Author: James Chiang 2019-01-30 22:31:47
Published on: 2019-01-30T22:31:47+00:00
The author of the message is trying to understand how channel commitment transactions can be revoked using op_checksigfromstack(msg, sig, key) and signed sequence commitments. They explain that each state has a commitment c(n, randomness) which is signed by both parties and this signature can be verified with op_csfs(c, sig(A+B), key(A+B)). The sequence n is incremented for each new state. To verify the existence of a newer signed commitment sequence from an older, revoked commitment transaction, an output script can examine op_checksigfromstack(c++, sig(A+B), key(A+B)) where c++ == commitment(n++, r). However, it must also have information about its own sequence number n, so it can verify that this is indeed lower than n++ (current). The author is seeking clarity on how sequence number n is committed to the nth commitment tx and accessible on-stack during script evaluation. They reference Johnson Lao's and Roasbeef's Talk from Scaling Bitcoin at Stanford as a resource for learning more.
Updated on: 2023-06-02T17:20:16.942695+00:00