Return-Path: Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id C7883C0177 for ; Thu, 26 Mar 2020 17:17:26 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id B6B08892B0 for ; Thu, 26 Mar 2020 17:17:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q+HtUVUHTVxW for ; Thu, 26 Mar 2020 17:17:26 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) by hemlock.osuosl.org (Postfix) with ESMTPS id D628C889AF for ; Thu, 26 Mar 2020 17:17:25 +0000 (UTC) Received: by mail-ed1-f50.google.com with SMTP id de14so7768817edb.4 for ; Thu, 26 Mar 2020 10:17:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=po7oIPiT+rdmlyxiAryTFCeIoofBUHv1fn+s2iu1kdg=; b=GcQGGF7MrKTqQSokY4RoTF3zpq4c4Qq0GxRLKNcuZrDrNSx0LwZRLMF9vWOMtQZEv0 WSazlPb944dU8E2UbU3xOGI+9d7MfOLB3474XHfd1QkRXUJove5Ua7sDjb0sqVa3cPZO r0TMlY8eNwaaqZfbL4Df1J6lpxX4jyZ3AU9Rs7kIvVilBIPnZCuEd9+X9Ote1M0wvRHb 2tS+K4WajddzDwlbrafk3O2OFnRZpw0+KfGrXXsvh7mVLk1ZwozN6N0udZ25P5P3q0K5 XFIgYPJcEkZTL6qRY2CecNPX4bar7kgPVmk7h0CcBsYVBsC65eIhYWSxaPbrgCMmfpQW /J7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=po7oIPiT+rdmlyxiAryTFCeIoofBUHv1fn+s2iu1kdg=; b=VAILb4FVRykSyhOpqVj8fMbaHFVB82Ka/OF0irxEjKhJS/2MbrUaPQhRpECRalUMJu FhZ0c7WFdLfyEwDK8RYmDJjKBurPQLAmE3E65+r3OZYMQ7Z44HT5NiBTpIScAx3EPC7a tWCadRePQGS0Ew0181nDFvnAsMKO+8F8Af1aA51QH9fSbrYqWM6LWGynBfsmA+s5nash yu3pEhjtIdYmyC7rBWfXKHMMTAGWMByKuLvbvEuRoFttjj3PL6OAUZ5IRHB2AuEeSA6Q S7Hh3YJ9tEmsAy+oiovh1ZhXR+cSXJGn0anTi2P/6Y2MFGUzRO+t8jyrBOXboH9WCcDG eBdQ== X-Gm-Message-State: ANhLgQ1MfnaNC6OYR/vNN7LbpgiPEkYvRTx1Nis8/gO9eTZoNRlpXSyz T4ZeAcav38W4onCA0zEIhHebkdOgOCAa7OjZfWU= X-Google-Smtp-Source: ADFU+vvq6ITnH3Lr0AOOihXvXZ9v4o4NOPevapBC++nqTzkT7yBDaF2kNqRP689P7U4KV479HKrmnooHu/u777xPYRM= X-Received: by 2002:aa7:c80a:: with SMTP id a10mr9421612edt.101.1585243044377; Thu, 26 Mar 2020 10:17:24 -0700 (PDT) MIME-Version: 1.0 References: <79753214-9d5e-40c7-97ac-1d4e9ea3c64e@www.fastmail.com> <87369v6nw3.fsf@gmail.com> In-Reply-To: <87369v6nw3.fsf@gmail.com> From: Greg Sanders Date: Thu, 26 Mar 2020 13:17:13 -0400 Message-ID: To: Christian Decker , Bitcoin Protocol Discussion Content-Type: multipart/alternative; boundary="0000000000008af83505a1c52871" Cc: tom@commerceblock.com Subject: Re: [bitcoin-dev] Statechain implementations X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Mar 2020 17:17:26 -0000 --0000000000008af83505a1c52871 Content-Type: text/plain; charset="UTF-8" > Wouldn't that result in a changing pubkey at each update, and thus require an onchain move to be committed? Suggestion was in line with original proposal where no keys are changing ever, just not presupposing existence of MuSig. On Thu, Mar 26, 2020 at 1:15 PM Christian Decker via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > Ruben Somsen via bitcoin-dev > writes: > > Regarding modification 1, I agree with ZmnSCPxj that > > Decker-Wattenhofer is your next best option, given that eltoo is not > > yet available. But if you are going to use a kickoff transaction, keep > > in mind that every previous owner will have a copy of it. Because of > > this, you can't include a fee, and will instead need to have a second > > output for CPFP. This way a previous owner will at least have to pay > > the fee if they want to publish it. Note that it's still an > > improvement, because even if the kickoff transaction gets posted, it > > basically becomes no different than what it would have been, had you > > not used a kickoff transaction at all. > > It might be worth adopting the late fee binding we have in eltoo by > having the kickoff transaction input spending the funding tx signed with > sighash_single. This works because we only have 1 input and 1 output > that we really care about, and can allow others to attach fees at > will. That'd at least remove the need to guess the feerate days or > months in advance and thus having to overestimate. > > > Regarding modification 2, I like it a lot conceptually. It hadn't > > occurred to me before, and it's a clear security improvement. The only > > question is something Greg Sanders mentioned: whether it's enough to > > justify the added complexity of using 2P ECDSA. The alternative would > > be to simply use a regular 2-of-2 multisig (until Schnorr arrives, > > possibly). > > Wouldn't that result in a changing pubkey at each update, and thus > require an onchain move to be committed? > > > I'm looking forward to seeing statechains become a reality. > > That'd indeed be great :-) > > Cheers, > Christian > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --0000000000008af83505a1c52871 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
> Wouldn't that result in a changing pubkey at each= update, and thus
require an onchain move to be committed?

Suggestion was in line with original proposal where no keys are chang= ing ever, just not presupposing existence of MuSig.

On Thu, Mar 26, 20= 20 at 1:15 PM Christian Decker via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org&= gt; wrote:
Ruben= Somsen via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> writes:
> Regarding modification 1, I agree with ZmnSCPxj that
> Decker-Wattenhofer is your next best option, given that eltoo is not > yet available. But if you are going to use a kickoff transaction, keep=
> in mind that every previous owner will have a copy of it. Because of > this, you can't include a fee, and will instead need to have a sec= ond
> output for CPFP. This way a previous owner will at least have to pay > the fee if they want to publish it. Note that it's still an
> improvement, because even if the kickoff transaction gets posted, it > basically becomes no different than what it would have been, had you > not used a kickoff transaction at all.

It might be worth adopting the late fee binding we have in eltoo by
having the kickoff transaction input spending the funding tx signed with sighash_single. This works because we only have 1 input and 1 output
that we really care about, and can allow others to attach fees at
will. That'd at least remove the need to guess the feerate days or
months in advance and thus having to overestimate.=C2=A0

> Regarding modification 2, I like it a lot conceptually. It hadn't<= br> > occurred to me before, and it's a clear security improvement. The = only
> question is something Greg Sanders mentioned: whether it's enough = to
> justify the added complexity of using 2P ECDSA. The alternative would<= br> > be to simply use a regular 2-of-2 multisig (until Schnorr arrives,
> possibly).

Wouldn't that result in a changing pubkey at each update, and thus
require an onchain move to be committed?

> I'm looking forward to seeing statechains become a reality.

That'd indeed be great :-)

Cheers,
Christian
_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev
--0000000000008af83505a1c52871--