From: Alejandro Ranchal Pedrosa <a.ranchalpedrosa@gmail•com>
To: Matt Corallo <lf-lists@mattcorallo•com>
Cc: Bitcoin Dev <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] A BIP proposal for transactions that are 'cancellable'
Date: Fri, 7 Sep 2018 09:07:25 +0200 [thread overview]
Message-ID: <14a4d701-54d3-34b0-8eed-07efafd0061c@gmail.com> (raw)
In-Reply-To: <029a8e95-a265-451d-5417-957d685fa9ce@mattcorallo.com>
Yes I agree with what you mean but this requires Alice to broadcast an
additional transaction. Also, Alice is supposed to be able to 'cancel'
the transaction in the first 24hours, not after them.
Best,
Alejandro.
On 9/6/18 6:33 PM, Matt Corallo wrote:
> I think you misunderstood my proposal. What you'd do is the transaction
> is spendable by either Bob OR (Bob AND Alice) and before
> broadcast/during construction/whatever sign a new transaction that
> spends it and is only spendable by Alice, but is timelocked for 24
> hours. At the 24h mark, Alice broadcasts the transaction and once it is
> confirmed only Alice can claim the money.
>
> On 09/06/18 10:59, Alejandro Ranchal Pedrosa wrote:
>> Dear Matt,
>>
>> Notice that what you suggest has some substantial differences. With your
>> suggestion of a multisig option with a 24h timelock, once you give Alice
>> the chance to spend that UTXO without a negative timelock (as we argue),
>> by means of, say, a transaction that she can use, you cannot enforce
>> that this is not used by Alice after the 24hs. Perhaps it is possible,
>> tweaking the Lightning Channel design of Breach Remedy txs, to penalize
>> Alice if she does this, but this requires Bob to check the Blockchain in
>> case he needs to publish a proof-of-fraud, think of adding extra funds
>> to the transaction to account for penalization, etc.
>>
>> Feel free to correct me if I got it wrong in your email.
>>
>> Best,
>> Alejandro.
>>
>>
>> On Thu, Sep 6, 2018 at 3:32 PM Matt Corallo <lf-lists@mattcorallo•com
>> <mailto:lf-lists@mattcorallo•com>> wrote:
>>
>> I think a simple approach to what you want to accomplish is to
>> simply have a multisig option with a locktime pre-signed transaction
>> which is broadcastable at the 24h mark and has different
>> spendability. This avoids introducing reorg-induced invalidity.
>>
>> On September 6, 2018 9:19:24 AM UTC, Alejandro Ranchal Pedrosa via
>> bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org
>> <mailto:bitcoin-dev@lists•linuxfoundation.org>> wrote:
>>
>> Hello everyone,
>>
>> We would like to propose a new BIP to extend OP_CSV (and/or OP_CLTV) in
>> order for these to allow and interpret negative values. This way,
>> taking the example shown in BIP 112:
>>
>> HASH160 <revokehash> EQUAL
>> IF
>> <Bob's pubkey>
>> ELSE
>> "24h" CHECKSEQUENCEVERIFY DROP
>> <Alice's pubkey>
>> ENDIF
>> CHECKSIG
>>
>> that gives ownership only to Bob for the first 24 hours and then to
>> whichever spends first, we basically propose using the negative bit value:
>>
>> HASH160 <revokehash> EQUAL
>> IF
>> <Bob's pubkey>
>> ELSE
>> "-24h" CHECKSEQUENCEVERIFY DROP
>> <Alice's pubkey>
>> ENDIF
>> CHECKSIG
>>
>> meaning that both would have ownership for the first 24 hours, but
>> after that only Bob would own such coins. Its implementation should
>> not be too tedious, and in fact it simply implies considering negative
>> values that are at the moment discarded as for the specification of
>> BIP-112, leaving the sign bit unused.
>>
>> This, we argue, an increase the fairness of the users, and can at times
>> be more cost-effective for users to do rather than trying a Replace-By-Fee
>> transaction, should they want to modify such payment.
>>
>> We would like to have a discussion about this before proposing the
>> BIP, for which we are preparing the text.
>>
>> You can find our paper discussing it here:
>> https://hal-cea.archives-ouvertes.fr/cea-01867357 (find attached as well)
>>
>> Best,
>>
next prev parent reply other threads:[~2018-09-07 7:07 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-06 9:19 Alejandro Ranchal Pedrosa
2018-09-06 13:31 ` Matt Corallo
[not found] ` <CABaiX-2L9oVdta=aRH91uE=iPRv4cX6zU0=+oF+2oWqnu=64YQ@mail.gmail.com>
2018-09-06 16:33 ` Matt Corallo
2018-09-07 7:07 ` Alejandro Ranchal Pedrosa [this message]
2018-09-06 15:16 ` Gregory Maxwell
2018-09-06 20:32 ` Brandon Smith
2018-09-07 5:02 ` Terry McLaughlin
2018-09-07 7:12 ` Alejandro Ranchal Pedrosa
2018-09-07 12:51 ` Brandon Smith
2018-09-07 13:47 ` TUCCI Sara
2018-09-06 16:14 ` vizeet srivastava
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=14a4d701-54d3-34b0-8eed-07efafd0061c@gmail.com \
--to=a.ranchalpedrosa@gmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=lf-lists@mattcorallo$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox