Published on: 2022-03-16T10:03:29+00:00
In a recent discussion on the Lightning-dev mailing list, the use of Miniscript was suggested as a solution to prevent unintended paths in Lightning transactions. Miniscript is a subset of script that can improve security and avoid surprises. The conversation also focused on the issue of offered HTLC outputs and the three claim paths associated with them.The offering party in an HTLC transaction can claim via the HTLC-timeout case on their commitment transaction, using their signature and the remote's signature after the cltv_expiry timeout. However, they can only spend with the HTLC-timeout transaction due to SIGHASH_ALL. This means that even if they have the remote's signature and preimage after the timeout, they cannot spend using those. This limitation does not alleviate the need for the offering party to respect the CLTV delay, and the timespan of the offered HTLC cannot be shortened.In cases of competing HTLC races, once the absolute timelock is expired, the offering counterparty can compete against the receiving counterparty with a more feerate-efficient witness. However, from a receiving counterparty safety viewpoint, suffering a contest indicates that the HTLC-claim on their own local commitment transaction inbound HTLC output has been inefficient, and their fee-bumping strategy is to blame.To address these issues, Antoine Riard suggests splitting the Script branches into two tapleaves and having bip342 signature digest committing to the tapleaf_hash. This solution could potentially resolve the problem with offered HTLC outputs in Lightning transactions.Meanwhile, Eugene Siegel shares an observation about offered HTLCs having three claim paths: the revocation case, the offerer claiming through the HTLC-timeout transaction, and the receiver claiming via their signature and preimage. The offering party can claim with the remote's signature + preimage but can only spend with the HTLC-timeout transaction due to SIGHASH_ALL. Eugene believes that this issue is benign since he cannot think of any cases where the offering party would know the preimage and want to force close. However, he acknowledges that the remote party claiming it first could be a potential problem.In summary, the use of Miniscript in Lightning transactions can help prevent unintended paths. The issue of offered HTLC outputs and the limitations of spending with the HTLC-timeout transaction due to SIGHASH_ALL were discussed. Splitting the Script branches into tapleaves and using bip342 signature digest committing to the tapleaf_hash was proposed as a possible solution. Further exploration of these topics is expected, and more details can be found in the provided links.
Updated on: 2023-08-01T00:09:47.694049+00:00