Author: Olaoluwa Osuntokun 2022-03-23 22:30:40
Published on: 2022-03-23T22:30:40+00:00
In this email conversation, Olaoluwa Osuntokun raises the question of whether the proof and verification process should strongly bind to the Lightning Network context. Currently, nodes use two bitcoin keys to construct a P2WSH multi-sig script and verify that the script matches what has been confirmed on chain. With Taproot, the output is just a single key, so there is a concern about maintaining the same level of binding. In response, David A. Harding points out a significant difference between P2WSH and P2TR: with P2WSH, if someone wants to fake the creation of a channel by making their change outputs OP_CMS(2-of-2) with themselves, they pay for that deception by incurring extra fee costs at spend time due to the need to provide more witness data over plain single-sig. With P2TR/MuSig2, they can make their change outputs MuSig2(2-of-2) with themselves without incurring any additional onchain spend costs. Laolu agrees that 100% maintenance of the same level of binding for pure Taproot channels may not be possible, but suggests that validators verifying the final key derivation can still effectively restrict the type of outputs used to advertise channels.
Updated on: 2023-05-23T17:20:07.911789+00:00