Author: Jonas Nick 2019-02-09 16:54:09
Published on: 2019-02-09T16:54:09+00:00
In this email thread on the bitcoin-dev mailing list, Jonas Nick asks Alejandro Ranchal Pedrosa if there is a summary of how the opcode he is proposing would look like. He also inquires if interactive key aggregation schemes like Bellare-Neven could work as well instead of pairing crypto. Alejandro responds with an explanation of an eltoo-like protocol that works without going on-chain if you cannot predict in advance who will become absent. He talks about the Broken Factory attack and Stale Factory attack, which can be exploited by adversaries. Alejandro proposes Transaction Fragments to allow an eltoo-like protocol even when you cannot predict in advance who will become absent or malicious. In another email from Johnson Lau, it is noted that NOINPUT is powerful but has risks of signature replay. Lau suggests tagging an output to make it spendable with NOINPUT, and explains two possible ways to tag the output. Lau goes on to explain that there are pros and cons to each method, and also suggests an extension to the version tagging to make NOINPUT even safer. The email thread discusses how tagging may affect the fungibility of multiparty eltoo channels and how it could mitigate accidental double payments. They also discuss the tradeoff between smart contracts and dumb contracts and the risks of misuse, and propose designs to enable the desired smart contracts while minimizing the risks.
Updated on: 2023-06-13T16:12:43.492215+00:00