Apologies in advance if this has already been discussed else where and please do link me to any such prior discussion.
I've read:
https://github.com/cosmos/cosmos/blob/master/PURPOSE.md
https://github.com/cosmos/cosmos/blob/master/WHITEPAPER.md#the-hub-and-zones
https://github.com/cosmos/cosmos/blob/master/WHITEPAPER.md#inter-blockchain-communication-ibc
As I understand it, transacting between blockchains requires the source (sending) blockchain to confirm the transaction. This must be the case because there is no total order amongst all blockchains.
Thus afaics, censorship in the source (sending) blockchain can censor (hold hostage) the ability to make the transaction to the destination (receiving) blockchain. Am I correct?
Afaics, the conceptual problem is that to the extent this is being proposed as a sharding-like scaling solution, this security flaw kills the fungibility of shards. So you can't fungibly implement side-chains where the same token is transferred between blockchains. My intuition has always been (many posts at Bitcointalk) that side-chains are a fundamentally insecure concept, afaics recently I got confirmation of that for PoW, and I have the same intuition w.r.t. to implementing them with some PoS BFT as is the case here. Btw, my original generative essence intuition was that a fungible token is itself a total order, thus it should be impossible to shard it into partial orders without a total order on finality (of ordering).
It is not sufficient to argue that if a user moves the token off to a side-chain, then it is fungible when they move it back to “main-chain”, because there is no main-chain and also because the source blockchain could even double-spend if the ²/₃
of the validators are malevolent. Thus the attacker creates inflation of the money supply. Afaics, conceptually side-chains reduce the security of all the blockchains to the security of the most attacked side-chain.
So this is not the same category of fungibility weakness alleged against Bitcoin due to lack of anonymity and thus the theoretical ability of authorities (or 51% attacker) to enforce black/white/red-lists. The vulnerability I'm alleging here is the internal security against double-spends. In effect, the risk that each hodler's tokens haven't been double-spent is reduced to the security of the weakest side-chain. So it is much more catastrophic (more on the order of a scorched earth total destruction because anyone can attack the entire system of side-chains from any weak side-chain) than the anonymity fungibility issue which is an external social, political issue. This affects side-chains only (i.e. Cosmos and Blockstream's side-chains proposal), not Tendermint nor current version of Bitcoin.
Tangentially I am sure you know (and please do correct me if I have any of the details incorrect), but I will mention it for the benefit of other readers that if ¹/₃
or more of the validators are malevolent they can censor some or all transactions but afaik if the faulty validators are less than ²/₃
, they are statistically identifiable but less reliably so as approach ²/₃
. IoW, if ²/₃
of the validators are malevolent, they can censor and it is not objectively provable they are doing so, only circumstantial evidence can be supplied, which afaics means in that ²/₃
malevolent case your community hardfork proposal is unambiguous and subject to manipulation.
Sorry to drop a bomb on your project. I seem to have a habit of doing that whether it be shooting down the anti-jamming blacklist idea for CoinJoin in 2013 (incongruence: blacklist ≢ anonymity) or other examples hence.
Btw, I think I have a secure solution to the scaling problem, which is what brings me around to your project while I am writing my whitepaper.