Re: [bitcoin-dev] [Lightning-dev] CheckTemplateVerify Does Not Scale Due to UTXO's Required For Fee Payment

public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed

From: Anthony Towns <aj@erisian•com.au>
To: ZmnSCPxj <ZmnSCPxj@protonmail•com>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists•linuxfoundation.org>
Cc: Lightning Dev <lightning-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Lightning-dev] CheckTemplateVerify Does Not Scale Due to UTXO's Required For Fee Payment
Date: Tue, 30 Jan 2024 15:55:09 +1000	[thread overview]
Message-ID: <ZbiPPSz9vvIxtJSU@erisian.com.au> (raw)
In-Reply-To: <pohquEzgZZA_d4N8NGyF0RNOYNQUn1mEoYLsawgmKL1r_oWXfK2Y4D7VfaK47b2RQ9KNvdsv_pIKahSXyJpWHTHshv_0XJi-jgMo6paN0mI=@protonmail.com>

On Tue, Jan 30, 2024 at 05:17:04AM +0000, ZmnSCPxj via bitcoin-dev wrote:
> 
> > I should note that under Decker-Russell-Osuntokun the expectation is that both counterparties hold the same offchain transactions (hence why it is sometimes called "LN-symmetry").
> > However, there are two ways to get around this:
> > 
> > 1. Split the fee between them in some "fair" way.
> > Definition of "fair" wen?
> > 2. Create an artificial asymmetry: flip a bit of `nSequence` for the update+state txes of one counterparty, and have each side provide signatures for the tx held by its counterparty (as in Poon-Dryja).
> > This lets you force that the party that holds a particular update+state tx is the one that pays fees.
> 
> No, wait, #2 does not actually work as stated.
> Decker-Russell-Osuntokun uses `SIGHASH_NOINPUT` meaning the `nSequence` is not committed in the signature and can be malleated.

BIP 118 as at March 2021 (when it defined NOINPUT rather than APO):

] The transaction digest algorithm from BIP 143 is used when verifying a
] SIGHASH_NOINPUT signature, with the following modifications:
]
]     2. hashPrevouts (32-byte hash) is 32 0x00 bytes
]     3. hashSequence (32-byte hash) is 32 0x00 bytes
]     4. outpoint (32-byte hash + 4-byte little endian) is
]        set to 36 0x00 bytes
]     5. scriptCode of the input is set to an empty script
]        0x00

BIP 143:

] A new transaction digest algorithm is defined, but only applicable to sigops in version 0 witness program:
]
]   Double SHA256 of the serialization of:
] ...
]      2. hashPrevouts (32-byte hash)
]      3. hashSequence (32-byte hash)
]      4. outpoint (32-byte hash + 4-byte little endian) 
]      5. scriptCode of the input (serialized as scripts inside CTxOuts)
] ...
]      7. nSequence of the input (4-byte little endian)

So nSequence would still have been committed to per that proposal.
Dropping hashSequence just removes the commitment to the other inputs
being spent by the tx.

Cheers,
aj

next prev parent reply	other threads:[~2024-01-30  5:55 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-24 19:31 [bitcoin-dev] " Peter Todd
2024-01-25 12:57 ` Michael Folkson
2024-01-30  4:12   ` [bitcoin-dev] [Lightning-dev] " ZmnSCPxj
2024-01-30  4:38     ` Peter Todd
2024-01-30  5:07       ` ZmnSCPxj
2024-01-30  5:17         ` ZmnSCPxj
2024-01-30  5:55           ` Anthony Towns [this message]
2024-01-30  8:40         ` Peter Todd
2024-01-25 17:49 ` [bitcoin-dev] " jlspc
2024-01-30  4:49   ` Peter Todd
2024-02-20 23:13     ` [bitcoindev] " 'jlspc' via Bitcoin Development Mailing List
2024-01-27  6:28 ` Brandon Black
2024-01-30  4:46   ` Peter Todd
     [not found] ` <Plx5nCQxEjS8u-XLGEza0bBGgztkCh7wMTckN95VNqqM6HZfbXxywAqMxiwhO-VIIJq9vioSr7jPwWTIksLkgdTM9aBn6mkmlfHGm-1LhbM=@protonmail.com>
2024-01-30  4:41   ` Peter Todd

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZbiPPSz9vvIxtJSU@erisian.com.au \
    --to=aj@erisian$(echo .)com.au \
    --cc=ZmnSCPxj@protonmail$(echo .)com \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    --cc=lightning-dev@lists$(echo .)linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox