mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-02-20 13:54:36 +01:00
Code Issues Projects Releases Wiki Activity

doc/deployable-lightning: corrections and fixes.

Browse source 
1) Note incorrect label in txs in Fig1 of LN paper.
2) "an atomic-swap an on-chain.." -> "an atomic-swap *to* an on-chain"
3) "By using a dual anchor and escape transactions" -> "By using a rebalanced single anchor"
4) References to appendices fixed.
5) Move escape transaction scripts out to escape appendix.
6) Fix URL in bibliography (missing comma).

Reported-by: John Newbery
Closes: #11
Closes: #12
Reported-by:
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2015-10-19 10:34:58 +10:30
parent 57f0c3b38c
commit 2ab9e3bd7f
3 changed files with 295 additions and 286 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
doc/bitcoin.bib
View file

@ -19,15 +19,9 @@
year={2008}
}
@misc{BitcoinChannels,
title = {{Instant TX for established business relationships (need replacements/nLockTime)}}
July 04, 2011, 02:16:23 AM
title = {{Instant TX for established business relationships (need replacements/nLockTime)}},
urldate = {2011-07-04},
note = {\url{https://bitcointalk.org/index.php?topic=25786.0;all}}
}
@misc{PaymentChannels,
title = {{Rapidly-adjusted (micro)payments to a pre-determined party}},
urldate = {2015-07-13},
note = {\url{https://en.bitcoin.it/wiki/Contract#Example_7:_Rapidly-adjusted_.28micro.29payments_to_a_pre-determined_party}}
note = {\url{https://bitcointalk.org/index.php?topic=25786.0}}
}
@article{DBLP:journals/corr/DeckerW14,
author = {Christian Decker and
@ -65,8 +59,7 @@ July 04, 2011, 02:16:23 AM
title = {Alt chains and atomic transfers},
note = {\url{https://bitcointalk.org/index.php?topic=193281.msg2224949#msg2224949}},
author = {Nolan, Tier},
urldate = {2015-07-14},
file = {Alt chains and atomic transfers:/home/rusty/.mozilla/firefox/vfn6if9k.default/zotero/storage/PEHK469N/index.html:text/html}
urldate = {2015-07-14}
}
@misc{go1111111_single_anchor,
title = {Idea to improve Lightning Network},

