Author: ZmnSCPxj 2019-02-01 09:33:53
Published on: 2019-02-01T09:33:53+00:00
The writer of the message is seeking information on how channel commitment transactions can be revoked using op_checksigfromstack(msg, sig, key) and signed sequence commitments. The commitment c(n, randomness) is signed by both parties for each state, and this signature can be verified with op_csfs(c, sig(A+B), key(A+B)). The sequence number n is incremented for each new state. An output script of an older, revoked commitment transaction can verify that a newer signed commitment sequence exists by examining op_checksigfromstack(c++, sig(A+B), key(A+B)) and c++ == commitment(n++, r). However, the script must also have information about its own sequence number n to ensure it is lower than n++. The writer learned about this concept from a presentation at Scaling Bitcoin at Stanford by Johnson Lao and Roasbeef.
Updated on: 2023-06-02T17:19:13.102694+00:00