From ZmnSCPxj at protonmail.com Tue Dec 3 02:55:19 2019 From: ZmnSCPxj at protonmail.com (ZmnSCPxj) Date: Tue, 03 Dec 2019 02:55:19 +0000 Subject: [Lightning-dev] eltoo towers and implications for settlement key derivation In-Reply-To: <87d0d6mgiq.fsf@rustcorp.com.au> References: <87d0d6mgiq.fsf@rustcorp.com.au> Message-ID: Good morning Rusty, > > Hi all, > > I recently revisited the eltoo paper and noticed some things related > > watchtowers that might affect channel construction. > > Due to NOINPUT, any update transaction can spend from any other, so > > in theory the tower only needs the most recent update txn to resolve > > any dispute. > > In order to spend, however, the tower must also produce a witness > > script which when hashed matches the witness program of the input. To > > ensure settlement txns can only spend from exactly one update txn, > > each update txn uses unique keys for the settlement clause, meaning > > that each state has a unique witness program. > > I didn't think this was the design. The update transaction can spend > any prior, with a fixed script, due to NOINPUT. > > The settlement transaction does not use NOINPUT, and thus can only > spend the matching update. My understanding is that this is not logically possible? The update transaction has no fixed txid until it commits to a particular output-to-be-spent, which is either the funding/kickoff txout, or a lower-`nLockTime` update transaction output. Thus a settlement transaction *must* use `NOINPUT` as well, as it has no txid it can spend, if it is constrained to spend a particular update transaction. Unless I misunderstand how update transactions work, or what settlement transactions are. Regards, ZmnSCPxj