path: root/6b/2c5034a0df857aa1b6c2127a13be5f36366630

Return-Path: <ZmnSCPxj@protonmail.com>
Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138])
 by lists.linuxfoundation.org (Postfix) with ESMTP id 8636CC016F
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 13 Jun 2020 01:20:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by whitealder.osuosl.org (Postfix) with ESMTP id 6F40687FAF
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 13 Jun 2020 01:20:28 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from whitealder.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id tvsM0bsM4MNE
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 13 Jun 2020 01:20:26 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail4.protonmail.ch (mail4.protonmail.ch [185.70.40.27])
 by whitealder.osuosl.org (Postfix) with ESMTPS id 6146287FA1
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Sat, 13 Jun 2020 01:20:26 +0000 (UTC)
Date: Sat, 13 Jun 2020 01:20:16 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail; t=1592011224;
 bh=SzwR6pYxJFnPjMAIRfPUqYk0PdR11SleqX0LDDHHEF4=;
 h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From;
 b=qufFtNv+Td8bSue1x9BBfqYNPlrYzmipm/03CX7lIVBJfe75IHg9D+GTseLqi5vGq
 70REeqL9Y2Uu3dOF3L3ov76jniNSSZVpP1CiCEO4sUI7ecp6k4Qjkt44P8Jxu9P+oI
 xe91whgeU6KVJ//RyMhHZNylGH5k/eOGZjVAwP3k=
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>,
 Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Reply-To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Message-ID: <7BPgx65Eh5HE5wLIqeG9G-bdsxxkDJJIzcyOJvS6_FIxXfA10sbFe5dfwQDNiEOExZ9Y72lHq88lKzcBRIFnYGFY5I2vwk6Dg7BcCMjmS2Y=@protonmail.com>
In-Reply-To: <m-yAKsQ52s-bYOrtEXVwETAcJ8sSbJt0k9WDN1ueidJ01IaEHRJtq9Odffmz_2utLxPfmI418x58aFc3vKBpOD2FKqgeCUAn1mvI1OSyGRY=@protonmail.com>
References: <CALZpt+FqAWCAqCLF2HsajL84sOvst_X9_34bb_tvUxLFw=HTAA@mail.gmail.com>
 <7cWQJzkWNEZCI2fYYrJCFxrmGfDGFAtsOyGpXRmB-g4Qhm2jzhyxLtuOIpJAr2CMJjAjri12lmR-h96ev3NWqaTgDtc_NN0yhyVxuIlBuzU=@protonmail.com>
 <CALZpt+EsACbq1QM9MFkC63_gDXW0vHfeTjXc7C9r4+2-1WKAJw@mail.gmail.com>
 <m-yAKsQ52s-bYOrtEXVwETAcJ8sSbJt0k9WDN1ueidJ01IaEHRJtq9Odffmz_2utLxPfmI418x58aFc3vKBpOD2FKqgeCUAn1mvI1OSyGRY=@protonmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [bitcoin-dev] CoinPool,
	exploring generic payment pools for Fun and Privacy
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jun 2020 01:20:28 -0000

Good morning Antoine,

By dropping the requirement that a participant can seamlessly leave the Coi=
nPool, it allows participants to split up their coins among new aliases and=
 to use a different identity for later claiming coins.
With WabiSabi, none of the other participants can get a mapping between cur=
rent-state aliases and the actual participants.

Now, in order to authorize moving coins from an output on the current state=
 to a new output on the next state, obviously the pool needs to get a signa=
ture from its current owner.
Ideally, we would not want to have to implement SCRIPT inside the CoinPool =
software.

And with Taproot, a pubkey can hide one or more SCRIPTs.
If we use pubkeys as the identities of owners of coins, then it allows an a=
lias to encode a SCRIPT.

With the combination of both features, we can instantiate HTLCs (or, with `=
SIGHASH_ANYPREVOUT`, PTLCs) inside a CoinPool "alias" pubkey identity, allo=
wing for interoperation with LN.

Now suppose I have 1.0 BTC in a CoinPool.
I want to make an HTLC with you (hashlocked to you, timelocked to me), for =
0.5 BTC.

I encode the HTLC SCRIPT, and put it into a Taproot whose internal pubkey i=
s a MuSig of fresh identities of mine and yours.

Then, inside the CoinPool, I split my 1.0BTC to a 0.5BTC coin to a fresh id=
entity of mine, and 0.5BTC to our HTLC Taproot.

If you can acquire the hash, you give it to me, and I am supposed to hand y=
ou a partial signature share to the HTLC Taproot that you can later complet=
e and present to the CoinPool in the next update round in order to get the =
HTLC value.
If I do not hand you the signature share even after you hand the hash, you =
just drop the entire CoinPool onchain, instantiating the HTLC Taproot outpu=
t onchain, and using the SCRIPT branch to claim using the hash you know.

If the timelock expires, I ask you to hand over your partial signature to t=
he HTLC Taproot that I can later complete and present to the CoinPool in th=
e next update round to recover the HTLC value.
If you do not hand over the signature share, I drop the CoinPool onchain, w=
hich instantiates the HTLC Taproot output onchain, and use the SCRIPT branc=
h to claim using the timelock branch.

You can also ask to abort the HTLC "early", before the timelock expires, by=
 handing over your partial signature to the HTLC Taproot, which I can later=
 complete and present to the CoinPool in the next update round.
This is equivalent to `update_fail_htlc` in the current LN BOLT spec.

This allows operation of any SCRIPT, incidentally, without requiring that C=
oinPool software include a SCRIPT interpreter, only signature validation.
Any time an output absolutely needs a SCRIPT, we just drop the CoinPool onc=
hain and let onchain handle the SCRIPT interpretation.

Regards,
ZmnSCPxj