You are viewing a single comment's thread from:
RE: Simple Side-chaining for Graphene-based Blockchains (BitShares/PeerPlays/Steem)
You are trusting the Peerplays witnesses as the multisig group that you trust then. There is no way of getting around that. Some trust is needed if you want to decouple the state of the blockchains for scalability reasons.
In the scheme I laid out the role of witnesses would not change: they can include transactions or try to suppress them. The rest is handled by the blockchain itself. Witnesses do not get to decide how much is paid out and to whom.
Perhaps you have misunderstood this sentence:
I'm not thinking of a to-be-defined piece of data signed by multiple witnesses, separate from the source blockchain. Basically, the block headers from the source blockchain plus the relevant transactions are the transferrable proof of work. Yes, some trust has to be put into witnesses, but IMO not more than is typical in Graphene.
That bolded part was my point. I understand what you are proposing. I have suggested something similar to that in the past for better light client security (that's why I linked to that post with my happy face reply). But the point is that the set of simultaneously active witnesses at any point in the past no older than the latest irreversible sync point can collude to trick the light client or the other blockchain of any proof they want. So it is fundamentally no more secure than a multisig sidechain.
As a point of comparison, a full validating node can know when the witnesses are producing invalid blocks that do not follow the rules. Those full nodes won't just follow the witnesses even if 100% of them agree to the fake rules. The nodes will instead think of it like a denial of service. Users of Graphene blockchains don't need to trust the witnesses to not change the rules, they just trust them to not censor transactions or cause network disruption. But whether it is a light client or a scalable mechanism for sidechains, in order to gain performance benefits (by not needing to validate the full chain) you need to give up something. And that thing you give up is trustlessness.
You are forced to trust a hopefully decentralized group to not collude to produce fake proofs or fake claims. You can potentially also provide other mechanisms that financially penalize them if the blockchain is presented with a provably-fake witness-signed proof as a way to align economic incentives to reduce the likelihood of cheating. So these ideas are still very valuable, but I just want to point out that the trust model isn't that fundamentally different from a multisig sidechain.