<i>"2-way peg"</i><p>Moving coins from the side chain back to the main chain is the hard part. The white paper says you <i>"use the proof to unlock a number of previously-locked outputs with equal denomination on the parent chain."</i> You have to lock up N bitcoins to create N side chain coins, but those form part of a locked pool which can later be used to redeem sidechain coins. It's conceptually elegant, but the process is complex and delicate. Lots of things can go wrong, and it needs "challenge periods" of about a day during which things get sorted out.<p><i>"Security for the blockchain is provided by a set of predefined functionaries"</i><p>Uh oh. Remember Paycoin, with its "Prime Controllers" and "guaranteed minimum value". That didn't end well. The whole point of all this cryptographic machinery is supposed to be to eliminate the need to trust some central party or parties. This sidechain scheme doesn't do that.
Peter Todd commented on Twitter that Greg Maxwell's job is impressive.<p><a href="https://people.xiph.org/~greg/confidential_values.txt" rel="nofollow">https://people.xiph.org/~greg/confidential_values.txt</a>
As I understand sidechains there's a complicated proof mechanism that gets set up for transfer of bitcoin 'value tokens' between the bitcoin blockchain and alternative blockchains <i>without creating any additional currency units</i>, and a fall back to a much simpler exchange mechanism for actual practical day to day exchange.<p>But the whole thing about not creating additional currency units actually seems fairly arbitrary to me, given that this adds a whole bunch of otherwise unnecessary complexity.<p>The fallback exchange mechanism for sidechains is based on an atomic exchange algorithm that is well known for many years now.<p>This is something that could easily be standardised in the form of a relatively simple 'pay on reveal secret' transaction type to permit decentralised exchange between arbitrary pairs of blockchains, as I discussed in the following blog post: <a href="http://upcoder.com/11/atomic-cross-chain-exchange/" rel="nofollow">http://upcoder.com/11/atomic-cross-chain-exchange/</a>
GitHub Repo featuring Elements so far (Bitcoin fork):
<a href="https://github.com/ElementsProject/elements" rel="nofollow">https://github.com/ElementsProject/elements</a><p>GitHub Page with a write-up of the actual Sidechain Elements:
<a href="http://elementsproject.org/" rel="nofollow">http://elementsproject.org/</a>
I understand the people in the Bitcoin community are trying to prepare for the future, but is there any evidence at all that Bitcoin transactions will grow to a point where the blockchain can't handle them and sidechains will actually be necessary?
<i>> As a side-effect of its design, CT also enables the additional exchange of private "memo" data (such as invoice numbers or refund addresses)</i><p>This is a very interesting detail.<p>So it's finally possible to use bitcoin as a public ledger, by adding the hash value of any large dataset to the "memo". Up to now, we needed workarounds involving non-existing account, such as provided by Bitcoinproof: <a href="https://vog.github.io/bitcoinproof/" rel="nofollow">https://vog.github.io/bitcoinproof/</a>
The link to the whitepaper is wrong. It links to:<p><a href="https://www.blockstream.com/2014/10/23/why-we-are-co-founders-of-blockstream/" rel="nofollow">https://www.blockstream.com/2014/10/23/why-we-are-co-founder...</a><p>but should link to:<p><a href="https://www.blockstream.com/sidechains.pdf" rel="nofollow">https://www.blockstream.com/sidechains.pdf</a>