- Soft fork Bitcoin to enable side chains
- Create a side chain that is secured with Proof of Stake. Call blocks on this chain "POS-blocks." The original chain is made of "POW-blocks."
- Side chain mints one POS-block after each POW-block on the main chain, and contains the hash of the POW-block, and the hash of the previous POS-block. See diagram here.
- Side chain Minters must make a deposit in order to mint. If they mint an invalid POS-block, they lose the deposit.
- Side chain blocks are small enough to broadcast and validate quickly (e.g. 100 – 300 KB).
- Soft fork a new rule into Bitcoin that encourages POW-blocks to include the hash of the prior POS-block. Specifically, penalize POW-blocks which do not point to the prior S-block by doubling the difficulty necessary for them to be valid. Call POW-blocks which do not point to the prior POS-block but are valid because of their very high POW "hard blocks."
In this diagram POW2 and POW4 are valid because they point to the prior POS-block and also satisfy the difficulty requirement. POW3 does not point to the prior POS-bock, but is valid anyway because it contains proof of work at twice the normal difficulty.
- Allow people who do not control ASICs to influence which transactions happen.
- Allow people who do not control ASICs to influence which chain gets extended.
- Reduce the incentive to selfish mine. Once a miner discovers a block, they should broadcast it immediately in the hopes that a Minter will build on it, because that is the most likely way their block will not go stale. Miners will also immediately start trying to build a hard block. (Maybe statistics could tell us what is the proper range for the Hardness Multiplier. I guessed 2 would be good.)
- Reduces the effective block interval while reducing the incidence of stale blocks, empty blocks and SPV mining. After a POW-block is mined, it is immediately broadcast to the network, seeking a qualified Minter to extend it. Minters have a deposit, which they will lose if they mint an invalid block. Pointing to the hash of an invalid POW-block would produce an invalid minted block, so Minters have a strong incentive to completely validate the POW-block before they mint on top of it. After validating, they mint a block and broadcast it. While the Minter is validating the previous POW-block, competing miners also have time to fully validate the previous POW-block. By the time the Miners receive the POS-block, they know what transactions they can and cannot include in their own block, because the Minter only processes transactions on the side chain. There is less reason to mine empty blocks, because there is adequate time to update the mempool before mining the next soft block begins, and because hard blocks take a long time to produce. The risks involved with mining on an un-validated POS-block can be made small by the fact that there is a deposit that will be destroyed if the POS-block is invalid. POS-blocks can be validated quickly because they are small. Here is a gantt chart of the schedule described above.
- Unlike a pure POS system, a cabal of early Stake holders cannot cheaply hatch an alternate history. Much less imperative for nodes to go to a trusted peer and ask whether the chain they are being fed is legitimate.
- After step 6 above, the side chain would have essentially the same security characteristics as the main chain, and could be used interchangeably.
- No hard fork required, and this soft fork could be deployed even if the miners do not consent to it. Some hybrid POS system would be my recommendation as preferable to simply changing POW algorithms in the face of miners abusing their power.
- Users can opt into the POS sidechain, and it can fully prove itself in production before there is any attempt to anchor the main chain back to it. Even if consensus cannot be obtained to execute step 6, the mere existence of such a chain could deter tomfoolery on the part of POW miners, lest they galvanize the community into throwing the switch.