Published on: 2016-08-17T10:00:37+00:00
On July 20, 2016, a discussion took place on the bitcoin-dev mailing list regarding Hash Time-Locked Contract (HTLC) transactions in Bitcoin. Sean Bowe requested feedback on these transactions which allow payment for the preimage of a hash, with CSV/CLTV used to recover funds if the other party is uncooperative. Luke Dashjr proposed using OP_SIZE to address the malleability issue caused by hashing the top item on the stack, and Peter Todd praised this idea.The HTLC scripts have a specific structure, starting with [HASHOP] OP_EQUAL followed by an OP_IF and an OP_ELSE, with a [TIMEOUTOP] OP_DROP in between. The script concludes with an OP_CHECKSIG. However, this design makes the scripts malleable as the top stack item can be modified without invalidating the scriptSig. Todd suggests using the OP_SIZE opcode to make it more difficult for attackers to manipulate transactions. This additional requirement involves adding OP_SIZE OP_2 OP_PICK OP_HASH160 [PUBKEYHASH] OP_EQUALVERIFY to the script.Todd also emphasizes the importance of considering different scenarios, such as malicious parties attempting double-spend attacks. The discussion delves into the vulnerabilities of HTLC transactions and provides suggestions for enhancing their security.In addition to the discussion, Sean Bowe shares his draft BIP for HTLC transactions on GitHub. Members of the community express interest in submitting a BIP to support these transactions in wallets with modifications to Bitcoin Core. An implementation of Bowe's draft BIP is currently under development. The HTLC scripts are seen as valuable for applications like the Lightning network and zero-knowledge contingent payments, as demonstrated by the author's 'pay-to-sudoku' ZKCP demo earlier in the year, which utilized the same script implemented with CLTV and SHA256.
Updated on: 2023-08-01T18:46:03.562680+00:00