1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
Return-Path: <ZmnSCPxj@protonmail.com>
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
by lists.linuxfoundation.org (Postfix) with ESMTP id 720F4C016E
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 3 Jun 2020 14:36:59 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by whitealder.osuosl.org (Postfix) with ESMTP id 5EDC7876B2
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 3 Jun 2020 14:36:59 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id LEMw-F-CuDlq
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 3 Jun 2020 14:36:57 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-40140.protonmail.ch (mail-40140.protonmail.ch
[185.70.40.140])
by whitealder.osuosl.org (Postfix) with ESMTPS id 8221F8766A
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 3 Jun 2020 14:36:57 +0000 (UTC)
Date: Wed, 03 Jun 2020 14:36:46 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=protonmail; t=1591195015;
bh=/4IzQaJaYqzIC357cPZgAZJmiW7gdRwcnvhVO3diUNo=;
h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
b=mH+EUiRJH0B8Q+Z5zap/f30JYvfEQqBoPAFfA2IyemaZ/6rhpfNF/nCUbf4WIj1uV
z/h7+aSi7GmkUgLg3dHeEqU3zIqA0TzhjJY0WKw3DdI9s+7NFFS3QyiAZPKvUwMu+6
Xx2rUkyM4qTKM8DlyURNuuExN5jbOISqdNICf5iM=
To: Dmitry Petukhov <dp@simplexum.com>
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Reply-To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Message-ID: <UumGKofzr_d8aqpQE2fS6kkbJTRfkuOwpbdNBlaNLe8hB_pUZSI0kNOypT-HeSsQP3ZXoW4vyvknUyQ6Zi22rDLGcedvkv_Rj6pgVbNVKUM=@protonmail.com>
In-Reply-To: <20200603140425.2a4e9d60@simplexum.com>
References: <CAPv7TjZGBbf6f1y49HLFD2eNiP5d4e+=dFGqiMFs6jaeYyH-NQ@mail.gmail.com>
<vtu_ujJwxJDSC3w4QI5VlQ8WfkxaRg1Jk4nSNybgeYSWgGrN7sJiKa9dNzb0tDbRBdVhT4p60v-j6C2F8LmFxMLUTi_VtCznWRb56GVlvu8=@protonmail.com>
<CAPv7TjYePyEt2YMg3J_KinK6Lv6SSLAF2nrOj79_oVt8qBXN0w@mail.gmail.com>
<OyxLj_9i4yfbKGK-W0GXc2V9bQA3RJBPGHmPUz3OtwG6ZMCpRwgXtuFl9E_aDi4M_VP3cNIVoqj3mIjTJ_2rRdGuWyoJcNNCKs2G6znGhck=@protonmail.com>
<20200603140425.2a4e9d60@simplexum.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "bitcoin-dev@lists.linuxfoundation.org"
<bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] SAS: Succinct Atomic Swap
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 14:36:59 -0000
Good morning Dmitry,
> I made a version of the TLA+ spec according to the suggested variant,
> as I understood it from your description. This version is in
> the separate branch in the SASwap repo, 'variant_ZmnSCPxj' [1]
>
> If I understood and specified your variant correctly, there is a
> deadlock possible after step 9, if Bob fails to publish success tx in
> time. After refund tx becomes spendable, Alice cannot publish it via
> mempool, because Bob can learn her secret and has a chance invalidate
> her refund tx by giving his success tx to friendly miner, while taking
> back the locked LTC because both secrets are known. At the same time,
> Bob cannot publish success tx via mempool, because then Alice can do
> the same thing, invalidating his success tx with refund tx via friednly
> miner.
Indeed, this is precisely the issue Ruben pointed out.
Rationally, neither side will want this condition due to the deadlock and B=
ob will strive to avoid this, having a short real-world timeout after which=
Bob will force publication of the success tx if Alice does not respond in =
time.
There *is* a reason why it says "Bob claims the BTC funding txo before L1."
Of course, computers do crash occasionally, I am informed, so complete acci=
dents may occur that way.
This can be mitigated by running multiple servers who are given copies of t=
he success tx, and which will publish it regardless after a short sidereal =
time duration, unless countermanded by the main server (i,e, a dead man swi=
tch system).
With sufficient distribution the probability of this occurring can drop to =
negligible levels compared to other theoretical attacks.
Regards,
ZmnSCPxj
|
