|
Source | Giacomo Zucco
Translator | God rewards hard work Editor | Xu Weilong Produced by | Blockchain Camp (blockchain_camp) This article will explore the concepts of unique time sequences, mining fees, and over-the-counter transactions, building on the use of digital signatures and the CoinJoin paradigm. Proving Singularity: Time Chain As we wrap up our exploration project, we come back to the question “When?” from here on out. This is an important question because it justifies the introduction of so-called “blockchain technology,” a clearly abused expression that, in its original meaning, simply labeled the answer to a unique chronological problem. (Interestingly, in this regard, Satoshi himself called this structure a “timechain,” a term we will also use here.) Back to our little story, let's try to understand what problem it solves. You designed a digital cash system where both issuance and ownership are decentralized, combining puzzles and signatures in a clever way. But how do we prevent a user from spending the same UTXO twice? If a dishonest user, Carol, transfers sats to an address controlled by Daniel, and then signs another transaction retransmitting the same sats to an address she controls, which transaction will the network execute? They will both be "valid" from the perspective of the signature and the script chain, and they will both point to a valid initial issuance with the correct PoW difficulty. In your previous e-gold experiment, your trusted timestamp server easily solved both problems. But now there is no central server, so who defines the unique chronological order of events? If the network could somehow vote, it could reach a democratic consensus on this. But voting procedures, while feasible in systems with a fixed number of known participants (often called a “federation”), do not work with a dynamic collection of unknown, anonymous participants. You can’t simply use “number of nodes” as a proxy for voting power, because each user can “pretend” to be millions of different nodes in a “Sybil attack.” You need another “Sybil-resistant” way to push all nodes to find (and maintain) consensus on a single, consistent, immutable history. Unfortunately, a deterministic and final solution based on mathematics is theoretically impossible. But a statistical and asymptotic solution based on economics is actually possible, and you can find it if you are smart enough. Here is an idea: every time a miner tries to solve a PoW puzzle, they should include a snapshot in time of the current transaction timeline in their message! Instead of just passing around a release message, they should pass around more complex blocks of information through a hash function, with each block containing (along with said release message, a timestamp, and the nonce needed to solve the puzzle at the correct difficulty) the solution to the previous block (the block that some other miner found about 10 minutes before), and a list of transactions that other users have recently made. A block containing transactions that were already included in a previous block is considered invalid. Blocks with timestamps that are clearly incompatible with the previous timestamp are also released. Using this trick, all participants are incentivized to converge toward a consistent version of the same timestamp. Minnie could include valid transactions that conflict with previously confirmed transactions (double spends), or change timestamps to fool the difficulty adjustment, but then other nodes would reject such transactions, wasting the newly issued value and wasting time and effort. Miners pay to solve puzzles, so, at least in some cases, they are simply following the economic incentives built into the system, and it is fairly safe to assume that they want to enjoy the associated rewards and create blocks that will not be rejected. While this solution is excellent, it still lacks a mechanism to incentivize miners to participate in other people's transactions. They may simply choose to save the computational power required to verify scripts and signatures (although there is no computational power required for hash collisions, it is still relevant), but still include their own valid issuance in other empty blocks. Furthermore, the reduction in the number of sats allowed in such issuances, due to the controlled supply model, will reduce (or even discount the increase in the purchasing power of sats) the incentive to solve blocks, ultimately eliminating it entirely at the end of the final era, when there will be no inflation. You can fix this by introducing mining fees: users can attach a small additional fee to their transactions to incentivize miners to include them. It works like this: the system allows miners to include their reward transactions, as well as issue newly "mined" sats (compatible with the current epoch), with the sats balance between created and spent UTXOs of all valid transactions also included in the block. Fees never depend on transaction volume, but only on transaction size (script complexity, number of signatures, etc.) and the priority required within the block. Scalability (and durability) issues The minimum mining fee required for a transaction to be included in a block varies according to the supply and demand of "block space." On the supply side, the number of transactions that can be added to the time chain is limited by the maximum block size (less than 4 megabytes per block) and the maximum block rate (approximately one every 10 minutes). Each user has different constraints and preferences on the demand side (some can wait more to pay less fees, some can pay more to wait less, some use wallets with great dynamic fee estimation features, some don’t). Generally speaking, an increase in demand for block space will imply an increase in mining fees. This obviously limits the scalability of the system (in particular, since miner fees are independent of the amount of value transferred, we could say it actually reduces divisibility). In general, using a timechain also means that every node in the network must listen to everything forever: every on-chain transaction must be downloaded and verified by every participant who will use the entire history of the system, even after a long time. Such a system is obviously not scalable. It also lacks durability, because everyone must keep a copy of every transaction forever, making any form of forensic analysis and deanonymization attempts possible. It is possible to make the situation look better for certain users, but at the cost of creating another, more "privileged" class of users. For example, if you increase the size and frequency of blocks, then the supply of block space will increase and its price will fall. However, the cost of running a node (capable of independently verifying the validity of transactions and blocks) will increase much faster than said supply, centralizing the topology of the entire system. Of course, a new specialized node could be presented as some kind of “signed message” to non-validating low-level users, providing them with some assurance that the transaction is valid. After all, the purpose of currency is to delegate the expensive task of validating precious metal coins to a few specialized trusted entities. But, like coinage, this strategy (known as “SPV”) implies a strong centralization of power, with the attendant risks of political interference or censorship that Mallory et al. bring with them. A New Paradigm: “Off-Chain” There is a clever way to mitigate the fundamental scaling limitations of global consensus systems without sacrificing their decentralization. We call it the “off-chain paradigm.” The idea is simple: by not committing every transaction to a block until absolutely necessary, we can keep most of the traffic off the public timechain (with its expensive global consensus), using it only for conflict resolution and periodic settlement. This evolution is similar to how people use courts and contracts in common law systems: courts can create publicly binding precedents and reach a kind of "global consensus on the law", but it is relatively slow and expensive, so most parties typically just sign private two-way contracts, requiring courts to verify and enforce them only when conflicts arise or need to be resolved on a regular basis. Advanced smart contracts can be used to minimize the trust of this "recourse": unlike the actual legal system, the decentralized time chain can avoid human bias and corruption, relying mainly on passwords and codes. Unlike the credit certificates discussed in the virtualized environment, off-chain transactions are not "virtual". They are actual valid transactions that are highly likely to be enforced by the system regardless of the honesty of the parties involved. You’ll quickly realize that this paradigm can also greatly improve the durability of the system. Instead of having all nodes permanently register all transactions, most of these transactions will be exchanged privately only between interested parties, making forensic analysis by malicious eavesdroppers much more difficult, expensive, incomplete, and unreliable. The main implementation of this strategy is a secondary network of pre-funded bilateral “payment channels” that can route transactions across multiple hops in a trust-minimized atomic manner. Users call it by a highly poetic name: “Lightning Network” (its abbreviation is often included in the label of the system’s entire protocol suite, named “LNP/BP”, similar to the historical “TCP/IP”). However, there are other smaller examples that exist within the same paradigm. For example, there are several techniques that allow actual scripts to be outside the timeframe they are needed, while also saving block space and privacy. (People give these techniques a lot of weird names, like “Taproot”, “Graftroot”, “g*root”, “Scriptless Script”, etc.) By introducing these final technologies, your users will finally have everything they need to use the system in real life in order to reclaim some of the most important monetary functions. I hope this article is useful to you, welcome to discuss with us in the comment section.
Original article: https://bitcoinmagazine.com/articles/discovering-bitcoin-part-7-missing-pieces |
