Bitcoin, Liquid и RSK (Bitcoin Blockchain Scaling)
In this post, the chief researcher is from RSK Labs – Sergio Lerner will analyze advanced technologies that use Liquid and RSK sidechains. In 2016, Blockstream introduced the “tied” sidechain technology [Pegged Sidechain] , as a possible way to scale the Bitcoin blockchain. The first original sidechain concept was a combination of atomic cross-chain swaps using simplified payment verification – SPV (as in p2p trading) and the so-called “Altchains.”
Sidechain (English Sidechain – side chain) – a method of dividing the blockchain into the main and additional. The user sends digital assets to an additional one, which is later confirmed on the main.
Atomic Swap (Atomic Swap) – automatic exchange of one cryptocurrency for another without the need for mutual trust and participation of third parties.
SPV (Simplified Payment Verification or Simplified Payment Verification) is a feature of the Bitcoin protocol that allows nodes to verify a transaction without downloading a complete block chain. Instead, to verify the transaction, loading the Heads of the blocks containing the hashes is sufficient.
Crosschain is a technology that allows you to exchange one cryptocurrency for another without using centralized intermediaries, such as cryptocurrency exchanges.
Sidechain is not an approved term, but blockchains are so often indicated with a minimum need for trust, allowing international payments in cryptocurrencies that are “native” to other blockchains. In particular, sidechains allow you to improve Bitcoin with minimal interference in the system itself.
The most interesting benefits that sidechains provide are issue of own assets , tracking smart contracts that are used in DeFi solutions, scaling commit chains, faster calculations and improved privacy.
Of all the projects, two are worth highlighting: Liquid and RSK. They are bitcoin sidechains and have been very active since launch.
Commit-chain is another second-level protocol along with payment channels ( as in the Lightning Network ). But, unlike channels, “commit chains” are supported by a single party that acts as an intermediary for transactions.
DeFi (Decentralized Finance) refers to the ecosystem of financial applications that are built on the basis of blockchain networks. The term “decentralized finance” can refer to an open, free and transparent ecosystem of financial services that is accessible to everyone and works without interference from any government. In this case, users retain full control over their assets and interact with this ecosystem through peer-to-peer (P2P) decentralized applications (dapps).
Federated linked sidechain allows you to issue your own tokens, secured by tokens of the main blockchain, blocked in a multi-subscription address. The private keys of this multicast are created and managed by a group of functionaries. The mechanism that is used to lock and unlock tokens in the main and side chains is usually called two-way binding.
There are many types of federated sidechains, and it’s important to see subtle differences between them.
Firstly, it’s worth briefly describing such sidechains as Liquid and RSK, respectively, presented by Blockstream and RSK Labs.
Liquid is the exchange network between cryptocurrency exchanges and institutions around the world, which allows you to make bitcoin transactions faster, as well as issue your own digital assets. In other words, it is a blockchain for exchanges, brokers and market makers, which allows for fast and private transactions between all network participants. Thanks to the function Issued Assets [release of assets] – participants can use various tokens, securities and even other cryptocurrencies. In Liquid, the Federation of Functioners controls the binding and consensus, and the native token is LBTC.
RSK is a smart contract platform that is tied to the Bitcoin blockchain and the Proof-of-Work algorithm, and is currently the safest network for smart contracts. This allows you to create various decentralized applications that can empower people, as well as improve their quality of life and add freedom. As a side chain, it makes the Bitcoin ecosystem more valuable, expanding the possibilities for using this currency.
Decentralized applications can be written using the Solidity compiler and the standard Web3 library, which ensures compatibility with Ethereum. In addition, RSK helps scale Bitcoin by expanding its internal network space and off-chain transactions, which is provided by the RIF Lumino network of payment channels. Bilateral RSK binding is protected by the RSK Federation, and consensus is achieved through combined mining [merge-mining] . The native token in RSK is RBTC.
Both Liquid and RSK use a federated multi-signature to block bitcoins that are issued on the sidechain in the form of their own cryptocurrency, however, their binding structure is significantly different. There are trade-offs in each of these sidechains.
