Small point but:<p>> Bitcoin’s block interval is ten minutes so it takes about five minutes on average for a new transaction to find its way into a block<p>is wrong. The block interval is ten minutes <i>on average</i>, but not ten minutes uniformly. And in particular because hashing works via random trials whose probabilities of finding a sufficiently long zeroed prefix are constant, the amount of time since the last block is no information about how much more time remains until the next one. It's <i>always</i> ten minutes away from now, on average, which means the average transaction takes ten minutes, not five.<p>The error here was in multiplying the average block interval (10 minutes) by the average fraction of that interval remaining when transactions occur (0.5). But the first operand is only valid if you assume the average block interval weighted over all transactions is the same as the average block interval weighted over all blocks, however transactions are over-represented among blocks that take longer: on average a block which took 15 minutes will have three times as many transactions as one which took 5.
From the paper [1]:<p>> Essentially, an SPV proof is composed of (a) a list of blockheaders demonstrating proof-of-work, and (b) a cryptographic proof that an output was created in one of the blocks in the list. This allows verifiers to check that some amount of work has been committed to the existence of an output. Such a proof may be invalidated by another proof demonstrating the existence of a chain with more work which does not include the block which created the output.<p>which reads to me like embedding a full copy of the rules engine of one blockchain inside the other, meaning 1) all chains likely need to be Turing complete, and 2) a hard fork of one chain is a hard fork of all transitively connected chains. These seem like undesirable properties to me, but it's possible I've misunderstood something.<p>[1] <a href="http://www.blockstream.com/sidechains.pdf" rel="nofollow">http://www.blockstream.com/sidechains.pdf</a>
I'm trying to get my head around it but one thing looks particularly confusing.<p>The article says that "If the second blockchain has agreed to be a Bitcoin sidechain, it now does something really special… it creates the exact same number of tokens on its own network and gives you control of them."<p>Does "the exact same number of tokens" mean the same exact amount in Bitcoin?
Therefore, does it mean that there's no exchange rate and you always move coins 1:1 between Bitcoin and a sidecoin?<p>This doesn't make much sense to me. How does the actual currency amount get converted from BTC to a sidecoin?
What happens if a sidechain network is insecure, and someone creates coins out of nowhere and integrates them back into the main bitcoin blockchain? Do sidechains increase the surface area for bitcoin vulnerabilities?
Can anyone give the gist of how the bitcoin blockchain knows/cares that the sidechain is not using them any more, and how it knows who to transfer them to?
Any side chain must therefore be able to generate currency out of the blue and on-demand. This might be possible to do in other protocols but not bitcoin. So the symmetry is basically lost. am I missing something?
How does mining and the coin generated by mined blocks work in a sidechain?<p>If a sidechain has a smaller blocktime and larger rewards, wouldn't that undermine the two-way peg?<p>Or do sidechains not have their own mining?