1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
Return-Path: <dave@dtrt.org>
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
by lists.linuxfoundation.org (Postfix) with ESMTP id 355B5C016E
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 28 Jun 2020 16:42:34 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by fraxinus.osuosl.org (Postfix) with ESMTP id 24A2185B0D
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 28 Jun 2020 16:42:34 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 09dHmLLIe7yg
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 28 Jun 2020 16:42:33 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from newmail.dtrt.org (li1228-87.members.linode.com [45.79.129.87])
by fraxinus.osuosl.org (Postfix) with ESMTPS id 4604385913
for <bitcoin-dev@lists.linuxfoundation.org>;
Sun, 28 Jun 2020 16:42:32 +0000 (UTC)
Received: from harding by newmail.dtrt.org with local (Exim 4.92)
(envelope-from <dave@dtrt.org>)
id 1jpaNz-0002tk-3G; Sun, 28 Jun 2020 12:42:31 -0400
Date: Sun, 28 Jun 2020 12:41:32 -0400
From: "David A. Harding" <dave@dtrt.org>
To: Stanga <stanga@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <20200628164132.mmpimgcrxpai2gnb@ganymede>
References: <CABT1wW=X35HRVGuP-BHUhDrkBEw27+-iDkNnHWjRU-1mRkn0JQ@mail.gmail.com>
<CABT1wW=KWtoo6zHs8=yUQ7vAYcFSdAzdpDJ9yfw6sJrLd6dN5A@mail.gmail.com>
<ahTHfoyyTpBrMiKdJWMn9Qa8CMCEd1-y8OXPSjsDmttTOVC3zGuDoSHkm_oOe5mBYgIAY7jOPocQhLW29n544xFsqVyq51NFApvaFYYSvFY=@protonmail.com>
<CABT1wWknczx62uCpJPWku-KeYuaFvJHrvOS74YzqfoVe5x=edg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature"; boundary="n55ktn3ibnwjlido"
Content-Disposition: inline
In-Reply-To: <CABT1wWknczx62uCpJPWku-KeYuaFvJHrvOS74YzqfoVe5x=edg@mail.gmail.com>
User-Agent: NeoMutt/20180716
Cc: Matan Yehieli <matany@campus.technion.ac.il>,
Itay Tsabary <sitay@campus.technion.ac.il>
Subject: Re: [bitcoin-dev] MAD-HTLC
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Jun 2020 16:42:34 -0000
--n55ktn3ibnwjlido
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jun 23, 2020 at 03:47:56PM +0300, Stanga via bitcoin-dev wrote:
> On Tue, Jun 23, 2020 at 12:48 PM ZmnSCPxj <ZmnSCPxj@protonmail.com> wrote:
> > * Inputs:
> > * Bob 1 BTC - HTLC amount
> > * Bob 1 BTC - Bob fidelity bond
> >
> > * Cases:
> > * Alice reveals hashlock at any time:
> > * 1 BTC goes to Alice
> > * 1 BTC goes to Bob (fidelity bond refund)
> > * Bob reveals bob-hashlock after time L:
> > * 2 BTC goes to Bob (HTLC refund + fidelity bond refund)
> > * Bob cheated, anybody reveals both hashlock and bob-hashlock:
> > * 2 BTC goes to miner
> >
> > [...]
>=20
> The cases you present are exactly how MAD-HTLC works. It comprises two
> contracts (UTXOs):
> * Deposit (holding the intended HTLC tokens), with three redeem paths:
> - Alice (signature), with preimage "A", no timeout
> - Bob (signature), with preimage "B", timeout T
> - Any entity (miner), with both preimages "A" and "B", no timeout
> * Collateral (the fidelity bond, doesn't have to be of the same amount)
> - Bob (signature), no preimage, timeout T
> - Any entity (miner), with both preimages "A" and "B", timeout T
I'm not these are safe if your counterparty is a miner. Imagine Bob
offers Alice a MAD-HTLC. Alice knows the payment preimage ("preimage
A"). Bob knows the bond preimage ("preimage B") and he's the one making
the payment and offering the bond.
After receiving the HTLC, Alice takes no action on it, so the timelock
expires. Bob publicly broadcasts the refund transaction with the bond
preimage. Unbeknownst to Bob, Alice is actually a miner and she uses her
pre-existing knowledge of the payment preimage plus her received
knowledge of the bond preimage to privately attempt mining a transaction
that pays her both the payment ("deposit") and the bond ("collateral").
Assuming Alice is a non-majority miner, she isn't guaranteed to
succeed---her chance of success depends on her percentage of the network
hashrate and how much fee Bob paid to incentivize other miners to
confirm his refund transaction quickly. However, as long as Alice has a
non-trivial amount of hashrate, she will succeed some percentage of the
time in executing this type of attack. Any of her theft attempts that
fail will leave no public trace, perhaps lulling users into a false
sense of security.
-Dave
--n55ktn3ibnwjlido
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEgxUkqkMp0LnoXjCr2dtBqWwiadMFAl74yDwACgkQ2dtBqWwi
adN8cRAAo+nHBLGlEW3oXZt7RN1VquM+e626brF4XLxFZyJyaSn7FHDY18HMPI2a
3LCTLeCXB/VEc3dtWZJBeJndIOg1UgEWPtbJqXsuw6e7j6XOzlOQSdNHOhncLf+V
pbwT/6wP0ACNF/RwBLpXuug05XUKQm2kxqU3CHHCTq/0DVCy3ROU5nqkBLL9iFf9
tpz6yk3xlh/cThnz9qU7J3ACaRGbGr32bso/Pz1EuggZ35S5cAR4q7yFmyVg3y+D
C+iZPYWL+iyNDi8ZAe4cwJoRkzOT6J/5XuDUsmJuWJEo+7uD8vRHxHq3OQZWt//L
Wq7hGlBEw6O0Y10FaFvSD9fc9exyr2G7iqUQ+4ZOl0SUw3FltcZ3+I9ZKZaUpBtY
nG7WKbEKo2p+QnIMrSTbUAOa32SR7eX1NIwGbjPjWwBPsBI2yXligmtVyBaywK5u
6FSBeaysSql9e14AKzfFUn5OhEz2lzf5ysM9aBvMoYWM7Zpp6vhQKNgSD4KaXZ1o
axxxXn/Wqd/8GNMeCqo2arHtTpe99RLpQWF/6t4021XIO8eby2qdEdPq/72aP/CA
vwMQAqtNq5zMlx/EOGdrQFLjYh7SGPDtZkBQewyjp10y1gyCQ0jzGBEKfQUKt06H
Eop14xzVdh5oo95H5a1qUF3K1G7BT44Ypt95jOKwZitBk4cXeQ4=
=7MjD
-----END PGP SIGNATURE-----
--n55ktn3ibnwjlido--
|
