From rusty at rustcorp.com.au  Wed Jul  8 00:32:34 2015
From: rusty at rustcorp.com.au (Rusty Russell)
Date: Wed, 08 Jul 2015 10:02:34 +0930
Subject: [Lightning-dev] HTLCs using
	OP_CHECKSEQUENCEVERIFY/OP_LOCKTIMEVERIFY and revocation hashes.
In-Reply-To: <CALqxMTGLsTDHTvZnqWEHOLuOhS-1h3KtXn7khcBbTuv_uBvDiw@mail.gmail.com>
References: <87fv51eqjl.fsf@rustcorp.com.au>
	<1436298714.4352.55.camel@hppg6.kloosterkade>
	<CALqxMTGLsTDHTvZnqWEHOLuOhS-1h3KtXn7khcBbTuv_uBvDiw@mail.gmail.com>
Message-ID: <87mvz7v68t.fsf@rustcorp.com.au>

Adam Back <adam at cypherspace.org> writes:
> The use of the private key sending function, is just intended to be a
> more compact and efficient way of sending the other end of the channel
> a signed message, it says "well here, have the private key, you can
> sign it yourself".

Yep, the creation of revocable transactions was one of the reasons I'm
still in awe of the LN paper.

The general construct of a "revocable transaction" is any output like:

        I can take the money after some delay, OR
        You can take the money immediately if you know some secret.

In the paper the secret was a temp private key; Adam points out it could
have been a pre-signed 2 of 2 transaction, but privkeys can be generated
algorithmically so you can store millions of these trivially.  But it's
even easier to use hashes instead of privkeys, so that's what I did.

> Now that being the case, and as the transaction has another signature
> anyway it occurred to me that you should be able to use a chain of
> hash preimages to do it more efficiently again.
>
> Rusty generalised that to have a lower setup by using a short of
> hypercube multi-dimensional array of preimages.  (If you want 1million
> hash preimages, then you have to actually compute 1 million of them at
> setup.)  I had the idea that Rusty might've written a blog post on
> this preimage generalisation however I dont seem to be able to find it
> now.

It's on github, in the ccan/crypto/shachain module:

https://github.com/rustyrussell/ccan/blob/master/ccan/crypto/shachain/design.txt

Sorry if it's a bit opaque :(

Cheers,
Rusty.