Author: Antoine Riard 2019-07-16 18:52:41
Published on: 2019-07-16T18:52:41+00:00
The email thread discusses the requirements for identifying a unilateral close on-chain. The sender identifies two requirements, which are to identify who initiated the unilateral close and verify that it was to an older state. Another requirement is added in the email thread, which is to ensure that identity commitment cannot be replayed or counterfeited by another participant.In previous versions of the proposal, unique preimage was thought to be used, but it seems unsafe due to reorgs and mempool snooping. The best scheme proposed was not using preimage but signatures. The sender also discusses using a common key and fingerprint preimage to force output to be revoked to miners as fees.Further, the email thread presents the transactions involved in the construction. The funding transaction has unspecified inputs and outputs, and the update transaction initiates a unilateral close attempt. The Friendly Settlement Transaction completes a unilateral close attempt and publishes all contracts transported in the channel without revocability branches. On the other hand, a Litigation Transaction can only be broadcast and confirmed if the unilateral close Update Transaction has an `n` less than the latest agreed `n`. It is taken as proof that the unilateral close attempt is definitely a theft attempt. The Litigation Transaction can be spent by another Litigation Transaction with higher `n`, forcing the current state on-chain to punish the thief using the latest state instead of punishing from the old state.The email thread contains a proposal for the "Hostile Settlement" path that allows revocation of outputs owned by the participant that initiated the unilateral close. The Hostile Settlement Transaction includes nLockTime and inputs and outputs that depend on the type of contract, which can be single or dual-ownership contracts. Single-ownership contracts have Taproot Internal Key, scripts, and revocable outputs that allow Alice to recover funds if it is not the thief. Dual-ownership contracts have similar features but also include Timelock, Hashlock, and Revocation branches.Any two-participant contract can be made revocable by using a NUMS point for taproot internal key and giving every branch explicitly as a branch in the Taproot MAST. Sub-channels will need to use SIGHASH_ANYPREVOUTANYSCRIPT so that signatures that can spend from an output of the Friendly Settlement can also spend from an output of the Hostile Settlement.Additionally, the email proposes some changes to the original proposal, such as using a hash/preimage challenge to identify who attempted to steal, encumbering single and dual-ownership outputs by a revocability clause that revokes in favor of miners, and not supporting outputs with more than two owners. The Litigation Transaction path ensures we can go to the latest state, and the Hostile Settlement transaction represents the latest state, plus allowing revocability of outputs in that state.
Updated on: 2023-06-02T19:19:33.385526+00:00