Parallel Chains
We want merged-mined blockchains. We want them because it is possible to do things in them that aren’t doable in the normal Bitcoin blockchain because it is rightfully too expensive, but there are other things beside the world money that could benefit from a “distributed ledger” – just like people believed in 2013 –, like issued assets and domain names (just the most obvious examples).
On the other hand we can’t have – like people believed in 2013 – a copy of Bitcoin for every little idea with its own native token that is mined by proof-of-work and must get off the ground from being completely valueless into having some value by way of a miracle that operated only once with Bitcoin.
It’s also not a good idea to have blockchains with custom merged-mining protocol (like Namecoin and Rootstock) that require Bitcoin miners to run their software and be an active participant and miner for that other network besides Bitcoin, because it’s too cumbersome for everybody.
Luckily Ruben Somsen invented this protocol for blind merged-mining that solves the issue above. Although it doesn’t solve the fact that each parallel chain still needs some form of “native” token to pay miners – or it must use another method that doesn’t use a native token, such as trusted payments outside the chain.
How does it work
With the SIGHASH_NOINPUT
/SIGHASH_ANYPREVOUT
soft-fork1 it becomes possible to create presigned transactions that aren’t related to any previous UTXO.
Then you create a long sequence of transactions (sufficient to last for many many years), each with an nLockTime
of 1 and each spending the next (you create them from the last to the first). Since their scriptSig
(the unlocking script) will use SIGHASH_ANYPREVOUT
you can obtain a transaction id/hash that doesn’t include the previous TXO, you can, for example, in a sequence of transactions A0-->B
(B spends output 0 from A), include the signature for “spending A0 on B” inside the scriptPubKey
(the locking script) of “A0”.
With the contraption described above it is possible to make that long string of transactions everybody will know (and know how to generate) but each transaction can only be spent by the next previously decided transaction, no matter what anyone does, and there always must be at least one block of difference between them.
Then you combine it with RBF
, SIGHASH_SINGLE
and SIGHASH_ANYONECANPAY
so parallel chain miners can add inputs and outputs to be able to compete on fees by including their own outputs and getting change back while at the same time writing a hash of the parallel block in the change output and you get everything working perfectly: everybody trying to spend the same output from the long string, each with a different parallel block hash, only the highest bidder will get the transaction included on the Bitcoin chain and thus only one parallel block will be mined.
See also
- The same thing used in Eltoo.