[Bitcoin-development] Consensus-enforced transaction replacement via sequence numbers
s7r at sky-ip.org
Thu May 28 16:22:46 UTC 2015
On 5/28/2015 4:35 PM, Tier Nolan wrote:
> On Thu, May 28, 2015 at 1:04 PM, Peter Todd <pete at petertodd.org
> <mailto:pete at petertodd.org>> wrote:
> For that matter, we probably don't want to treat this as a *version*
> change, but rather a *feature* flag.
> I think it is still a version change. At the moment, the 4 bytes refer
> to the sequence number and afterwards they mean something else.
> For relative locktime verify, I think most use cases could be block
> count based and don't need to be able to count very high.
> I think the main benefit is that protocols can have one party trigger a
> step while giving the other party guaranteed time to respond.
> *Fast Channel Close
> This assumes that malleability is fixed.
Indeed. This is very important for refunds.
> Alice creates
> output (x) to [multisig A1 & B1]
> input TXA (signed by Alice)
> Output [(A2 & relative_check_locktime(150)) OR (multisig A3 & B2)]
> Alice sends Refund to Bob
> Bob signs it and sends it back to Alice
> Alice verifies the signature, adds her own and sends it to Bob.
> She broadcasts TXA (would wait until Bob confirms acceptance).
> This means that both Alice and Bob have the refund transaction and can
> use it to close the channel (assuming TXA is not mutated).
In this scenario, if channel is closed, Alice is the only one who can
take the coins back after a relative locktime of 150 blocks. Bob is not
able to do this.
> Alice can send money to Bob by creating a transaction which spends the
> output of the refund transaction (splitting the output x-b for Alice and
> b for Bob), signing it and sending it to Bob.
> Alice can force Bob to close the channel by broadcasting the refund
> transaction. 150 blocks later, she gets the channel deposit if he
> doesn't act.
How is Bob protected in this scenario? If Alice sings a transaction
which spends the output of the refund transaction and gives it to Bob,
Bob can just add its signature and claim his slice of the output,
without necessarily shipping the goods or delivering the services to Alice.
> If she had sent some money to Bob, he has 150 blocks to sign the
> transaction that pays him the most money and broadcast it. Alice gets
> the remainder of the deposit.
Can you be more explicit here? It doesn't make sense for me.
> Alice cannot broadcast earlier version, since Bob doesn't send her the
> signed versions.
> This means that the channel doesn't need a defined end date. Either
> party can close the channel whenever they want.
With some risks.
> TXA could be protected against malleability by adding a locktime path.
> This would only be for use if the transaction is mutated.
How do you apply a locktime path to a tx in the current network consensus?
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
More information about the bitcoin-dev