From: Rusty Russell <rusty@rustcorp•com.au>
To: Joseph Poon <joseph@lightning•network>,
bitcoin-dev@lists•linuxfoundation.org
Cc: lightning-dev@lists•linuxfoundation.org
Subject: Re: [bitcoin-dev] SIGHASH_NOINPUT in Segregated Witness
Date: Mon, 29 Feb 2016 10:55:53 +1030 [thread overview]
Message-ID: <87oab0e50u.fsf@rustcorp.com.au> (raw)
In-Reply-To: <20160226010746.GB10295@lightning.network>
Joseph Poon via bitcoin-dev <bitcoin-dev@lists•linuxfoundation.org> writes:
> Ideally, a 3rd-party can be handed a transaction which can encompass all
> prior states in a compact way. For currently-designed Segregated Witness
> transactions, this requires storing all previous signatures, which can
> become very costly if individuals to thousands of channel state updates
> per day.
AFAICT we need more than this. Or are you using something other than
the deployable lightning commit tx style?
If each HTLC output is a p2sh[1], you need the timeout and rhash for
each one to build the script to redeem it. In practice, there's not
much difference between sending a watcher a tx for every commit tx and
sending it information for every new HTLC (roughly a factor of 2).
So we also need to put more in the scriptPubKey for this to work; either
the entire redeemscript, or possibly some kind of multiple-choice P2SH
where any one of the hashes will redeem the payment.
Cheers,
Rusty.
[1] eg. from https://github.com/ElementsProject/lightning/blob/master/doc/deployable-lightning.pdf
OP_HASH160 OP_DUP # Replace top element with two copies of its hash
<R-HASH> OP_EQUAL # Test if they supplied the HTLC R value
OP_SWAP <COMMIT-REVOCATION-HASH> OP_EQUAL OP_ADD
# Or the commitment revocation hash
OP_IF # If any hash matched.
<KEY-B> # Pay to B.
OP_ELSE # Must be A, after HTLC has timed out.
<HTLC-TIMEOUT> OP_CHECKLOCKTIMEVERIFY Ensure (absolute) time has passed.
<DELAY> OP_CHECKSEQUENCEVERIFY # Delay gives B enough time to use revocation if it has it.
OP_2DROP # Drop the delay and htlc-timeout from the stack.
<KEY-A> # Pay to A.
OP_ENDIF
OP_CHECKSIG # Verify A or B's signature is correct.
Cheers,
Rusty.
prev parent reply other threads:[~2016-03-01 2:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-26 1:07 Joseph Poon
2016-02-26 1:32 ` Gregory Maxwell
2016-02-26 1:48 ` Joseph Poon
2016-02-26 3:20 ` Anthony Towns
2016-02-26 1:34 ` Bryan Bishop
2016-02-26 2:02 ` Joseph Poon
2016-02-26 2:35 ` Luke Dashjr
2016-02-29 0:25 ` Rusty Russell [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87oab0e50u.fsf@rustcorp.com.au \
--to=rusty@rustcorp$(echo .)com.au \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=joseph@lightning$(echo .)network \
--cc=lightning-dev@lists$(echo .)linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox