1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
Return-Path: <apoelstra@wpsoftware.net>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 5D65BAD7
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 20 Sep 2019 12:29:04 +0000 (UTC)
X-Greylist: delayed 00:06:41 by SQLgrey-1.7.6
Received: from mail.wpsoftware.net (wpsoftware.net [96.53.77.134])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id 044AC8E5
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 20 Sep 2019 12:29:03 +0000 (UTC)
Received: from boulet (boulot.lan [192.168.0.193])
by mail.wpsoftware.net (Postfix) with ESMTPSA id 01CBB400E3;
Fri, 20 Sep 2019 12:22:21 +0000 (UTC)
Date: Fri, 20 Sep 2019 12:22:20 +0000
From: Andrew Poelstra <apoelstra@wpsoftware.net>
To: Lloyd Fournier <lloyd.fourn@gmail.com>,
Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <20190920122220.GR13224@boulet>
References: <7e7SBK5tLdpzTkgh-sNrAZR7qnPfu_i0tHY5ia4pk3Mjdw3dSZx3kcKiIMC9Hmu_lp8Y3mBFqlqsA_iHobJo58MSiW8NW1zKHUQKOWuuw4c=@protonmail.com>
<CAH5Bsr1G6r-g_so96ALo0gpboWDduRaZzFT7Z1rDBFdzDHsXTA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="3wm5X47Ts/nUgpUh"
Content-Disposition: inline
In-Reply-To: <CAH5Bsr1G6r-g_so96ALo0gpboWDduRaZzFT7Z1rDBFdzDHsXTA@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_00, BODY_QUOTE_MALF_MSGID
autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Timelocks and Lightning on MimbleWimble
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Sep 2019 12:29:04 -0000
--3wm5X47Ts/nUgpUh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Sep 20, 2019 at 04:54:34AM +1000, Lloyd Fournier via bitcoin-dev wr=
ote:
> Hi ZmnSCPxj,
>=20
> I can give some context on the exchange during the talk. I was the "Q" and
> Andrew Polestra was the "A".
>=20
> I followed up with Andrew after and he indeed knew about the pre-signed
> nlocktime transaction double spend technique (actually, I thought he was
> the one who originally came up with that idea for scriptless atomic swaps=
).
> He clarified saying that you can do that with locktime (absolute time
> locks) but not with sequence numbers (relative time locks). i.e. to enfor=
ce
> sequence numbers you need to use OP_CHECKSEQUENCEVERIFY. He said that it
> would make sense to change that so it's enforced regardless of script.
>=20
> However, I talked to Antoine Riard later who was adamant that sequence
> numbers already worked as expected. He pointed to the fact that BIP68
> already describes it as an independent constraint [1]
>=20
> So if things do work as described in BIP68 then we should be able to do
> lightning on Bitcoin without any script once we have Schnorr. I'm keen to
> actually figure out all the details of how to do this. It works in my head
> but I think I should write it down somewhere to make sure it works.
>=20
> [1] https://github.com/bitcoin/bips/blob/master/bip-0068.mediawiki
>=20
> LL
>
Yep, during the recorded exchange I was confused about the content of
the BIP. Later I described the exchange to Dan Robinson, who showed me
the actual text :).
Sorry for the confusion - Lloyd was totally right and you can do
relative locktimes this way in Taproot without needing to expose a
script.
Having said this, there is the important caveat that your "emergency
backout" keys are online to produce a pre-signed transaction, and
that a suitable destination is known beforehand. This makes sense for
Lightning or most atomic swap protocols where the money simply returns
to the original owner, but not e.g. for Liquid, where the emergency
keys have never been brought online (and anyway the contents of any
transaction they might sign depends on facts and circumstances that
aren't known ahead of time).
--=20
Andrew Poelstra
Director of Research, Blockstream
Email: apoelstra at wpsoftware.net
Web: https://www.wpsoftware.net/andrew
The sun is always shining in space
-Justin Lewis-Webster
--3wm5X47Ts/nUgpUh
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEkPnKPD7Je+ki35VexYjWPOQbl8EFAl2ExHsACgkQxYjWPOQb
l8F/agf+KicIrtMvQIdCXRT7vUphny4h9ibFqQX86i+QEB6B53oQ+V85Ci6qxurw
jrdojItTvlKbKckOlVjrUN12cStpAgJE4OyRNwiYz4OCejTL/FpYeuTt/nzgxyHY
TDZijrixw4F4DE5dt8gY6j6Q8m37YoW1ffEhif25pHzb+ZcJSbvSAu3hQQlaTHOs
6/4P+BuxEKisVWberJ0ADrrJCn4x130KEVIV9ZDTeA8gkA+onLI7teEGMmuIcbw5
4Wm6Q07lWMdGRRtPkIF/rcdgWeN9pXoDmYksfb+45QJCI0BNN3aQYofVeqNDxlA/
5dFHnUm+TQCDwe9AePLfvMbVKwZZGg==
=Q2Z4
-----END PGP SIGNATURE-----
--3wm5X47Ts/nUgpUh--
|
