Author: David A. Harding 2022-03-23 21:02:12
Published on: 2022-03-23T21:02:12+00:00
In an email conversation between Olaoluwa Osuntokun and Dave, the topic of whether proof+verification should be strongly bound to the Lightning Network (LN) context was discussed. Currently, nodes use two bitcoin keys to construct a P2WSH multi-sig script to verify that the script matches what has been confirmed on chain. However, with taproot, the output is just a single key which raises questions about how to maintain the same level of binding. Olaoluwa suggested that nodes reconstruct the aggregated bitcoin public key to maintain this binding. Dave argued that there is a significant difference between P2WSH and P2TR in terms of maintaining binding-to-LN-usage. With P2WSH, if someone were to fake the creation of a channel by making their change outputs OP_CMS(2-of-2) with themselves, they would incur extra fee costs at spend time due to the need for more witness data over plain single-sig. However, with P2TR/MuSig2, one can make their change outputs MuSig2(2-of-2) with themselves without any additional on-chain spend costs. Therefore, Dave believes that the same level of binding cannot be maintained when P2TR keypath spends are allowed.
Updated on: 2023-06-03T07:55:31.536673+00:00