Author: Anthony Towns 2019-03-13 11:10:50
Published on: 2019-03-13T11:10:50+00:00
The Lightning-dev mailing list discussed the use of NOINPUT signatures in eltoo channels. One proposal suggested requiring every script to have a valid signature that commits to the input, allowing eltoo with a script like: CHECKSIGVERIFY CHECKSIG or CHECKSIGVERIFY CHECKSIG. The post suggests that this would be output tagging, regardless of the mechanism. With taproot, however, it is possible to do a 2-of-2 spend without revealing a script at all. The proposed setup involves cycling through states from 0..N, with state 0 being the refund state established before publishing the funding transaction to the blockchain. Each state has two corresponding transactions, an update and settlement transaction. The update transaction for each state spends to an output Qk which is a taproot address, while two partial signatures are established for each update state. Settlement transactions have relative timelock delays, and if there are active HTLCs when closing the channel, claiming funds will likely be one-in, one-out, SIGHASH_ALL with a locktime. Cheating can occur due to someone having to restore from an old backup. The post concludes with a discussion regarding privacy concerns and the workarounds available to limit the amount of historical data revealed about on-chain coin used in Lightning.
Updated on: 2023-05-23T01:59:48.136139+00:00