Author: ZmnSCPxj 2020-09-05 02:45:00
Published on: 2020-09-05T02:45:00+00:00
The proposal to hide the collateral input behind `hashPrevouts` is possible, but mildly "unclean" as it relies on the details of the sighash algorithm and complicates reusing Lightning watchtowers. This solution can work if watchtowers use `(sighash[0:15], encrypted_blob)` instead of `(txid[0:15], encrypted_blob)`. It is safer for a CoinSwap maker to have watchtowers that are unaware of exactly *what* they are watching. If watchtowers only get a partial sighash, then the information they contain is not sufficient by themselves to determine what coins are owned by the maker, thus every additional watchtower is no longer a potential attack vector on the privacy of the maker. It is suggested to move to using `sighash[0:15]` instead of `txid[0:15]` for watchtowers.
Updated on: 2023-06-14T03:19:08.166658+00:00