Re: [Bitcoin-development] Consensus-enforced transaction replacement via sequence numbers

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: s7r <s7r@sky-ip•org>
To: Tier Nolan <tier.nolan@gmail•com>
Cc: Bitcoin Development <bitcoin-development@lists•sourceforge.net>
Subject: Re: [Bitcoin-development] Consensus-enforced transaction replacement via sequence numbers
Date: Thu, 28 May 2015 19:22:46 +0300	[thread overview]
Message-ID: <556740D6.5040004@sky-ip.org> (raw)
In-Reply-To: <CAE-z3OX6pn8HpCXhsN1r_7rX9Wno_e-8dgnrzq0egQNk7N=r3w@mail.gmail.com>



On 5/28/2015 4:35 PM, Tier Nolan wrote:
> On Thu, May 28, 2015 at 1:04 PM, Peter Todd <pete@petertodd•org
> <mailto:pete@petertodd•org>> wrote:
> 
>     For that matter, we probably don't want to treat this as a *version*
>     change, but rather a *feature* flag. 
> 
> 
> I think it is still a version change.  At the moment, the 4 bytes refer
> to the sequence number and afterwards they mean something else.
> 
> For relative locktime verify, I think most use cases could be block
> count based and don't need to be able to count very high. 
> 
> I think the main benefit is that protocols can have one party trigger a
> step while giving the other party guaranteed time to respond.
> 
> *Fast Channel Close
> *
> 
> This assumes that malleability is fixed.
> 

Indeed. This is very important for refunds.

> Alice creates
> 
> TXA:
> output (x) to [multisig A1 & B1]
> 
> Refund:
> input TXA (signed by Alice)
> Output [(A2 & relative_check_locktime(150)) OR (multisig A3 &  B2)]
> 
> Alice sends Refund to Bob
> 
> Bob signs it and sends it back to Alice
> 
> Alice verifies the signature, adds her own and sends it to Bob.
> 
> She broadcasts TXA (would wait until Bob confirms acceptance).
> 
> This means that both Alice and Bob have the refund transaction and can
> use it to close the channel (assuming TXA is not mutated).
> 

In this scenario, if channel is closed, Alice is the only one who can
take the coins back after a relative locktime of 150 blocks. Bob is not
able to do this.

> Alice can send money to Bob by creating a transaction which spends the
> output of the refund transaction (splitting the output x-b for Alice and
> b for Bob), signing it and sending it to Bob.
> 
> Alice can force Bob to close the channel by broadcasting the refund
> transaction.  150 blocks later, she gets the channel deposit if he
> doesn't act.
> 

How is Bob protected in this scenario? If Alice sings a transaction
which spends the output of the refund transaction and gives it to Bob,
Bob can just add its signature and claim his slice of the output,
without necessarily shipping the goods or delivering the services to Alice.

> If she had sent some money to Bob, he has 150 blocks to sign the
> transaction that pays him the most money and broadcast it.  Alice gets
> the remainder of the deposit.
> 
Can you be more explicit here? It doesn't make sense for me.

> Alice cannot broadcast earlier version, since Bob doesn't send her the
> signed versions.
> 
> This means that the channel doesn't need a defined end date.  Either
> party can close the channel whenever they want.
> 
With some risks.

> TXA could be protected against malleability by adding a locktime path. 
> This would only be for use if the transaction is mutated.
> 
How do you apply a locktime path to a tx in the current network consensus?

> 
> ------------------------------------------------------------------------------
> 
> 
> 
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists•sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>

next prev parent reply	other threads:[~2015-05-28 16:23 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-27  1:50 Mark Friedenbach
2015-05-27  7:47 ` Peter Todd
2015-05-27  8:18   ` Gregory Maxwell
2015-05-27 10:00     ` Tier Nolan
2015-05-27 10:58     ` Peter Todd
2015-05-27 17:07       ` Jorge Timón
2015-05-27  8:04 ` Telephone Lemien
2015-05-27 10:11 ` Mike Hearn
2015-05-27 15:26   ` Mark Friedenbach
2015-05-27 17:39     ` Mike Hearn
2015-05-28  9:56       ` Mark Friedenbach
2015-05-28 10:23         ` Mike Hearn
2015-05-28 10:30         ` Tier Nolan
2015-05-28 12:04           ` Peter Todd
2015-05-28 13:35             ` Tier Nolan
2015-05-28 16:22               ` s7r [this message]
2015-05-28 17:21                 ` Tier Nolan
2015-05-28 14:59           ` Mark Friedenbach
2015-05-28 15:18             ` Tier Nolan
2015-05-28 15:38               ` Mark Friedenbach
2015-05-28 15:57                 ` Tier Nolan
2015-06-10  2:40                   ` Rusty Russell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=556740D6.5040004@sky-ip.org \
    --to=s7r@sky-ip$(echo .)org \
    --cc=bitcoin-development@lists$(echo .)sourceforge.net \
    --cc=tier.nolan@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox