From aj at erisian.com.au Thu Jul 23 05:07:33 2015 From: aj at erisian.com.au (Anthony Towns) Date: Thu, 23 Jul 2015 15:07:33 +1000 Subject: [Lightning-dev] HTLCs using OP_CHECKSEQUENCEVERIFY/OP_LOCKTIMEVERIFY and revocation hashes. In-Reply-To: <87fv51eqjl.fsf@rustcorp.com.au> References: <87fv51eqjl.fsf@rustcorp.com.au> Message-ID: On 6 July 2015 at 16:41, Rusty Russell wrote: > To recap: each side maintains a commitment transaction with two > outputs: one paying to self (with some delay), and the second paying to > the other side. > To generate hash time-locked contracts (required for lightning > to be a network), both commitment transactions get an additional output. > ?That is, an additional output per HTLC, no?? This output is spendable under four conditions: 1) Recipient knows the R value (funds go to recipient), OR > 2) The HTLC has timed out (funds return to initiator), OR > 3) The HTLC has been revoked (funds to go "non-cheating" side), OR > 4) The Commit transaction has been revoked (funds to go "non-cheating" > side) > > The last two failure modes are separate from each other, because HTLCs > have different lifetimes from commit transactions. > ?I'm not sure that makes sense? It seems to me there's two options: a) HTLC resolved off-chain b) HTLC resolved on-chain ? If (a) then both parties (nominally) agree which way the funds should go, and both the commitment and HTLC are expired simultaneously. If (b) then either party decides to go to the blockchain, publishing tSheir side of the commitment, so both the commitment and HTLC are executed simultaneously. So afaics the commit transaction might as well always revoked before or simultaneously with the HTLC. In that case the conditions are just: - Recipient knows R value - Sender sees HTLC has timed out - Commit transaction has been revoked Scripts for whatever it's worth: HTLC from US to THEM: > --------------------- > (R | Us_Commit_Revoke) Them | TIMEOUT Us DELAY ?===>? ?OP_HASH160 OP_DUP rhash OP_EQUAL OP_SWAP? revhash OP_EQUAL OP_ADD OP_IF OP_DUP OP_HASH160 thempubkeyhash OP_EQUALVERIFY OP_CHECKSIG OP_ELSE timeout OP_CHECKTIMELOCKVERIFY OP_DROP OP_DUP OP_HASH160 mypubkeyhash OP_EQUALVERIFY OP_CHECKSIG ?OP_ENDIF? ?Spend: R TheirHash TheirSig Revoke TheirHash TheirSig? 0 OurHash OurSig HTLC from THEM to US: > --------------------- > ?R Us? DELAY | (Us_Commit_Revoke | TIMEOUT) Them OP_HASH160 OP_DUP rhash OP_EQUAL OP_IF OP_DROP delay OP_CHECKSEQUENCEVERIFY OP_DUP OP_HASH160 mypubkeyhash OP_EQUALVERIFY OP_CHECKSIG OP_ELSE revhash OP_EQUAL OP_IF OP_ELSE timeout OP_CHECKTIMELOCKVERIFY OP_DROP OP_ENDIF OP_DUP OP_HASH160 theirpubkeyhash OP_EQUALVERIFY OP_CHECKSIG OP_ENDIF Cheers, aj -- Anthony Towns -------------- next part -------------- An HTML attachment was scrubbed... URL: