Author: Rusty Russell 2016-08-12 03:47:52
Published on: 2016-08-12T03:47:52+00:00
In a discussion on the Lightning Network development mailing list, Joseph Poon and Rusty Russell discussed different schemes for reducing space and communication requirements per new commitment transaction. The most efficient scheme uses shachain/elkrem, SIG_NOINPUT, and a MAST scheme which places two scripthashes into the scriptpubkey, but using this scheme would prevent the watcher from using the elkrem/shachain space-savings themselves. Revealing the preimages seems like another win, but it would require changing at least one key in some way to avoid guessable prior commitment txs, which means sending that key to the watcher to store, costing as much as they save using shachain/elkrem. Sharing HTLCs across transactions could also reduce N to the "number of new HTLCs" instead of "number of HTLCs," but no good solutions were presented. In regards to whether an HMAC-of-tx should be used instead of just the txid, there was some confusion over what an HMAC-of-tx would gain.
Updated on: 2023-05-24T00:15:53.883277+00:00