* [bitcoin-dev] Extending BIP174 for HTLCs
@ 2018-09-04 3:24 Alex Bosworth
2018-09-04 16:57 ` Pieter Wuille
0 siblings, 1 reply; 2+ messages in thread
From: Alex Bosworth @ 2018-09-04 3:24 UTC (permalink / raw)
To: bitcoin-dev
I've been experimenting with a format tag for BIP 174 to help support
HTLC scripts I've been working with.
Not sure on the best format for this, but what I have been thinking
about is a new input type that defines elements that should be
inserted in the final p2sh/p2wsh stack such as a preimage or a refund
path flag.
Type: Additional Stack Element ADDITIONAL_STACK_ELEMENT = 0xXX
Key: The index in the stack to insert a value (uint32 LE)
{0xXX}|{Stack index}
Value: The value to push into the stack for a redeem script or witness
script at the specified index.
{value}
So my flow is:
1. Create blank PSBT (attaching locktime, anticipating final weight to
adjust outputs for fees)
2. Update with redeem scripts and/or witness scripts
3. Update with sighashes
4. Sign: generate partial signature
5. Attach additional stack elements for the required non-signature elements
6. Finalize to create the final scriptsig and/or witness
7. Extract the signed transaction for broadcast
This may be overkill or overly generic, has anyone else thought of how
to use PSBTs in an HTLC context?
--
Sent from my iPhone
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [bitcoin-dev] Extending BIP174 for HTLCs
2018-09-04 3:24 [bitcoin-dev] Extending BIP174 for HTLCs Alex Bosworth
@ 2018-09-04 16:57 ` Pieter Wuille
0 siblings, 0 replies; 2+ messages in thread
From: Pieter Wuille @ 2018-09-04 16:57 UTC (permalink / raw)
To: Alex Bosworth, Bitcoin Dev
[-- Attachment #1: Type: text/plain, Size: 2188 bytes --]
On Tue, Sep 4, 2018, 04:32 Alex Bosworth via bitcoin-dev <
bitcoin-dev@lists•linuxfoundation.org> wrote:
> I've been experimenting with a format tag for BIP 174 to help support
> HTLC scripts I've been working with.
>
I've been thinking about this as well.
A useful way to look at it IMHO is to see a hash as the analogue of a
public key, and the preimage as the analogue of a signature.
That would suggest adding two fields to PSBT:
* A request for the preimage of a given hash (similar to the pubkey/path
field currently)
* A revealed preimage for a given hash (similar to the partial signature
field currently).
The workflow would in this case would be:
* An updater recognizes an output/script as being one that requires a
preimage, and adds a preimage request field to the input (along with pubkey
fields for all involved keys).
* A "signer" who knows the preimage sees the request field, verifies he's
willing to divulge the secret, and adds a preimage field (along with any
signatures he may be able to create).
* A finalizer who is compatible with the type of hashlock script combines
all signatures and preimages into a final scriptSig/witness stack.
An obvious difficulty is having updaters and finalizers which are
compatible with all possible variations of hashlocks and other scripts.
Not sure on the best format for this, but what I have been thinking
> about is a new input type that defines elements that should be
> inserted in the final p2sh/p2wsh stack such as a preimage or a refund
> path flag.
>
That's one approach to reducing the complexity of the finalizer: adding
information about the composition of the scriptSig to the PSBT itself.
However, I don't think that approach scales very well (you'd need new
fields for all kinds of new script constructions). In particular, dealing
with multiple possible satisfactions may complicate things, especially when
the number of combinations is intractable.
I've been working on another approach that doesn't involve changes to PSBT,
but instead uses an easily-parsable subset of script (which includes
and/or/threshold/pubkey/locktimes/hashlocks). I hope to publish something
soon about it.
Cheers,
--
Pieter
[-- Attachment #2: Type: text/html, Size: 3276 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-09-04 16:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-04 3:24 [bitcoin-dev] Extending BIP174 for HTLCs Alex Bosworth
2018-09-04 16:57 ` Pieter Wuille
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox