From ZmnSCPxj at protonmail.com  Thu Dec 19 10:00:09 2019
From: ZmnSCPxj at protonmail.com (ZmnSCPxj)
Date: Thu, 19 Dec 2019 10:00:09 +0000
Subject: [Lightning-dev] Pay-to-Open and UX improvements
In-Reply-To: <CACdvm3NugVshj0RGNjTK3D=3LToTFEnVDnb4DAC7pC8mgPrdwA@mail.gmail.com>
References: <CACdvm3O5oXcEspx1Vu-ioCw=JZMQmMKsUYFsX9q1GHnXGce_wQ@mail.gmail.com>
 <CACdvm3NktJcvd=6Bww7PQ-yyLHzWpdiFp8opEbttxfMgWyF4=A@mail.gmail.com>
 <hUcqV0YIljbYDrdme0nsM4gLr3YJOeVdSiNnxmxk4yBWQiMlHoCp23sCetWdx-AXZhMEvju9iguG0100uUJMPJP9mckv-bMbL-f41PX_lRQ=@protonmail.com>
 <CAEM=y+U=PS0ZKikEqHTf11UJ25Qb6yntQSg186aM0zhPSmiBgg@mail.gmail.com>
 <CALZpt+F=8hVSh_-qC1Fj0A0pQkoBN3Q0Lmp3=dPayEJA9KZSnA@mail.gmail.com>
 <CACdvm3MJ-=HBas=CRzP7GYD50m2e2qDfBacYDOqzrsCBXc1hqw@mail.gmail.com>
 <JRITeX7LOeU5Wnx27AYKRiSd2ggQjK5NxyPRa3TI9j6nPuDZ1Ir19QW6z0RtQt4TqFDn_nP3J3VxaZfc4qcwWXlFGi44xulaj6Uwaw8xmBo=@protonmail.com>
 <6dOF2eZd0A4ICUmgFP4owHBJBWdoPOA9yp1Wvj7gn6xgIhK-YrtZ_tsoEmeJ-cu7kMaKSpNR52_qoJVppp_VDxxO1OEbr7EB-5h3DYIvXck=@protonmail.com>
 <CACdvm3NugVshj0RGNjTK3D=3LToTFEnVDnb4DAC7pC8mgPrdwA@mail.gmail.com>
Message-ID: <LdIX8w9u8rbcOFlrdF8w_1TirXsZX1HpgpXZEsEAWOroYy89UUoM4BD_3oL0O7FZXkbDJ_1XJ4vR54npHz4hfSIj79vtS4RyXespELZuwx4=@protonmail.com>

Good morning t-bast,

> Good points, these are good optimisations if we propose such a new opcode!
> I'm still pondering whether this will be useful enough or if finney attacks completely ruin all use-cases...

It does indeed seem to ruin all use-cases, and even my suggestion to enforce RBF will not help against the Finney attack specifically, as the second signature broadcasted is the one that is already in a block.

Further, if the amount in the single-show-signature UTXO being double-spent is greater than the expected block reward, then it may encourage competing miners to instead mine an alternate block at that blockheight instead of building on the block made by the Finney attacker.
This is because they already know the privkey for that UTXO and can instead immediately redirect it to an address they control, and earn more from that block that replaces the Finney attacker block rather than builds on top of it.
All miners will then compete on that block and the Finney attack is promoted from an attack on a single target to an attack on the entire Bitcoin ecosystem, for much justice and laughter.
Thus, `OP_CAT` is too powerful and must not be enabled!!!
Oh no.

Regards,
ZmnSCPxj


>
> Le?jeu. 19 d?c. 2019 ??07:24, ZmnSCPxj <ZmnSCPxj at protonmail.com> a ?crit?:
>
> > Good morning t-bast,
> >
> > > > -? ?A script-path spend with the following script (and only that script):
> > > >? ? ?OP_SWAP OP_DUP <R> OP_EQUALVERIFY OP_SWAP <P> OP_CHECKSIG
> > > >
> > >
> > > Why not this:
> > >
> > > <R> OP_SWAP OP_CHECKSPLITSIG
> > >
> > > ?
> > >
> > > Since `R` is constrained to be fixed anyway, why repeat `R` twice, once in the script and once in the witness stack?
> >
> > For that matter, since we are far more likely to have a constant `R` than a constant `s` maybe you should instead propose that `OP_CHECKSPLITSIG` be given `<s> <R> <P> OP_CHECKSPLITSIG`, so that a fixed-`R` single-show signature is just `<R> <P> OP_CHECKSPLITSIG`.
> >
> > Regards,
> > ZmnSCPxj