Author: Salvatore Ingala 2023-05-01 21:15:20
Published on: 2023-05-01T21:15:20+00:00
In an email, Salvatore Ingala apologized for a couple of oversights in his previous message. The first issue is that m_B cannot be committed as-is in the contract's embedded data with the current semantics of OP_COCV, which only allows 32-byte values. The solution could be to store its hash SHA256(m_B) instead. While he did not test the scripts, he believes the general idea is clear. In a previous email, Salvatore suggested that if the internal_pubkey is a musig-aggregated key of Alice and Bob, the game can be settled entirely offline after the first transaction. However, this suggestion was incomplete, as Alice cannot trust Bob by revealing her move since he could cheat on-chain and play a different move. To fix this, they need to add the requirement that the internal pubkey of [S1] is a musig2 of both players. After Bob reveals his move, Alice will only continue the game off-chain if Bob pre-signs transactions for the state [S1] that send all the money to Alice. This ensures that a cheating Bob is punished.
Updated on: 2023-06-16T03:01:48.286640+00:00