568
doc/deployable-lightning.lyx
View file

@ -415,6 +415,17 @@ reference "fig:Figure-1-from"
\end_inset
\begin_inset Foot
status collapsed
\begin_layout Plain Layout
Note: this diagram has been corrected since: Commitment Close Tx 1A (CC1b)
-- should be CC1a, and vice-versa
\end_layout
\end_inset
.
\end_layout
@ -669,8 +680,8 @@ There's a slightly more intuitive and more efficient method than exchanging
\end_layout
\begin_layout Standard
Instead of using a private key, B uses knowledge of a hash preimage as
well as its signature to steal funds from a revoked commitment transaction.
Instead of using a private key, B uses knowledge of a hash preimage as well
as its signature to steal funds from a revoked commitment transaction.
Thus, to create a commitment transaction each side provides a hash value;
to revoke a commitment transaction it provides the prehash image.
\end_layout
@ -779,7 +790,7 @@ The last of these is particularly pernicious, as BIP62 doesn't solve it:
\begin_layout Standard
Our approach is to only have one-sided anchors.
These can be later balanced by the lightning network itself, or an atomic-swap
an on-chain bitcoin transaction
to an on-chain bitcoin transaction
\begin_inset CommandInset citation
LatexCommand cite
key "go1111111_single_anchor"
@ -884,7 +895,7 @@ name "fig:HTLC-Using-Revocation"
\begin_layout Standard
The scripts for this can be found in
\begin_inset CommandInset ref
LatexCommand ref
LatexCommand nameref
reference "sec:Appendix-A:-Scripts"
\end_inset
@ -909,9 +920,9 @@ The use of script conditionals to enforce timeouts instead of using separate
\end_layout
\begin_layout Standard
By using a dual anchor and escape transactions, channel establishment can
also avoid new CHECKSIG flags, though it loses the important ability to
outsource the enforcement of channel contract terms.
By using a rebalanced single anchor, channel establishment can also avoid
new CHECKSIG flags, though it loses the important ability to outsource
the enforcement of channel contract terms.
\end_layout
\begin_layout Section*
@ -923,14 +934,14 @@ Thanks to mmeijeri on Reddit's r/Bitcoin for pointing out a flaw in escape
transactions reusing the same A and B keys as the commitment transaction
in
\begin_inset CommandInset ref
LatexCommand ref
LatexCommand nameref
reference "sec:Appendix-B:-Dual"
\end_inset
\begin_inset Foot
status collapsed
status open
\begin_layout Plain Layout
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightnin
@ -940,6 +951,7 @@ g_lightning/ct80xpp
\end_inset
.
Thanks to John Newbery for multiple formatting and typing corrections.
\end_layout
\begin_layout Standard
@ -954,7 +966,7 @@ Thanks to Joseph Poon for designing the escape/fast-escape dual-anchor method,
\begin_inset CommandInset bibtex
LatexCommand bibtex
bibfiles "bitcoin"
options "plain"
options "bibtotoc,plain"
\end_inset
@ -1062,272 +1074,6 @@ OP_SWAP Put 2 before B's key on the stack.
OP_CHECKMULTISIG Make sure A and B have signed.
\end_layout
\begin_layout Subsection*
Escape Transaction
\end_layout
\begin_layout Standard
The escape transaction for A spends A's anchor output and reveals A's secret.
Similarly for B.
\end_layout
\begin_layout Subsubsection*
Escape Input Script
\end_layout
\begin_layout Standard
The extra 0 at the start is due to the OP_CHECKMULTISIG out-by-one-bug.
\end_layout
\begin_layout Description
0
\begin_inset space ~
\end_inset
<SIG-B'>
\begin_inset space ~
\end_inset
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-A>
\begin_inset space ~
\end_inset
{<ANCHOR-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsubsection*
Escape Output Redeemscript
\end_layout
\begin_layout Standard
This allows two paths: one for the other side to use the revocation image,
and one for this side to get their funds back after a delay.
This show's A's script, but B's is the same with A and B exchanged.
\end_layout
\begin_layout Description
OP_HASH160
\begin_inset space ~
\end_inset
<RHASH-A>
\begin_inset space ~
\end_inset
OP_EQUAL Check if the top of stack is the revocation image.
\end_layout
\begin_layout Description
OP_IF
\end_layout
\begin_deeper
\begin_layout Description
<KEY-B> Funds for B.
\end_layout
\end_deeper
\begin_layout Description
OP_ELSE It's A getting their funds back
\end_layout
\begin_deeper
\begin_layout Description
<DELAYTIME>
\begin_inset space ~
\end_inset
OP_CHECKSEQUENCEVERIFY
\begin_inset space ~
\end_inset
OP_DROP Ensure delay.
\end_layout
\begin_layout Description
<KEY-A> Needs to be signed by A.
\end_layout
\end_deeper
\begin_layout Description
OP_ENDIF
\end_layout
\begin_layout Description
OP_CHECKSIG Make sure it's signed correctly.
\end_layout
\begin_layout Subsubsection*
Spending The Escape Output
\end_layout
\begin_layout Standard
Either B using a revocation preimage:
\end_layout
\begin_layout Description
<SIG-B>
\begin_inset space ~
\end_inset
<REVOCATION-IMAGE-A>
\begin_inset space ~
\end_inset
{<ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Standard
Or A using after a timeout:
\end_layout
\begin_layout Description
<SIG-A>
\begin_inset space ~
\end_inset
0
\begin_inset space ~
\end_inset
{<ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsection*
Fast-Escape Transaction
\end_layout
\begin_layout Subsubsection*
Fast-Escape Input Script
\end_layout
\begin_layout Standard
This is identical to the normal escape input script.
\end_layout
\begin_layout Description
0
\begin_inset space ~
\end_inset
<SIG-B'>
\begin_inset space ~
\end_inset
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-A>
\begin_inset space ~
\end_inset
{<ANCHOR-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsubsection*
Fast-Escape Output Redeemscript
\end_layout
\begin_layout Standard
This allows two paths: one for this side to use the other side's secret
(revealed by them using an escape transaction), and one for the other side
to claim this side's anchor funds after a delay.
This show's A's script, but B's is the same with A and B exchanged.
\end_layout