Both sidechains currently have 15 active functionaries. At the same time, Liquid requires 11 signatures for the release of BTC, while RSK requires 8 signatures. It seems like Liquid gives priority to security and RSK gives convenience.
Nevertheless, Liquid implements the emergency unlock procedure using the multi-signature “2 of 3”, which increases convenience to the detriment of security, which is already the opposite compromise. Also, a similar alarm system in Liquid opens up the possibility for a new attack vector, when miners can block the final transaction in order to force activation of the emergency multi-signature.
In general, each option has pros and cons, so you can implement such an alarm system in RSK or, conversely, remove it from Liquid.
It is possible that, given the critical need for system security, simplicity is preferable.
Both sidechains use hardware security modules (HSMs) to store private keys. Neither Blockstream nor RSK Labs disclosed enough information about how these modules are made or what code they use. At the same time, audit of both firmware and HSM hardware is only allowed for RSK federation functionaries, which also applies to Liquid.
Liquid created its own hardware platform and firmware, which is an advantage for their safety. However, it is not known whether the devices from Blockstream rely on a special Secure Element to protect private keys or not. Security Elements are specifically designed to protect secrets from side-channel attacks and failure, while standard microcontrollers usually fail.
In turn, RSK Labs used off-the-shelf devices with Protective Elements and their own custom firmware.
In Liquid and RSK, the protocol for blocking BTC and unlocking native tokens is different. In Liquid, the user first creates a new temporary federated address, extracting it from the already known federal address using a random code – then the bitcoins are sent to this new temporary address. After a fairly significant number of confirmations, the user or federation functionary sends the transaction to Liquid and sends the other random code received to the rest of the federation members. After that, the system issues LBTC tokens in the number of bitcoins blocked at the temporary address.
The process of converting bitcoins to RSK is as follows: first, the sender must make sure that the bitcoins are stored on a P2PKH format address. If this is not the case, then he must make the necessary transaction [Tx1]. The coins are then transferred from the P2PKH address to the multi-signature federated address through the following transaction [Tx2]. After a significant number of confirmations, the federation issues a notification transaction to RSK containing the SPV proof for the transaction [Tx2]. Further, the blockchain immediately unlocks the equivalent number of RBTC tokens at an address that is controlled by the same secret key as the first transaction input [Tx2]. This is done by converting the bitcoin key to the RSK address.
If for some reason the Federation does not issue confirmation, any user can do it himself, by including evidence in the SPV transaction: the process will be similar, therefore it also does not require any trust.
Users can convert bitcoins to RBTC tokens without registering on the exchange. Anyone can also connect to Liquid, but, nevertheless, it is recommended there to register on one of the exchanges that is a member of the Federation and undergo the KYC procedure. In theory, the Liquid Federation has the right to ignore an incoming transaction (peg-in) from an unregistered user.
At the time of writing, RSK Labs is still using the private key, which allows you to use this to limit the number of bitcoins blocked in the binding. RSK Labs stated that this is a temporary security measure, and that, in the future, they will refuse it when the percentage of combined mining exceeds the permissible 51% of the total hashrate power in Bitcoin. Although, the source code shows that RSK Labs can remove this restriction by sending a special message to the smart contract that controls the binding.
From input binding to output binding
Two-way binding is transparent, so any user can detect and verify input and output transactions (peg-in / peg-out), and, therefore, check federated assets at multi-subscription addresses. If the binding system is transparent, any user can check that the circulating stock of the side chain corresponds to the funds blocked in multi-subscription addresses. In addition, users can check whether the Federation is behaving improperly and whether transfers are blocked inside or outside the binding system.
RSK has a transparent binding system – all input and output transactions (peg-in / peg-out) can be identified and verified by users. A full list of UTXO transactions belonging to the binding can be read from the smart contract launched on the platform. Additionally, current and past federated addresses are available in the smart contract. Peg-out transactions are easily identified because they are tied to UTXO.
[Note translator. UTXO (Unspent Transaction Output) – return of unspent coins that are returned to the sending address after each transaction].
Liquid uses a combination of hot and cold wallets, which increases security and allows you to slightly reduce the waiting time for the output transaction (peg-out). True, such an advantage is quite expensive.
