[Lightning-dev] Broken Factory Attack

ZmnSCPxj ZmnSCPxj at protonmail.com
Wed Apr 17 03:45:53 UTC 2019

Good morning Alejandro, and list,

I am uncertain if this would completely solve it, but Discrete Log Contracts has a mechanism by which an Oracle is enforced to reveal its private key, if it publishes multiple signatures signing different messages for a particular sampling.
It seems like a way to ensure, that a public key is used only once.

Can this mechanism be somehow used, so that if Alice and Bob sign an alternate transaction spending the A,B output (thus invalidating the sub-factory transaction), they also reveal to Carol the private key?
Carol can then punish this behavior by burning the A,B output and sending it all as fees to miners.

However, it may be insufficient.
If the A,B channel is very small in capacity, Alice and Bob may be willing to sacrifice it in exchange for stealing larger amounts from Carol.


More information about the Lightning-dev mailing list