Author: Johnson Lau 2019-03-21 08:37:54
Published on: 2019-03-21T08:37:54+00:00
In a bitcoin-dev email thread, ZmnSCPxj sought clarification on a script for eltoo. The script requires every input to have a valid signature that commits to it. Two options were presented: CHECKSIGVERIFY CHECKSIG or CHECKSIGVERIFY CHECKSIG, where A is Alice's key and B is Bob's key, P is muSig(A,B), and Q is a key they both know the private key for. With the first option, Alice would give Bob a NOINPUT sig for the transaction, and when Bob wanted to publish, he would just do a SIGHASH_ALL sig with his own key. With the second option, Alice and Bob would co-sign the muSig(A,B) with NOINPUT and share the private key of Q so that they could produce a non-NOINPUT signature when needed. The first style is slightly easier but less efficient with three or more parties. However, if using watchtower, the second style is necessary, meaning the watchtower has the ability to reply the NOINPU muSig, but it is still better than anyone-can-replay.
Updated on: 2023-05-23T02:00:08.084260+00:00