From rusty at rustcorp.com.au Mon Dec 2 23:53:01 2019 From: rusty at rustcorp.com.au (Rusty Russell) Date: Tue, 03 Dec 2019 10:23:01 +1030 Subject: [Lightning-dev] eltoo towers and implications for settlement key derivation In-Reply-To: References: Message-ID: <87d0d6mgiq.fsf@rustcorp.com.au> Conner Fromknecht writes: > Hi all, > > I recently revisited the eltoo paper and noticed some things related > watchtowers that might affect channel construction. > > Due to NOINPUT, any update transaction _can_ spend from any other, so > in theory the tower only needs the most recent update txn to resolve > any dispute. > > In order to spend, however, the tower must also produce a witness > script which when hashed matches the witness program of the input. To > ensure settlement txns can only spend from exactly one update txn, > each update txn uses unique keys for the settlement clause, meaning > that each state has a _unique_ witness program. I didn't think this was the design. The update transaction can spend any prior, with a fixed script, due to NOINPUT. The settlement transaction does *not* use NOINPUT, and thus can only spend the matching update. Cheers, Rusty.