[Lightning-dev] HTLCs using OP_CHECKSEQUENCEVERIFY/OP_LOCKTIMEVERIFY and revocation hashes.

Anthony Towns aj at erisian.com.au
Thu Jul 23 05:07:33 UTC 2015


On 6 July 2015 at 16:41, Rusty Russell <rusty at rustcorp.com.au> wrote:

>         To recap: each side maintains a commitment transaction with two
> outputs: one paying to self (with some delay), and the second paying to
> the other side.
>         To generate hash time-locked contracts (required for lightning
> to be a network), both commitment transactions get an additional output.
>

​That is, an additional output per HTLC, no?​

This output is spendable under four conditions:

1) Recipient knows the R value (funds go to recipient), OR
> 2) The HTLC has timed out (funds return to initiator), OR
> 3) The HTLC has been revoked (funds to go "non-cheating" side), OR
> 4) The Commit transaction has been revoked (funds to go "non-cheating"
> side)
>


> The last two failure modes are separate from each other, because HTLCs
> have different lifetimes from commit transactions.
>

​I'm not sure that makes sense? It seems to me there's two options:

 a) HTLC resolved off-chain
 b) HTLC resolved on-chain
​
If (a) then both parties (nominally) agree which way the funds should go,
and both the commitment and HTLC are expired simultaneously.

If (b) then either party decides to go to the blockchain, publishing tSheir
side of the commitment, so both the commitment and HTLC are executed
simultaneously.

So afaics the commit transaction might as well always revoked before or
simultaneously with the HTLC.

In that case the conditions are just:

 - Recipient knows R value
 - Sender sees HTLC has timed out
 - Commit transaction has been revoked

Scripts for whatever it's worth:

HTLC from US to THEM:
>
---------------------
>

(R | Us_Commit_Revoke) Them | TIMEOUT Us DELAY
​===>​

​OP_HASH160 OP_DUP
   rhash OP_EQUAL OP_SWAP​
   revhash OP_EQUAL
OP_ADD
OP_IF
   OP_DUP OP_HASH160   thempubkeyhash   OP_EQUALVERIFY OP_CHECKSIG
OP_ELSE
   timeout  OP_CHECKTIMELOCKVERIFY OP_DROP
   OP_DUP OP_HASH160   mypubkeyhash     OP_EQUALVERIFY OP_CHECKSIG
​OP_ENDIF​

​Spend:
 R TheirHash TheirSig
 Revoke TheirHash TheirSig​
 0 OurHash OurSig

HTLC from THEM to US:
> ---------------------
>

​R Us​ DELAY | (Us_Commit_Revoke | TIMEOUT) Them

OP_HASH160 OP_DUP
rhash OP_EQUAL
OP_IF
    OP_DROP
    delay OP_CHECKSEQUENCEVERIFY
    OP_DUP OP_HASH160  mypubkeyhash  OP_EQUALVERIFY OP_CHECKSIG
OP_ELSE
    revhash OP_EQUAL
    OP_IF OP_ELSE
      timeout OP_CHECKTIMELOCKVERIFY OP_DROP
    OP_ENDIF
    OP_DUP OP_HASH160  theirpubkeyhash OP_EQUALVERIFY OP_CHECKSIG
OP_ENDIF

Cheers,
aj

-- 
Anthony Towns <aj at erisian.com.au>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20150723/867dcc96/attachment-0001.html>


More information about the Lightning-dev mailing list