arrivals should get paid earlier), and amount of peg outstanding vs burn amount (smaller burns should prioritize smaller outstanding balances). Fee market on bitcoin discourages doing withdrawals of too small amounts and encourages batching by burners.
107.  
108. The second method is less reliable but already known that uses over-collateralized loans that create a oracle-pegged token that can be pegged to the bitcoin value. It was already used by its inventors in 2014 on bitshares (e.g. bitCNY, bitUSD, bitBTC) and similarly by MakerDAO in 2018. The upside is a trust minimized distribution of CPoB coins can be used to distribute trust over selection of price feed oracles far better than pre-mined single trusted party based distributions used in MakerDAO (100% pre-mined) and to a bit lesser degree on bitshares (~50% mined, ~50% premined before dpos). The downside is 2 fold: first the supply of BTC pegged coin would depend on people opening an equivalent of a leveraged long position on the shitcoin/BTC pair, which is hard to convince people to do as seen by very poor liquidity of bitBTC in the past. Second downside is oracles can still collude to mess with price feeds, and while their influence might be limited via capped price changes per unit time and might compromise their continuous revenue stream from fees, the leverage benefits might outweight the losses. The use of continous proof of burn to peg withdrawals is superior method as it is simply a minor byproduct of "mining" for shitcoins and doesn't depend on traders positions. At the moment I'm not aware of any market-pegged coins on trust minimized platforms or implemented in trust minimized way (e.g. premined mkr on premined eth = 2 sets of trusted third parties each of which with full control over the design).
109.  
110.  
111. Brief issues with current altchains options:
112. a. PoW: Additional PoW chains require high energy and capital costs to create permissionless entry and trust minimized miners that are forever dependent on markets to hold them accountable. Using same algorithm or equipment as another chain or merge-mining puts you at a disadvantage by allowing some miners to attack and still cover sunk costs on another chain. Using a different algorithm/equipment requires building up the value of sunk costs to protect against attacks with significant energy and capital costs. Drive-chains also require miners to allow it by having to be sidechain aware and thus incur additional costs on them and validating nodes if the sidechain rewards are of value and importance.
113. b. PoS: PoS is permissioned (requires permission from internal party to use network or contribute to consensus on permitted scale), allows perpetual control without accountability to others, and incentivizes centralization of control over time. Without continuous source of sunk costs there's no reason to give up control. By having consensus entirely dependent on internal state network, unlike PoW but like private databases, cannot guarantee independent permissionless entry and thus cannot claim trust minimization. Has no built in distribution methods so depends on safe start (snapshot of trust minimized distributions or PoW period) followed by losing that on switch to PoS or starting off dependent on a single trusted party such as case in all significant pre-mines and ICO's.
114. c. Proof of Capacity: PoC is just shifting costs further to capital over PoW to achieve same guarantees.
115. d. PoW/PoS: Still require additional PoW chain creation. Strong dependence on PoS can render PoW irrelevant and thus inherit the worst properties of both protocols.
116. f. Tokens inherit all trust dependencies of parent blockchain and thus depend on the above.
117.  
118. Main question: can this be done without a shitcoin? Not sure and don't think so w/o compromising unforgeable costliness and thus trust minimization. At least it's not using a shitcoin that's clearly centralized.