How do we feel about a DPoW-like approach?


#1

One thing we’ve come across in discussions about longer-term solutions to the 51% attack problem is the DPoW approach - “Distributed Proof of Work.” I believe the idea was pioneered by the Komodo team - I know they’ve suggested it directly to us.

Their model is here: https://wiki.komodoplatform.com/wiki/Delayed_Proof_of_Work_(dPoW)

Initially, I found the idea of selected “Notary Nodes” signing block hashes for recording to feel a bit opposed to Bitcoin ideals - no authorities, fully decentralized. We don’t currently have a method for elections among stakeholders, nor do we direct any mining revenue to pay nodes or supernodes, as some other coins do.

But the idea of having valid block hashes recorded in another chain has a lot of security merit. I’ve been mulling over a simplified version of this, and would like to hear thoughts from others, especially devs.

A basic “record and reference” approach has value for defense:

Assume there are some BTG nodes which write “witnessed” blocks to another chain (such as LiteCoin). All nodes can monitor the LTC chain to confirm that recent blocks are there for reference; these can be given additional weight when calculating blockheight in the event that there are suddenly two competing chains of length > 2.

Because the blocks recorded in the LTC chain get extra weight, an attacking (private-mined) chain can’t easily orphan the honest blocks… and if the attacking chain wants to record their blocks into the LTC chain to get the “weighting,” then their activity is visible. When this happens, everyone can be aware that there is a chain split in play, and exchanges can halt deposits.

This means that an attacker may still be able to cause a reversion if they choose to spend a lot of money on private mining, but they can never do this in secret.

This visibility of a chain split in progress, even if the attacker has not yet broadcast their private blocks to the public network, has great alert value.

How to finance NotaryNodes?

Proposal: simply allow any node to act as a notary node, voluntarily! We would do this with the Bitcoin Gold Organization’s own nodes, as well. The notary node voluntarily absorbs the cost of paying for an LTC transaction to simply record the last seen BTG blockhash, assuming it hasn’t already been seen in the LTC chain.

This is a very small cost which we can easily cover… but other large players may also choose to fund their node with LTC to pay the notary cost - like an Exchange or a Pool. They all want the protection, and the net cost is very low. And if someone else has already put the hash into the LTC chain, others don’t need to pay the cost.

Using the LTC chains is a good one to consider for a couple of reasons:

  • transaction cost is very low
  • LTC blocks generally happen 4x as quickly as BTG blocks, for prompt recording
  • LTC is mined on very different algo/hardware from BTG

Potential problems:

  • need to ensure that the recording is easily spotted, so that we can always notice if a private miner is registering blocks!
  • need to give BTG nodes easy ability to monitor the LTC chain without causing excessive impact
  • need to consider how to defend against a spam attack or other attack vectors using LTC to try to over-weight an attack chain

What other complications am I missing?


#2

You are missing:

  1. If you choose alternate chain to rely upon you are reducing the security of your original chain, not increasing it. What if the chain you’re relying upon hardforks? What if they also experience an attack themselves, unrelated to BTG. Would BTG stop because of that?

  2. LTC is a poor choice only based on lower fees as fees are highly subjective because the cost of getting into a block may be higher on some chains but so is the security that provides.

  3. LTC is a poor choice because it’s the exact opposite of BTG. There they have very centralised mining hardware which is the exact thing BTG is against so relying on LTC makes zero sense.

Should this idea be pushed further BTC is the only chain BTG can rely on but in that case why not just merge mine?