From aj at erisian.com.au Mon Jan 16 07:32:43 2017 From: aj at erisian.com.au (Anthony Towns) Date: Mon, 16 Jan 2017 17:32:43 +1000 Subject: [Lightning-dev] LN without SegWit: less efficient or less secure? In-Reply-To: References: <87inpfag87.fsf@rustcorp.com.au> <20170116063138.GA1897@erisian.com.au> Message-ID: <20170116073243.GA2927@erisian.com.au> On Mon, Jan 16, 2017 at 02:44:43PM +0800, Andr?s G. Aragoneses wrote: > But I thought this problem was already solved by using OP_CLTV/OP_CSV -style > channels instead of Spillman-style ones? > See: > http://bitcoin.stackexchange.com/a/48546/2751 The approach described there is to have a channel timeout (adding the "customer signs, but locktime greater than refund time" alternative to the P2SH address). The lightning spec doesn't currently do that (see the "Funding Transaction Output" section of [0]). Lightning uses CLTV and CSV to make the HTLC steps work, that is to make the channel bidirectional, rather than being limited to having one end take the role of customer sending money to the merchant on the other end. [0] https://github.com/lightningnetwork/lightning-rfc/blob/master/03-transactions.md It's not a 100% solution on its own though -- the "merchant" in this scenario can choose not to provide the second signature back to the customer ever, in which case the customer can't access their funds again until the refund time arrives. Better than being never able to access their funds again, of course, which is what you get if you use the current method, without segwit, and get malleated. Cheers, aj