On the Bitcoin side, incoming transactions are paid from a multi-signature hot wallet, which is controlled by a hardware security module (HSM). The resulting UTXO output is periodically reprocessed to prevent the disaster recovery script from starting.
The developers of Liquid realized that the greatest risk to the security of the system is the output binding process, and decided that the bitcoins that are issued as a result of this should be sent to the cold wallet of the exchanger, and not directly to the users ’wallets.
And since in Liquid some of the functionaries are cryptocurrency exchanges – bitcoins are transferred to one of the exchange’s cold wallets, i.e. to the one on which the user is registered. And this gives the exchange the last chance to censor the transaction.
The exchange transfers the funds to the user from its hot wallet, after receiving the transfer to a cold wallet. And since these two transfers are not atomic, there is always a risk that either the exchange will not transfer funds to the user after the hardware module transfers it, or if the exchange makes the transfer first, the system will crash and it will not receive the user’s funds.
In any case, the requirement to use the exchange as an intermediary makes the KYC procedure a key and integral part of the system, and this means that the functionary is a temporary custodian of the user’s funds or their sender, or both.
Yes, this improves user privacy by slightly “shading” the transaction received by him, but this is to the detriment of the transparency of the binding procedure and the possibility of community censorship detection – the output transaction (peg-out) is displayed on liquid.horse.
Additionally, the use of a time-based disaster recovery scenario in Liquid means that funds in a cold storage must be periodically updated to defer a time-out lock, which reduces the efficiency of cold storage in general.
But, even if transparent cold wallets can be easily added to RSK, it is necessary to minimize the role of functionaries. Any human action performed by the functionary as part of the standard procedure opens up additional opportunities for governments and corporations to exert pressure and censorship.
Higher security can be achieved by adding more functionaries with a more diverse set of hardware and software components.
Liquid receives bitcoins in a multi-subscription hot wallet (peg-in), but pays out of the hot wallet of one of the functionaries (peg-out), while receiving a refund from the multi-subscription to a cold wallet
Side Chain Censorship
Bilateral binding provides resistance to censorship on the principle of “all or nothing”, because federation members cannot selectively block any input or output binding transactions without significant side effects, such as blocking a significant subset of subsequent transactions.
This property is vital because authoritarian governments may secretly use censorship to restrict user rights. If censorship can be applied without public disclosure, regulators and governments can exert pressure and, at their own discretion and discretion, force participating companies to block transfers.
In almost all blockchains, including Liquid, censorship can be overcome through the introduction of atomic swaps. However, this will require an active and decentralized distribution network, i.e. developed market with sufficient liquidity.
But, the creation of such a system includes the solution of all those problems that, when creating a standard blockchain + additional complexity to prevent Sivvila attacks without using Proof-of-Work.
[Note translator. Sybil attack – a type of attack in a peer-to-peer network, as a result of which the victim only connects to sites controlled by the attacker].
Therefore, it emphasizes the importance of resistance to censorship on the principle of “all or nothing”, which is associated with the consensus of the whole sidechain.
The RSK sidechain provides censorship resistance through the Bitcoin network for input transactions (peg-in) and censorship resistance on an all-or-nothing basis for output transactions (peg-out).
Input transactions (peg-in) cannot be censored, because users can submit proofs proving the inclusion of bitcoin transactions in the sidechain and that he received a command to issue RBTC tokens.
In turn, peg-out transactions use UTXO transactions, which are selected by the smart contract. Thus, some of the bitcoins are paid to the user, and the rest is returned to the same multi-signature federated address.
These returned bitcoins are reused in subsequent output transactions, thus creating an inextricable chain. This means that to block the first graduation transaction, functionaries must block all subsequent transactions that depend on the output created in the first transaction.
But, there is still a 51% conspiracy among functionaries regarding spending any UTXO. However, this can be immediately detected by users. It is possible that a future peg-out relink will be implemented in a future RSK network upgrade to maximize censorship resistance. In addition, it may be necessary to confirm the inclusion of output transactions (peg-out) in the Bitcoin blockchain, so that 51% of functionaries will not try to ignore the smart contract, which will still try to execute the order for issuing tokens.
