I think if the user can set the timeout values they can decide to accept the risk of blockchain reorg'ed after the swap.
Users typically can't make such settings from any knowledgeable stance. They are ignorant of the tradeoffs and technical issues. I firmly believe you must make this decision for them (at least the default), because I believe they will blame you (the decentralized exchange concept) for any failure. I speak from decades of experience of making B2C (not B2B) commercial software for customers.
NXT PoS limits any reorgs to 720 blocks, so for NXT if the timeout is set above 720 blocks, then it will be beyond the reach of any attack.
That seems reasonable since checkpoints are required in PoS due to people selling their stake and then doing a long-range attack with stake they no longer own based on reorganization of historical transactions that create stake. Anyone who is buying NXT should hopefully understand the tradeoffs of a PoS system (centralized governance, advantage of less electrical consumption, my arguments against PoS in my prior post, etc).
Couldnt any coin use data from the BTC blockchain from some hours in the past to create a backstop from massive reorg? By using the massive PoW of BTC, a PoS or weaker PoW would get an externally verifiable reference? Why couldnt that be used as the generative essence you say is required?
[...]
But maybe I misunderstood your objection and the above has a fatal flaw?
I assume you mean writing some meta-data into the stronger block chain, that the weaker block chain could refer to as evidence. The hindrance is that
decentralized block chains have no external reference point. There is no way to enforce that a particular block in one chain came before a block (nor within some # of blocks after a block) on another chain. Block chains are self-referential, and that is precisely why we need CLTV to implement decentralized exchange. It is also why Blockstream's side chains have security which is as weak as the weakest side chain (because a reorganization in one chain erases coins that have already been reserved in other chains for maintaining the one-to-one exchange peg), which is btw why afaics Side chains are implausible (hopefully this post won't get deleted by the moderator, hehe).
My analysis is that the DE allows people to trade without using a third party escrow (CE function) and this is more decentralizing as the funds are now mostly in peoples wallets instead of a big giant pile in Big Vern's accounts. So if you are claiming that DE is bad, then I think you need to consider that a CE centralized trading funds across ALL the coins that are traded at once.
I have agreed. Remember what I wrote upthread:
I am trying to think of a way to make this practical and robust enough, unless we are facing a prolonged attack from a super power. I like the ideological intent of DE. I will now review your latest reply with a clearer mind.
You won't be able to steal funds, which afaik is the most significant advantage of DE over CE.
Thanks to TierNolan et al, we already have a solution employing CLTV on both chains and even squelched the hypothetical jamming with "coin age" filtering. I even wrote that I am excited about you implementing it.
I think you are trying to argue for cut & choose, but that is not the only way to do DE. We already have a technically sound solution for DE as stated.
I have also stated that the (innovative and clever but yet still economically) technically flawed cut & choose protocol variant might be acceptable if the user understands the risks.
With DE, let us accept your assertion that it will allow some attacker to reorg any chain at will to any depth, as I am sure I couldnt have solved an impossible problem with this post vs. the practical cost of setting it up. Even with this point asserted, I claim that DE provides a better environment as an attack event affects just that one coin, not ALL coins at the DE.
Seems to me the problem of financially incentivizing long-range chain reorganizations by enabling the attacker to steal coins from the 2 of 2 multisig, will infect every coin. Similarly to how Side chains devolves to the security of the weakest chain. However, a key distinction is that Side chains depend on a fungible one-to-one peg, so the catastrophe is much more pervasive because the failure isn't isolated to the participants to the exchange between chains but to the value of all the coins on the chains.
So unless the existing situation of aggregated CE dependency is better for altcoins without CLTV, the DE is an improvement.
Much better altcoins are forced to add CLTV and do DE correctly. Why encourage them to be lazy. Let them die with CE (centralized exchange) if they are too damn lazy to implement CLTV.
You do what ever you want, but you open Pandora's box. If you need to support Nxt, then I say go ahead. But generally supporting DE via the flawed cut & choose seems unsavory to me, but it is of course your decision.