Author: Alex Schoof 2021-06-28 17:58:47
Published on: 2021-06-28T17:58:47+00:00
The email conversation between Alex and Raymo is discussing the possibility of double-spending in a Sabu protocol. Alice has sent an MT and a GT to Bob over Sabu, and Bob gives goods and services to Alice. Alice then spends that UTXO to Charlie with a higher fee than the GT she sent to Bob. Charlie has no idea that Bob exists because he gets a valid UTXO. There is nothing encumbering the on-chain UTXO from being spent outside of a Sabu payment. The reason people keep bringing up Lightning is that it solves this problem by having a channel-open involving locking funds in a 2-of-2 multisig, preventing them from being spent outside of Lightning until the channel is torn down. In Sabu protocol, only the issuer can sign the transaction and decide how much money goes to whom. The engaged UTXOs belong to the issuer, and the creditor never puts UTXO in the transaction, thus cannot sign the transaction because they have no ownership over the used UTXOs. If the on-chain funds can be spent outside the context of the system, then the system does not prevent double-spends. The Sabu protocol has nothing to do with Lightning, as Sabu has a peer-to-peer network of doc-watchers, while Lightning is a 2-of-2 multisig concept. ZmnSCPxj points out that any invalid-in-Sabu transaction can still be valid in the Bitcoin blockchain layer, making the scheme insecure. A 1-of-1 is not secure, and the whole thing needs to be redesigned to use at least 2-of-2 to ensure trust-minimization security. Features are meaningless without basic trust-minimization security.
Updated on: 2023-06-14T22:53:32.692951+00:00