But, in Liquid, functionaries may conspire to censor a specific output transaction (peg-out), and individual users will not notice this, since the input UTXO for the output transaction is selected by the functionary, who goes through the KYC procedure to become one. However, since Liquid has very strict confidentiality – it is difficult for exchanges to check each other, since each exchange can hide its LBTC addresses and use new bitcoin addresses for the binding procedure. And since Liquid is primarily intended for exchanges, and not for individual users, it does not realize additional resistance to censorship. Although, neither ordinary users nor standard exchange accounts are safe from censorship here.
Federation Membership Management
The approach to managing the membership of the Federation is a fundamental difference between RSK and Liquid. Presumably in Liquid adding or removing members requires stopping the network and manually configuring specific nodes that are controlled by functionaries – this is necessary to check onion addresses and / or public keys of the remaining nodes. True, this is only an assumption, because the procedure was not published.
In turn, in RSK, you can organize an open protocol for adding or removing participants under common control, while the message will occur through transactions in the sidechain.
The protocol is implemented with a time delay function for the possibility of external auditing, and involves replacing the previous federation with a new one, after which the funds are automatically transferred from the previous UTXO to the new UTXO.
In RSK, transferring funds from the multisignature address of the old Federation to the multisignature address of the new Federation is an interesting multi-step process. When creating a new Federation, a request is made to the full node through the JSON-RPC endpoint.
However, the previous multi-subscription address remains active for some time so that unconfirmed transactions are included in the block. After that, the smart contract sends the remaining funds to the new multi-signature address, and the previous address expires.
One of Liquid’s most powerful features is its built-in support for sensitive transactions – both for LBTC tokens and for issued assets. True, Liquid can hide the amount of the transaction, but not the address of the sender and receiver. Therefore, you need to work with caution to prevent address binding, as in Bitcoin .
Client wallets must be properly protected to prevent private information from leaking through side channels such as traffic analysis. But, there are more confidential transactions than ordinary ones, so it is expected that the fee for a confidential transaction in Liquid will be higher when the blocks overflow.
RSK can provide almost any scheme for private transactions in the form of user contracts developed by a third party. There are examples like Zether , Mobius and AZTEC. Also, you can ensure the greatest possible anonymity using z-Cash-like protocols on top of RSK.
These custom solutions currently hide transaction amounts and destination addresses, but the sender address can still be known. Protection of source addresses requires either a market for meta-transactions (payment to a third party for the translation of a transaction) or changes in the RSK consensus. Therefore, in RSK it is planned to improve the account so that any contract can receive messages directly from an external transaction without a source address, which will ensure complete sender anonymity if it uses Tor.
Today, the field of cryptography is developing at an unprecedented pace that previously was not, with a particular interest in the “non-interactive arguments of knowledge without knowledge”.
[Note translator – also known as zk-SNARK , a special method for creating evidence with zero disclosure].
Every year, newer, faster, and better schemes appear, such as Bulletproofs, Sonic, and Lelantus. In addition, there are new developments that combine privacy with smart contracts, such as Zexe and ZkVM. Therefore, it is worth considering that the presence of many improvement options in privacy schemes is a good reason for the platform not to depend on a particular cryptographic system.
In Liquid, consensus is based on the PBFT variant and is supported by a group of selected functionaries. Functionaries sequentially monitor the cyclical process of creating new blocks – the transaction is considered completed after it is confirmed in two blocks. The functionaries themselves are connected through the Tor overlay network, hiding their real geographic location and IP addresses. This is a really interesting feature that is required in Liquid, but optional in RSK.
RSK uses a combined mining model with the SHA-256 algorithm, which provides the same principle of operation as in Bitcoin. Currently, from 30% to 50% of miners participate in RSK combined mining.
In both Liquid and RSK, miners receive commissions from transactions included in blocks. True, in Liquid miners can conspire to ignore blocks of other miners and become producers of blocks more often than they should, receiving a higher share of transaction fees. This aspect is a side effect of the cyclic planning model.
But, this can be detected by functionaries who are not involved in conspiracy, and therefore it will be difficult to carry out this attack secretly several times.
RSK, for miners, uses one common account with an average commission and the DECOR + reward distribution protocol, in order to stimulate cooperation rather than competition between miners.
