Author: Lloyd Fournier 2020-10-10 23:47:11
Published on: 2020-10-10T23:47:11+00:00
Lloyd Fournier posted on the Lightning-dev mailing list, stating that he thinks two-round MuSig can be used safely in the context of lightning. He suggests that using a two-round MuSig protocol would reduce the extra round of communication required before forwarding a payment that comes with a three-round MuSig protocol. Fournier explains that the original MuSig paper suggested a signing algorithm that was insecure under parallel composition. However, he believes that two-round MuSig is secure under sequential composition, which is essentially what happens in a lightning channel. Fournier then goes on to explain how PTLCs (point-time locked contracts) could work using this two-round MuSig protocol. He claims that there is a protocol using two-round MuSig for fully scriptless lightning that incurs no extra rounds of communication to get to the irrevocably committed state. He notes that it does incur extra storage for each PTLC in the present commitment transaction and includes an extra round to "fully" update the state between two parties but does not delay payment forwarding. Fournier ends his post by saying that he doesn't claim that this is the optimal path forward but just wanted to make this observation to see what others thought.
Updated on: 2023-06-03T02:25:42.104620+00:00