Drivechain with and without BIP 300/301

What is Drivechain?

Drivechain allows you to create different types of sidechains in which withdrawals are approved by miners. Users have the freedom to experiment with different features by sending bitcoin from main chain to sidechain and withdraw from it later.

Since changing consensus rules on bitcoin will become difficult with time, sidechains seems to be the best way possible to scale, improve privacy, user experience etc.

8taiv5

Is Drivechain possible without BIP 300 and 301?

Yes, it is possible. A proof of concept that uses OP_CAT and some introspection opcodes to achieve this: GitHub - mr-zwets/upgraded-SHA-gate

Bytecode generated by the compiler has these opcodes:

OP_4 OP_PICK 
OP_0 OP_NUMEQUAL 
OP_IF 
    OP_INPUTINDEX OP_0 OP_NUMEQUALVERIFY 
    OP_0 OP_OUTPUTVALUE 
    OP_0 OP_UTXOVALUE OP_SUB 1027 OP_GREATERTHAN OP_VERIFY 
    OP_0 OP_OUTPUTBYTECODE OP_0 OP_UTXOBYTECODE OP_EQUALVERIFY 
    OP_2DROP OP_2DROP OP_DROP 
    OP_1 
OP_ELSE 
    OP_4 OP_PICK 
    OP_1 OP_NUMEQUAL 
    OP_IF 
        OP_8 OP_PICK 
        OP_10 OP_PICK OP_CAT 
        OP_11 OP_PICK OP_CAT 
        OP_12 OP_PICK OP_CAT 
        OP_13 OP_PICK OP_CAT 
        OP_HASH160 OP_EQUALVERIFY 
        OP_0 OP_2ROT OP_SWAP OP_6 OP_ROLL 
        OP_3 OP_8 OP_ROLL 
        OP_9 OP_ROLL 
        OP_10 OP_ROLL 
        OP_11 OP_ROLL 
        OP_12 OP_ROLL 
        OP_5 OP_CHECKMULTISIGVERIFY 
        OP_BIN2NUM 2808 OP_ADD 
        OP_CHECKLOCKTIMEVERIFY OP_DROP 
        OP_3 OP_PICK OP_SIZE OP_NIP 0x1f OP_NUMEQUALVERIFY 0x0200001f 
        OP_4 OP_ROLL OP_CAT OP_8 OP_CAT 
        OP_TXLOCKTIME OP_8 OP_NUM2BIN OP_CAT 
        OP_ACTIVEBYTECODE 0x2c OP_SPLIT OP_NIP OP_CAT 
        OP_INPUTINDEX OP_0 OP_NUMEQUALVERIFY 
        OP_0 OP_UTXOVALUE 0xe803 OP_SUB 
        OP_0 OP_OUTPUTVALUE OP_NUMEQUALVERIFY 
        0xa914 OP_SWAP OP_HASH160 OP_CAT 
        0x87 OP_CAT 
        OP_0 OP_OUTPUTBYTECODE OP_EQUAL 
        OP_NIP OP_NIP OP_NIP 
    OP_ELSE 
        OP_4 OP_PICK 
        OP_2 OP_NUMEQUAL 
        OP_IF 
            OP_1 OP_OUTPOINTTXHASH 
            OP_6 OP_PICK OP_HASH256 OP_EQUALVERIFY 
            OP_0 0x20 OP_NUM2BIN OP_6 OP_PICK 
            0x29 OP_SPLIT OP_DROP 0x0100000001 
            OP_ROT OP_CAT 0xffffffff OP_CAT OP_EQUALVERIFY 
            OP_1 OP_OUTPOINTINDEX OP_0 OP_NUMEQUALVERIFY 
            OP_5 OP_ROLL 0x2b OP_SPLIT OP_NIP 
            OP_3 OP_SPLIT OP_DROP OP_BIN2NUM 
            OP_ROT OP_BIN2NUM OP_GREATERTHAN OP_VERIFY 
            OP_ROT OP_BIN2NUM 
            OP_4 OP_ROLL 
            OP_IF 
                OP_DUP OP_1ADD OP_NIP 
            OP_ELSE 
                OP_DUP OP_2 OP_SUB OP_NIP 
            OP_ENDIF 
            OP_2 OP_NUM2BIN 
            OP_2 OP_SWAP OP_CAT 
            OP_ACTIVEBYTECODE OP_3 OP_SPLIT OP_NIP OP_CAT 
            OP_INPUTINDEX OP_0 OP_NUMEQUALVERIFY 
            OP_0 OP_UTXOVALUE 0xe803 OP_SUB 
            OP_0 OP_OUTPUTVALUE OP_NUMEQUALVERIFY 
            0xa914 OP_SWAP OP_HASH160 OP_CAT 
            0x87 OP_CAT 
            OP_0 OP_OUTPUTBYTECODE OP_EQUAL 
            OP_NIP OP_NIP OP_NIP 
        OP_ELSE 
            OP_4 OP_ROLL 
            OP_3 OP_NUMEQUALVERIFY 
            OP_ROT 0x17 OP_SPLIT OP_BIN2NUM 
            OP_1 OP_OUTPUTVALUE OP_OVER OP_NUMEQUALVERIFY 
            OP_1 OP_OUTPUTBYTECODE 
            OP_ROT OP_EQUALVERIFY 
            OP_ROT OP_BIN2NUM 0xe007 OP_ADD 
            OP_CHECKLOCKTIMEVERIFY OP_DROP 
            OP_ROT OP_BIN2NUM 
            OP_0 OP_GREATERTHANOREQUAL OP_VERIFY 
            OP_0 0x1f OP_NUM2BIN 0x0200001f OP_SWAP OP_CAT 
            OP_ACTIVEBYTECODE 0x23 OP_SPLIT OP_NIP OP_CAT 
            OP_INPUTINDEX OP_0 OP_NUMEQUALVERIFY 
            OP_0 OP_UTXOVALUE OP_ROT OP_SUB 0xe803 OP_SUB 
            OP_0 OP_OUTPUTVALUE OP_NUMEQUALVERIFY 
            0xa914 OP_SWAP OP_HASH160 OP_CAT 
            0x87 OP_CAT 
            OP_0 OP_OUTPUTBYTECODE OP_EQUAL 
            OP_NIP 
        OP_ENDIF 
    OP_ENDIF 
OP_ENDIF