Combined mining sidechains, which are a way to increase the value and functionality of Bitcoin, should be opposed to other [dubious] alternatives, such as increasing the block and hard forks, which is a very controversial option, although many miners have had such a temptation in the past.
According to Paul Sztorc, the opportunities created (in the form of a drive chain) eliminate the need for outdated and more dangerous options.
[Note translator. Drivechain is an alternative to the sidechain concept, where miners report on the current state of the sidechain. In other words, they are custodians of funds and can unfreeze them for users who want to move their coins back to the main blockchain. This concept was developed by the creator of Bitcoin Hivemind – Paul Storz].
The same rule applies to sidechains. In addition, combined mining allows you to become miners, receiving commissions for transactions, not only to members of the Federation, but also to other new users.
In both Liquid and RSK, you can create custom assets. At RSK, assets can be issued using the ERC-20 standard, which is commonly used in Ethereum. Liquid also offers its own embedded implementation of asset issuance.
And on that, and on another platform released assets can be freely transferred between users. However, the liquid assets issued are not compatible with light clients, as the platform does not include a commitment in each block header regarding the current UTXO set or asset issue.
At the same time, RSK provides much more significant control over operations with assets, since a high-level programming language is used to create them. Using high-level programs – RSK can support the payment of dividends and interest on tokens, demurrage, as well as various ideas from the field of DeFi.
Both sidechains are capable of supporting second-level payment networks, such as RIF Lumino Payments (in the case of RSK) and Lightning Network, ported to Liquid. And although Lumino initially implies the use of various assets – it is worth believing that the Lightning Network, at the moment, does not support working with several assets where nodes, communications and routing are involved.
Currently, transaction fees in RSK are 10 times cheaper than in Liquid (0.0066 USD versus 0.10 USD for a simple payment). This is partly due to the fact that in RSK simple transactions take up 5 times less space than in Liquid. However, cheap transactions are a double-edged sword, as it can increase the size of the blockchain beyond acceptable limits and centralize a peer-to-peer network.
Additionally, in Liquid, to become part of the Federation, you must pay a monthly fee in favor of Blockstream. At RSK, members of the Federation do not pay fees, but it is required to comply with safety standards and provide a pre-agreed time for continuous operation.
The whitewater RSK has a development plan and social agreement regarding immutability and resistance to censorship. Suggestions for improvement are publicly discussed and included in the implementation by major developers. Some of the planned features include switching to the Unitrie storage model and adopting a rental storage system. The RSK repository has been showing continuous improvements since 2016 and several network updates that have required hard forks.
But Blockstream does not publish its roadmap. However, the Liquid repository on GitHub, which apparently represents the Elements Project, has also shown continuous improvement since 2016, but has not undergone major changes.
One of the key characteristics of the whitekaper RSK is its stated intention to switch to a more decentralized system of two-way binding according to the type of driver chain, by the time Bitcoin is ready to accept a soft fork with the support of the community. RSK Labs has already created Drivechain BIP and a reference implementation that Bitcoin core developers can use in the future.
RSK is a sidechain that aims to become the cornerstone of financial inclusion, focusing on decentralized finance (DeFi).
Liquid is a sidechain designed to provide general liquidity for exchanges. The focus is on protocol simplicity, security and privacy. Therefore, RSK intends to solve a much wider range of tasks, while Liquid seeks to be extremely effective in one.
Using a stateful virtual machine – RSK provides greater openness and flexibility, while Liquid has a simplified priority check over code capabilities.
RSK compatibility with Ethereum makes it easy to port Ethereum dApps and other tools to RSK, giving you access to a large pool of open source resources. Liquid, however, requires developers to use their own Blockstream libraries for security reasons, and currently the community has no alternative.
Both sidechains are supported by experienced development teams. Liquid is supported by Blockstream, while RSK is supported by IOV Labs.
Both sidechains have well-known exchanges among Federation members, where their internal tokens, RBTC and LBTC, are also traded.
We are witnessing the creation of a future for Bitcoin, which will not be limited by the bandwidth of its blockchain, but will expand due to the Lightning Network, Liquid and RSK.