Return-Path: Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 720F4C016E for ; Wed, 3 Jun 2020 14:36:59 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 5EDC7876B2 for ; Wed, 3 Jun 2020 14:36:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LEMw-F-CuDlq for ; Wed, 3 Jun 2020 14:36:57 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-40140.protonmail.ch (mail-40140.protonmail.ch [185.70.40.140]) by whitealder.osuosl.org (Postfix) with ESMTPS id 8221F8766A for ; Wed, 3 Jun 2020 14:36:57 +0000 (UTC) Date: Wed, 03 Jun 2020 14:36:46 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1591195015; bh=/4IzQaJaYqzIC357cPZgAZJmiW7gdRwcnvhVO3diUNo=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=mH+EUiRJH0B8Q+Z5zap/f30JYvfEQqBoPAFfA2IyemaZ/6rhpfNF/nCUbf4WIj1uV z/h7+aSi7GmkUgLg3dHeEqU3zIqA0TzhjJY0WKw3DdI9s+7NFFS3QyiAZPKvUwMu+6 Xx2rUkyM4qTKM8DlyURNuuExN5jbOISqdNICf5iM= To: Dmitry Petukhov From: ZmnSCPxj Reply-To: ZmnSCPxj Message-ID: In-Reply-To: <20200603140425.2a4e9d60@simplexum.com> References: <20200603140425.2a4e9d60@simplexum.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "bitcoin-dev@lists.linuxfoundation.org" Subject: Re: [bitcoin-dev] SAS: Succinct Atomic Swap X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2020 14:36:59 -0000 Good morning Dmitry, > I made a version of the TLA+ spec according to the suggested variant, > as I understood it from your description. This version is in > the separate branch in the SASwap repo, 'variant_ZmnSCPxj' [1] > > If I understood and specified your variant correctly, there is a > deadlock possible after step 9, if Bob fails to publish success tx in > time. After refund tx becomes spendable, Alice cannot publish it via > mempool, because Bob can learn her secret and has a chance invalidate > her refund tx by giving his success tx to friendly miner, while taking > back the locked LTC because both secrets are known. At the same time, > Bob cannot publish success tx via mempool, because then Alice can do > the same thing, invalidating his success tx with refund tx via friednly > miner. Indeed, this is precisely the issue Ruben pointed out. Rationally, neither side will want this condition due to the deadlock and B= ob will strive to avoid this, having a short real-world timeout after which= Bob will force publication of the success tx if Alice does not respond in = time. There *is* a reason why it says "Bob claims the BTC funding txo before L1." Of course, computers do crash occasionally, I am informed, so complete acci= dents may occur that way. This can be mitigated by running multiple servers who are given copies of t= he success tx, and which will publish it regardless after a short sidereal = time duration, unless countermanded by the main server (i,e, a dead man swi= tch system). With sufficient distribution the probability of this occurring can drop to = negligible levels compared to other theoretical attacks. Regards, ZmnSCPxj