Author: ZmnSCPxj 2020-01-10 15:24:56
Published on: 2020-01-10T15:24:56+00:00
The use of "purely scriptless" transactions, using pre-signed `nLockTime` and `nSequence`, would require significantly more signatures, which should be done using MuSig to hide in the larger 1-of-1 anonymity set. However, the commitment transaction itself can't be signed in parallel with the PTLCs and `to_self`. The timelock and revocable output branches can be hidden by other `nLockTime` and `nSequence` transactions, which will be indistinguishable from anti-fee-sniping behavior. But the commitment transaction and pointlock branch cannot hide among anti-fee-sniping behavior. It may be better for commitment transactions and scriptless script pointlocks to not have fee-sniping-protection-emulation. This also means we don't want all wallets to use fee-sniping-protection. It is noted that at least two MuSig rounds are needed, which increases latency of each update, especially on networks like Tor where turnaround times get more delay.
Updated on: 2023-06-02T22:14:46.427795+00:00