\begin_layout Description
OP_HASH
\begin_inset space ~
\end_inset
<SECRET-B-HASH>
\begin_inset space ~
\end_inset
OP_EQUAL If top argument is B's secret
\end_layout
\begin_layout Description
OP_IF
\end_layout
\begin_deeper
\begin_layout Description
<KEY-A> For A
\end_layout
\end_deeper
\begin_layout Description
OP_ELSE B gets it if A doesn't know the secret.
\end_layout
\begin_deeper
\begin_layout Description
<DELAYTIME>
\begin_inset space ~
\end_inset
OP_CHECKSEQUENCEVERIFY
\begin_inset space ~
\end_inset
OP_DROP Ensure delay.
\end_layout
\begin_layout Description
<KEY-B> Needs to be signed by B.
\end_layout
\end_deeper
\begin_layout Description
OP_ENDIF
\end_layout
\begin_layout Description
OP_CHECKSIG Make sure it's signed correctly.
\end_layout
\begin_layout Subsubsection*
Spending The Fast-Escape Output
\end_layout
\begin_layout Standard
Either A using a B's secret revealed by B using its own escape transaction:
\end_layout
\begin_layout Description
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-B>
\begin_inset space ~
\end_inset
{<FAST-ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Standard
Or B using after a timeout:
\end_layout
\begin_layout Description
<SIG-B>
\begin_inset space ~
\end_inset
0
\begin_inset space ~
\end_inset
{<FAST-ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsection*
Commitment Transactions For Generalized Channels
\begin_inset CommandInset label
@ -2133,5 +1879,275 @@ e: you cannot have an untrusted third party which can monitor the network
B.
\end_layout
\begin_layout Subsection
Script Definitions for Escape Transactions
\end_layout
\begin_layout Subsection*
Escape Transaction
\end_layout
\begin_layout Standard
The escape transaction for A spends A's anchor output and reveals A's secret.
Similarly for B.
\end_layout
\begin_layout Subsubsection*
Escape Input Script
\end_layout
\begin_layout Standard
The extra 0 at the start is due to the OP_CHECKMULTISIG out-by-one-bug.
\end_layout
\begin_layout Description
0
\begin_inset space ~
\end_inset
<SIG-B'>
\begin_inset space ~
\end_inset
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-A>
\begin_inset space ~
\end_inset
{<ANCHOR-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsubsection*
Escape Output Redeemscript
\end_layout
\begin_layout Standard
This allows two paths: one for the other side to use the revocation image,
and one for this side to get their funds back after a delay.
This show's A's script, but B's is the same with A and B exchanged.
\end_layout
\begin_layout Description
OP_HASH160
\begin_inset space ~
\end_inset
<RHASH-A>
\begin_inset space ~
\end_inset
OP_EQUAL Check if the top of stack is the revocation image.
\end_layout
\begin_layout Description
OP_IF
\end_layout
\begin_deeper
\begin_layout Description
<KEY-B> Funds for B.
\end_layout
\end_deeper
\begin_layout Description
OP_ELSE It's A getting their funds back
\end_layout
\begin_deeper
\begin_layout Description
<DELAYTIME>
\begin_inset space ~
\end_inset
OP_CHECKSEQUENCEVERIFY
\begin_inset space ~
\end_inset
OP_DROP Ensure delay.
\end_layout
\begin_layout Description
<KEY-A> Needs to be signed by A.
\end_layout
\end_deeper
\begin_layout Description
OP_ENDIF
\end_layout
\begin_layout Description
OP_CHECKSIG Make sure it's signed correctly.
\end_layout
\begin_layout Subsubsection*
Spending The Escape Output
\end_layout
\begin_layout Standard
Either B using a revocation preimage:
\end_layout
\begin_layout Description
<SIG-B>
\begin_inset space ~
\end_inset
<REVOCATION-IMAGE-A>
\begin_inset space ~
\end_inset
{<ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Standard
Or A using after a timeout:
\end_layout
\begin_layout Description
<SIG-A>
\begin_inset space ~
\end_inset
0
\begin_inset space ~
\end_inset
{<ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsection*
Fast-Escape Transaction
\end_layout
\begin_layout Subsubsection*
Fast-Escape Input Script
\end_layout
\begin_layout Standard
This is identical to the normal escape input script.
\end_layout
\begin_layout Description
0
\begin_inset space ~
\end_inset
<SIG-B'>
\begin_inset space ~
\end_inset
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-A>
\begin_inset space ~
\end_inset
{<ANCHOR-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsubsection*
Fast-Escape Output Redeemscript
\end_layout
\begin_layout Standard
This allows two paths: one for this side to use the other side's secret
(revealed by them using an escape transaction), and one for the other side
to claim this side's anchor funds after a delay.
This show's A's script, but B's is the same with A and B exchanged.
\end_layout
\begin_layout Description
OP_HASH
\begin_inset space ~
\end_inset
<SECRET-B-HASH>
\begin_inset space ~
\end_inset
OP_EQUAL If top argument is B's secret
\end_layout
\begin_layout Description
OP_IF
\end_layout
\begin_deeper
\begin_layout Description
<KEY-A> For A
\end_layout
\end_deeper
\begin_layout Description
OP_ELSE B gets it if A doesn't know the secret.
\end_layout
\begin_deeper
\begin_layout Description
<DELAYTIME>
\begin_inset space ~
\end_inset
OP_CHECKSEQUENCEVERIFY
\begin_inset space ~
\end_inset
OP_DROP Ensure delay.
\end_layout
\begin_layout Description
<KEY-B> Needs to be signed by B.
\end_layout
\end_deeper
\begin_layout Description
OP_ENDIF
\end_layout
\begin_layout Description
OP_CHECKSIG Make sure it's signed correctly.
\end_layout
\begin_layout Subsubsection*
Spending The Fast-Escape Output
\end_layout
\begin_layout Standard
Either A using a B's secret revealed by B using its own escape transaction:
\end_layout
\begin_layout Description
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-B>
\begin_inset space ~
\end_inset
{<FAST-ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Standard
Or B using after a timeout:
\end_layout
\begin_layout Description
<SIG-B>
\begin_inset space ~
\end_inset
0
\begin_inset space ~
\end_inset
{<FAST-ESCAPE-REDEEMSCRIPT>}
\end_layout
\end_body
\end_document

BIN
doc/deployable-lightning.pdf
View file

Binary file not shown.