In this script some introspection opcodes are used:

OP_INPUTINDEX
OP_OUTPUTVALUE
OP_UTXOVALUE
OP_OUTPUTBYTECODE
OP_UTXOBYTECODE

OP_OUTPOINTTXHASH

These can be emulated with OP_CAT, OP_CHECKSIGFROMSTACK and a few other basic opcdoes.

Drivechain using BIP 300 and 301

BIP 300 implmentation introduces an opcode OP_DRIVECHAIN and six new blockchain messages:

  • M1. Propose New Sidechain
  • M2. ACK Proposal
  • M3. Propose Bundle
  • M4. ACK Bundle
  • M5. Deposit – a transfer of BTC from-main-to-side
  • M6. Withdrawal – a transfer of BTC from-side-to-main

Sidechains are first proposed (with M1), and later acked (with M2) for creation. This process resembles Bip9 soft fork activation.

BIP 301 describes blind merged mining and introduces 2 messages:

  1. BMM Accept – How h* enters a main:coinbase. When Mary “accepts” a BMM Request, Mary is endorsing a side:block.
  2. BMM Request – Simon offering money to Mary, if (and only if) she will Endorse a specific h*. When Simon broadcasts a BMM Request, Simon is attempting a side:block.

h* : sidechain’s merkle root hash

Blind Merged Mining (BMM) allows miners to mine a sidechain, without running its node software (ie, without “looking” at it, hence “blind”). Instead, a separate sidechain user runs their node and constructs the block, paying himself the transaction fees. He then uses an equivalent amount of money to “buy” the right to find this block, from the conventional layer1 Sha256d miners.

Criticism

Some developers have written about their opinions on Drivechain. Its not possible to cover all of them. I will focus on the blog post written by Peter Todd in 2023 and Paul Sztorc’s response to it.

I agree with Paul’s response and want to add a few points about mining centralization issues shared in the blog post:

  • Stratum v2 does not decentralize anything. It could be considered an improvement over v1 but mining pools can still reject block templates.
  • Mining is inherently centralized in bitcoin for different reasons and will remain the same until more pools in different countries, more hardware manufacturers and braidpool gains some traction.
  • If covenant proposals are activated instead of BIP 300/301, we would end up with MEV issues that affect mining decentralization more than sidechains.

Sidechain templates

There are some sidechains availalble for testing and you can try them using launcher. I tried zcash sidechain and like the privacy, UX etc.

I got some coins for the main chain using the faucet. Did fake coinjoin spending equal amount inputs to my own addresses. Used one of the UTXO to deposit funds from main chain to sidechain. This could be followed by other users as well to avoid privacy issues with the deposit transaction however it can also be deposited directly. My goal was to try melt-cast feature and compare it with payment pools that could be enabled with covenants.

Conclusion

Drivechain will be possible on bitcoin with or without BIP 300/301 in a few years. We need to do more research and avoid trusting other opinions to decide if they should be activated with BIP 300/301 for evaluating their scaling, privacy etc. benefits.

1 Like

Paul has mentioned that he is working on a system to enable drivechains without a soft fork in Core. Can you describe that protocol at all?

Paul has described the process in this podcast: The Stewart Mackenzie Indaba #39 Paul Sztorc by The Stewart Mackenzie Indaba

It uses 2 tools:

  1. Monitor scans blocks and see if any block breaks BIP 300 rules
  2. Enforcer uses invalidateblock RPC to reject blocks

It can be considered an external way to do user activated soft fork without preparing a UASF client by forking bitcoin core.

1 Like

Programmatically rejecting blocks via invalidateblock is a soft fork…

2 Likes

It’s only a soft fork if there is economic consensus of the nodes to run it. In that case, it seems quite pointless: a UASF would be equivalent and cleaner.

If the goal is to get miners to adopt it without nodes consensus, it’s just marketing for a 51% attack.

Paul named it CUSF (which is a pretty horrible name), but basically means SF without merging to core repo. You can run a vanilla core node and still enforce a soft fork by running an out-process validator.

to play the devil’s advocate: there is also the issue of people not wanting to upgrade too quickly and easily. out-process activation makes it easier to only review the new rules enforced instead of every code change. this also solves signaling for soft forks with older versions.