Author: ZmnSCPxj 2019-02-01 05:15:17
Published on: 2019-02-01T05:15:17+00:00
In this email exchange, James Chiang is seeking to understand how channel commitment transactions can be revoked using op_checksigfromstack(msg, sig, key) and signed sequence commitments. The commitment is signed by both parties for each state and the signature can be verified with op_csfs(c, sig(A+B), key(A+B)). The sequence number is incremented for each new state. An output script of an older, revoked commitment transaction can verify that a newer signed commitment sequence exists by examining op_checksigfromstack(c++, sig(A+B), key(A+B)) and c++ == commitment(n++, r). However, it must also have information about its own sequence number n, so it can verify that this is indeed lower than n++ (current). `n` is embedded in the SCRIPT directly as a constant and the script itself is committed via P2WSH, and the output SCRIPT is committed to in the SIGHASH algorithm used.
Updated on: 2023-06-02T17:18:27.849557+00:00