1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
Return-Path: <ZmnSCPxj@protonmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 00AE41869
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 1 Oct 2019 15:35:43 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-40136.protonmail.ch (mail-40136.protonmail.ch
[185.70.40.136])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id A2FEC8B8
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 1 Oct 2019 15:35:41 +0000 (UTC)
Date: Tue, 01 Oct 2019 15:35:34 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=default; t=1569944139;
bh=V52aUFvS5iRvusIVEB0CRsakTfeuQBP34agYuMf7VEs=;
h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:
Feedback-ID:From;
b=e+G4FGTKSNpNecwaC+DrpKRku8OSAH3lgOkdYx/lmhjyTx3l5d188qxIFKsi5EMo+
9ck5+3fr7OE8oQRP6G9gJNxj/jo83ZvaGmnzlkDaOUYo25+1eGrQNTZBEw52JhNsGK
ry7kPTornlzNgV37yZPnYgfpgzsrmva+F2mLqWmc=
To: Christian Decker <decker.christian@gmail.com>
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Reply-To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Message-ID: <4zx7e_vHQr58myY5w_-bAjTk04LTGNknZudZs4wbUiOIoVKhL69M7k1eELCSuoBND2CtVXXzDFBHW4351cttIh80eP8jiaoO8cmbSefZmj4=@protonmail.com>
In-Reply-To: <87tv8s7djq.fsf@gmail.com>
References: <87wodp7w9f.fsf@gmail.com>
<-5H29F71ID9UFqUGMaegQxPjKZSrF1mvdgfaaYtt_lwI7l1OTmN_8OgcooyoMt2_XuyZ5aDljL6gEup9C7skF8iuP_NbMW_81h0tJIGbJno=@protonmail.com>
<87tv8s7djq.fsf@gmail.com>
Feedback-ID: el4j0RWPRERue64lIQeq9Y2FP-mdB86tFqjmrJyEPR9VAtMovPEo9tvgA0CrTsSHJeeyPXqnoAu6DN-R04uJUg==:Ext:ProtonMail
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, DOS_RCVD_IP_TWICE_B, FREEMAIL_FROM,
FROM_LOCAL_NOVOWEL,
RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>,
"lightning-dev\\@lists.linuxfoundation.org"
<lightning-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] Continuing the discussion about noinput /
anyprevout
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 15:35:43 -0000
Good morning Christian,
> > - A standard MuSig 2-of-2 bip-schnorr SegWit v1 Funding Transaction O=
utput, confirmed onchain
> > - A "translator transaction" spending the above and paying out to a S=
egWit v16 output-tagged output, kept offchain.
> > - Decker-Russell-Osuntokun update transaction, signed with `SIGHASH_N=
OINPUT` spending the translator transaction output.
> > - Decker-Russell-Osuntokun state transaction, signed with `SIGHASH_NO=
INPUT` spending the update transaction output.
>
> That is very much how I was planning to implement it anyway, using a
> trigger transaction to separate timeout start and the actual
> update/settlement pairs (cfr. eltoo paper Section 4.2). So for eltoo
> there shouldn't be an issue here :-)
My understanding is that a trigger transaction is not in fact necessary for=
Decker-Russell-Osuntokun: any update transaction could spend the funding t=
ransaction output directly, and thereby start the relative timelock.
At least, if we could arrange the funding transaction output to be spendabl=
e directly using `SIGHASH_NOINPUT` or variants thereof.
> > Again, the more important point is that special blockchain
> > constructions should only be used in the "bad" unilateral close case.
> > In the cooperative case, we want to use simple plain
> > bip-schnorr-signed outputs getting spent to further bip-schnor/Taproot
> > SegWit v1 addresses, to increase the anonymity set of all uses of
> > Decker-Russell-Osuntokun and other applications that might use
> > `SIGHASH_NOINPUT` in some edge case (but which resolve down to simple
> > bip-schnorr-signed n-of-n cases when the protocol is completed
> > successfully by all participants).
>
> While I do agree that we should keep outputs as unidentifiable as
> possible, I am starting to question whether that is possible for
> off-chain payment networks since we are gossiping about the existence of
> channels and binding them to outpoints to prove their existence anyway.
* Lightning supports unpublished channels, so we do not gossip some outpoin=
ts even though they are in fact channels underneath.
* I confess the existence of unpublished channels in the spec fails to su=
mmon any reaction other than incredulity from me, but they exist nonetheles=
s, my incredulity notwithstanding.
* Historical channels that have been cooperatively closed are no longer nor=
mally gossiped, so the fact that they used to be channels is no longer wide=
ly broadcast, and may eventually be forgotten by most or all of the network=
.
* This means anyone who wants to record the historical use of Lightning w=
ill have to retain the information themselves, rather than delegating it to=
fullnodes everywhere.
>
> Not the strongest argument I know, but there's little point in talking
> ideal cases when we need to weaken that later again.
The point of ideal cases is to strive to approach them, not necessarily ach=
ieve them.
Just as a completely unbiased rational reasoner is almost impossible to ach=
ieve, does not mean we should give up all attempts to reduce bias.
Outpoints that used to be channels, but have now been closed using cooperat=
ive closes, will potentially no longer be widely gossiped as having once be=
en channels, thus it may happen that they will eventually be forgotten by m=
ost of the network as once having been channels.
But if the outpoints of those channels are specially marked, then that cann=
ot be forgotten, as the initial block download thereafter will have that hi=
story indelibly etched forevermore.
Regards,
ZmnSCPxj
|
