Author: ZmnSCPxj 2019-07-14 04:48:22
Published on: 2019-07-14T04:48:22+00:00
The context describes an experiment on achieving Eltoo + penalties in the Lightning Network. The Decker-Russell-Osuntokun protocol is mentioned as a way of preventing the loss of all funds in a channel, but there is still a risk of being framed for theft. A proposal suggests reintroducing some form of punishment without breaking transaction symmetry. Witness asymmetry can be used to force the broadcaster to reveal a secret and commit that the transaction is the latest one.The Eltoo-Penalty Transaction Tree is divided into several scripts: Funding-Output, Update Tx, Litigation Tx, Hostile Settlement Tx, Friendly Settlement Tx, Challenge Tx, and Justice Tx. The challenge is to assign the faulty broadcast to the right party to punish it accordingly while avoiding replay attacks. However, the descriptions of the transactions and scripts involved are confusing, and the author requests clarification on achieving the target.The experiment involves various scenarios such as state update, cooperative case, unilateral case, and malicious case. In the state update scenario, Alice, Bob, and Caroll generate a new friendly settlement transaction N, update transaction and revoke the old one by creating a Justice transaction with a higher state. In the cooperative case, after X updates, all parties cooperate to close the transaction accurately. In the unilateral case, Alice broadcasts the latest update transaction N, signs it with her private key using SIGHASH_NONE, SIGHASH_ANYPREVOUTANYSCRIPT, and SIGHASH_SINGLE, and redeems her balance after finalizing the friendly settlement transaction. In the malicious case, Bob broadcasts the lowest update transaction, and Alice uses a Litigation transaction to spend it. The transaction outputs that return to a channel party are encumbered by a challenge, which requires a signature against the same pubkey and SIGHASH flags as the tapscript for funding output to unlock funds.A challenge transaction is used with a taproot output, where one leaf returns funds to Alice after some timelock, and the other allows anyone with a MuSig and two valid signatures committing to different nLocktime to send challenged funds to a Justice transaction, doing an equal split between other channel parties. To prevent third-party malleability, every signature must have sighash SIGHASH_MASKLOCKTIMEWITH enforced on the Justice transaction.The alignment of the graph needs improvement to be understandable.
Updated on: 2023-06-02T19:23:33.475887+00:00