From joseph at lightning.network Sun Jul 26 14:57:53 2015 From: joseph at lightning.network (Joseph Poon) Date: Sun, 26 Jul 2015 07:57:53 -0700 Subject: [Lightning-dev] Breach of contract? In-Reply-To: References: Message-ID: <20150726145753.GA24449@lightning.network> On Sat, Jul 25, 2015 at 10:59:16PM +0200, Christopher Jamthagen wrote: >
According to the whitepaper: " If three days have elapsed, > then the above clause is null and void and the clearing process is > invalidated, both parties must not attempt to settle and claim payment > after three days." But clearly there is nothing stopping Bob from > taking the HTLC output when Alice is forced to broadcast the > commitment transaction, even if it is supposed to be null and > void.
Hi Christopher, The design of the HTLCs have a contestation period built-in where the party which broadcasts the Commitment Transaction must wait a period of time before the payment goes back to themselves. I think your concern may have some implications for Rusty's dual anchor/funding version. I had incorrectly stated that it might be possible to do it only with OP_CLTV, but it clearly requires both OP_CLTV and OP_CSV. There's more information being attested when relying on OP_CSV for the HTLC without a transaction chained 2 levels deep. It will require greater time delay between each hop in the payment to account for the relative time to prove whether the Commitment has been revoked. This greater time creates a tradeoff which requires each channel participant (for every hop) to watch the blockchain at a more frequent interval, since that OP_CSV value is intrinsically linked to the payment. With a SIGHASH_NOINPUT (or similar) model having transactions two-deep, this contestation period can be independent of the actual HTLC payments. In effect, the first transaction spending from the HTLC validates whether the preimages are known, the second is whether the Commitment itself is invalidated. With separated anchor/funding, those two steps are combined inside the Commitment Transaction -- AFAIK, (minus the above tradeoffs) it still works though, but I'll double-check. -- Joseph Poon