Please see the github issues and the twitter discussion (e.g. here: https://twitter.com/stefanwouldgo/status/1163801056423403520) for similar points other people including me have made. At this point I feel there are quite a few unclear points in the presentation and it is not clear to me if they can be salvaged. Am Mi., 21. Aug. 2019 um 09:32 Uhr schrieb ZmnSCPxj via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org>: > Good morning Maxim, > > The Deaf Bob Attack > =================== > > It seems to me that Bob can promote the N3 problem to the N2 problem. > > Suppose Alice contacts Bob to get the data. > However, Bob happens to have lost the data in a tragic boating accident. > > Now, supposedly what Alice does in this case would be to broadcast the > HTLC settlement transaction, whose signature was provided by Bob during > protocol setup. > > But this seems unworkable. > > * If Bob managed to sign the HTLC settlement transaction, what `SIGHASH` > flags did Bob sign with? > * If it was `SIGHASH_ALL` or `SIGHASH_SINGLE`, then Bob already selected > the decryption key at setup time. > * If it was `SIGHASH_NONE`, then Alice could put any SCRIPT, including > ` OP_CHECKSIG`. > > If Bob already selected the decryption key at setup time, then Bob can > ignore Alice. > > * If Alice does not publish the HTLC settlement transaction, then Bob will > eventually enter the N2 state and get the stake+reward. > * If Alice *does* publish the HTLC settlement transaction, without Bob > giving the encrypted data, then Bob can just use the hashlock and reveal > the decryption key. > * The decryption key is useless without the encrypted data! > > It seems this part is not workable? > As the decryption key is embedded in the HTLC, Alice cannot get a > signature from Bob without the decryption key already being selected by Bob > (and thus already claimable even without any data being returned by Bob). > > > Regards, > ZmnSCPxj > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >