Author: Rusty Russell 2016-03-09 00:43:36
Published on: 2016-03-09T00:43:36+00:00
In a recent post on Lightning-dev, Mats Jerratsch raises a question about the security implications of disclosing R values when a payment isn't in the current commitment. The concern is that Alice might not want to disclose R if Bob has taken too much fee or if the payment is too small. However, the idea of 'proof-of-payment'/'pay-to-contract' relies on only revealing R for an accepted payment. The post also highlights a nomenclature clash, where R is used to mean the chained atomic swap preimage, which allows you to claim the funds, and also as the term method to invalidate old transactions, a private matter between pairs of nodes. Rusty from the Lightning development team clarifies that they can't use a simple chain for R and don't need to since they don't care about the value once it's spent.
Updated on: 2023-05-23T22:56:05.350619+00:00