From: Johnson Lau <jl2012@xbt•hk>
To: ZmnSCPxj <ZmnSCPxj@protonmail•com>,
bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org>
Cc: "lightning-dev@lists•linuxfoundation.org"
<lightning-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Lightning-dev] More thoughts on NOINPUT safety
Date: Thu, 21 Mar 2019 16:37:54 +0800 [thread overview]
Message-ID: <1D5043F6-DC7B-4D40-9B68-30125829A7F6@xbt.hk> (raw)
In-Reply-To: <isp2OcX23r-Tfl-WSbybuKnppjVlZV52AM1GGEaQd8uHlkliikUBvK49WOnzgaxOjDuOCNdu6CsmHt6kfK0z_FRrOgYAYWrWaDniZA3EEZQ=@protonmail.com>
[-- Attachment #1: Type: text/plain, Size: 1793 bytes --]
> On 20 Mar 2019, at 4:07 PM, ZmnSCPxj via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> wrote:
>
> Hi aj,
>
> Re-reading again, I think perhaps I was massively confused by this:
>
>> - alternatively, we could require every script to have a valid signature
>> that commits to the input. In that case, you could do eltoo with a
>> script like either:
>>
>> <A> CHECKSIGVERIFY <B> CHECKSIG
>> or <P> CHECKSIGVERIFY <Q> CHECKSIG
>>
>>
>> where A is Alice's key and B is Bob's key, P is muSig(A,B) and Q is
>> a key they both know the private key for. In the first case, Alice
>> would give Bob a NOINPUT sig for the tx, and when Bob wanted to publish
>> Bob would just do a SIGHASH_ALL sig with his own key. In the second,
>> Alice and Bob would share partial NOINPUT sigs of the tx with P, and
>> finish that when they wanted to publish.
>
> Do you mean that *either* of the above two scripts is OK, *or* do you mean they are alternatives within a single MAST or `OP_IF`?
>
It means either.
If you use <A> CHECKSIGVERIFY <B> CHECKSIG style, A and B will exchange the NOINPUT sig, and they will add the required non-NOINPUT sig when needed.
If you use <muSig(A,B)> CHECKVERIFY <Q> CHECKSIG, A and B will co-sign the muSig(A,B) with NOINPUT. They will also share the private key of Q, so they could produce a non-NOINPUT sig when needed.
The first style is slightly easier as it doesn’t need muSig. But with 3 or more parties, the second style is more efficient.
However, if you use watchtower, you have to use the second style. That means you need to share the private key for Q with the watchtower, That also means the watchtower will have the ability to reply the NOINPU muSig. But it is still strictly better than anyone-can-replay.
[-- Attachment #2: Type: text/html, Size: 6419 bytes --]
next prev parent reply other threads:[~2019-03-21 8:38 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-13 1:41 [bitcoin-dev] " Anthony Towns
2019-03-13 6:41 ` [bitcoin-dev] [Lightning-dev] " ZmnSCPxj
2019-03-13 11:10 ` Anthony Towns
2019-03-14 5:22 ` ZmnSCPxj
2019-03-14 7:24 ` Anthony Towns
2019-03-14 7:55 ` ZmnSCPxj
2019-03-14 12:00 ` Christian Decker
2019-03-20 0:22 ` Rusty Russell
2019-03-20 3:33 ` Rusty Russell
2019-03-20 7:38 ` ZmnSCPxj
2019-03-20 8:07 ` ZmnSCPxj
2019-03-21 8:37 ` Johnson Lau [this message]
2019-03-21 9:06 ` Anthony Towns
2019-03-21 10:05 ` ZmnSCPxj
2019-03-21 11:55 ` Anthony Towns
2019-03-22 1:59 ` ZmnSCPxj
2019-03-22 2:58 ` Anthony Towns
2019-03-22 7:46 ` ZmnSCPxj
2019-03-22 4:23 ` Johnson Lau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1D5043F6-DC7B-4D40-9B68-30125829A7F6@xbt.hk \
--to=jl2012@xbt$(echo .)hk \
--cc=ZmnSCPxj@protonmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=lightning-dev@lists$(echo .)linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox