Skip to content

Instantly share code, notes, and snippets.


Softchains: Sidechains as a Soft Fork via Proof-of-Work Fraud Proofs

Originally posted on bitcoin-dev.

This post describes a fully decentralized two-way peg sidechain design. Activating new sidechains requires a soft fork, hence the name softchains. The key aspect is that all softchains are validated by everyone via Proof-of-Work Fraud Proofs (PoW FP) -- a slow but very efficient consensus mechanism that only requires the validation of disputed blocks. This does increase the validation burden of mainchain full nodes, but only by a minimal amount (~100MB per chain per year). It's similar to [drivechains][0], but without the major downside of having to rely on miners, since all Bitcoin full node users can efficiently validate each sidechain.

Proof-of-Work Fraud Proofs

Last year I posted the idea of [PoW FP to the Bitcoin mailing list][1] ([follow-up here][2]). The idea is that we can use the existence of a fork in Bitc

RubenSomsen /
Last active Jun 1, 2021
P2P Loans on Liquid

Liquid P2P Loans

This is a variation of the Hodl Hodl contract design for Liquid, but without an arbitrator (not counting Liquid itself). It's pretty simple and similar ideas exist, but it seemed interesting enough to write up and spur some conversation.

I'll begin by explaining the high level concept. For the full details, please examine the steps in the diagram below.


A contract where the Borrower puts up 1.5x collateral (e.g. 1.5 L-BTC) in order to borrow another asset (e.g. $10k USDT, if we assume that's the price of 1 L-BTC). The borrower can reclaim the collateral if they pay back the loan before expiry. If expiry is reached, the collateral goes to the Lender.

Use cases

  • Spending L-BTC without necessarily selling, which

SAS: Succinct Atomic Swap

Works today with [single signer ECDSA adaptor signatures][0], or with Schnorr + MuSig.
Other than the explanation below, there's also a diagram and a video.


  • Requires merely two on-chain transactions for successful completion, as opposed to four
  • Scriptless, and one of the chains doesn't need to support timelocks
  • Can be used for efficient privacy swaps, e.g. [Payswap][1]
RubenSomsen /
Last active Sep 8, 2021
Blind Merged Mining with covenants ( sighash_anyprevout / op_ctv )

Blind Merged Mining with covenants ( sighash_anyprevout / op_ctv )

Update: the content of this gist is also explained in this Spacechains video.

Blind Merged Mining (BMM) is the idea of committing the hash of another blockchain into a unique location on the Bitcoin blockchain, and paying a Bitcoin fee to miners for the privilege of deciding this hash and capturing the fees inside the other blockchain. Since miners don’t have to know what the hash represents and are simply incentivized to choose the highest bidder, it requires no extra validation on their part (“blind”). This idea was originally conceived of by Paul Sztorc, but required a specific soft fork. [0]

In essence, BMM is a mechanism that allows external blockchains (altcoins, tokens) to outsource their mining to the Bitcoin blockchain. Instead of burning electricity with ASICs, they pay bitcoins to miners, who in turn will perform Proof-of-Work (PoW) for the privilege of obtaining this payment. This increases the