SegWit introduces a fundamental change to bitcoin: the AnyOneCanSpend address, or essentially a blank signature for transactions. SegWit uses an AnyOneCanSpend address so that transactions will be validated and recorded into blocks, even though the sender/receiver signature data is separated. Normally, an AnyOneCanSpend output (as its name implies) would allow any miner to spend the funds associated with that transaction; therefore, SegWit would introduce new rules for interpreting AnyOneCanSpend. This means that miners could not take advantage of that output address to inappropriately spend the funds associated with all SegWit transactions.
By using AnyOneCanSpend addressing, SegWit therefore opens the door to a corrupt miner mining a block to subvert transactions, and instead redirect them to the miners own address. The value of such an illicit attack would grow every day SegWit is used. Over time, the more people use bitcoin, the more SegWit transactions are added to the blockchain, and the more funds are locked up with SegWit aspects of bitcoin, the more valuable this form of cartel attack becomes. A defecting miner could access historical funds that have not been redirected from SegWit to a traditional bitcoin address. Hence, the longer a SegWit system runs, the more likely it is that a cartel will form to steal funds.
One of the key flaws in the modelling of SegWit is the assumption that existing miners who may harbour good intentions towards the protocol will remain as the key players. This assumption ignores new entrants to the system. The mere possibility of the defection strategy described above is likely, under SegWit, to attract new pool miners with illicit motives. These could be groups opposed to SegWit or those who have never mined bitcoin and seek a relatively quick profit. Such quick profit would allow them to enter the market at a discount.
The introduction of SegWit would alter the maximum known risk associated with bitcoin from a 51% attack with the ability to censor transactions or to engage in elaborate double-spending attacks, to a catastrophic risk that could possibly and completely destroy the whole ledger and all contained value. The premise that miners will not steal funds at the genesis of SegWit does not address the introduction of new players who are now incentivised more and more each and every day to steal the funds that are locked into the ledger and which are growing daily. These new players and the increasing level of funds place all open areas of the ledger at risk to attack at a later date.
comments?