Published on: 2019-07-17T04:35:13+00:00
In a recent Lightning-dev post, the Decker-Russell-Osuntokun protocol in the Lightning Network is discussed. The protocol aims to address the issue of "toxic waste" in older versions of channel databases that can be exploited by attackers to access funds. It argues that punishments reintroduce asymmetry and undermine the benefits of Eltoo. While accessing channel databases may be easier than obtaining node private keys, attackers still need access to the keys to add their own signature. However, if an attacker gains control of a user's database, they can still cause harm. The post concludes that Decker-Russell-Osuntokun removes punitive considerations but at the cost of on-chain fees.Another discussion revolves around achieving Eltoo + penalties in the Lightning Network. The goal is to reintroduce punishment without breaking transaction symmetry. Witness asymmetry is proposed as a method to force the broadcaster to reveal a secret and commit that the transaction is the latest one. The Eltoo-Penalty Transaction Tree consists of various scripts and transactions, including Funding-Output, Update Tx, Litigation Tx, Hostile Settlement Tx, Friendly Settlement Tx, Challenge Tx, and Justice Tx. Assigning the faulty broadcast to the correct party for punishment while avoiding replay attacks proves to be a challenge, and clarity is sought on this matter.The experiment involves different scenarios, such as state updates, cooperative cases, unilateral cases, and malicious cases. In the state update scenario, new friendly settlement and update transactions are generated, and old transactions are revoked using a Justice transaction with a higher state. In the cooperative case, all parties cooperate to accurately close the transaction after multiple updates. In the unilateral case, a party broadcasts the latest update transaction and redeems their balance after finalizing the friendly settlement transaction. In the malicious case, a party broadcasts the lowest update transaction, and another party uses a Litigation transaction to spend it. The transaction outputs returning to a channel party are encumbered by a challenge, requiring a signature against the same pubkey and SIGHASH flags as the tapscript for funding output to unlock funds.The post also addresses the use of Eltoo and its criticism in reducing the cost for a malicious party to test chain monitoring. Transaction symmetry is introduced as a solution, preventing the deduction of which party broadcasted a previous state from observing the txid. Per-update credentials, committed to a state number, are proposed to solve the assignment problem. The post mentions making Bitcoin Script aware of a secret committed to a lower state number using SIGHASH magic.A diagram of the Eltoo-Penalty Transaction Tree is provided, along with explanations of different transaction types such as Friendly Settlement Tx, Challenge Tx, Justice Tx, Litigation Tx, and Hostile Settlement Tx. These transactions are utilized to resolve disputes between parties in cases of cheating or other issues. The technical details of how Eltoo works and concerns about its security are also discussed.On a mailing list, an idea for implementing Eltoo + penalties is proposed as a thought experiment. Feedback and critique are sought, acknowledging that there may be flaws in the scheme. Script experts are invited to provide their thoughts and suggestions on the proposed implementation. No further information is given about the context or purpose of the proposal.
Updated on: 2023-07-31T21:48:48.795854+00:00