From rusty at rustcorp.com.au Mon May 1 04:33:07 2017 From: rusty at rustcorp.com.au (Rusty Russell) Date: Mon, 01 May 2017 14:03:07 +0930 Subject: [Lightning-dev] Transaction revocation within transaction malleability via anyone-can-revoke hashlocks In-Reply-To: References: <87mvb2hckp.fsf@rustcorp.com.au> Message-ID: <878tmhgprw.fsf@rustcorp.com.au> ZmnSCPxj writes: > Hi ZmnSCPxj! > > Good morning Rusty, thank you for your reply. > From what I can gather so far, it seems, the issue of transaction revocation even with transaction malleability appears to be solved. Although, I want to know, is my idea (which support selfish untrustworthy watchers) better than what Lightning now has? Or has different tradeoffs? It seems to me, at first glance, if the revocation key in my idea is not publicized but sent only to the counterparty, it is effectively equivalent to the current technique. But the receiving counterparty has the option of publishing this revocation key in order to allow anyone to enforce and get free money, even with malleability. That's true, actually. You can certainly have trusted watchers know your revocation keys (and they have a very compact form, so the storage is ~log2(num-transactions). Cheers, Rusty.