mirrors/core-lightning
1
0
Fork 0
mirror of https://github.com/ElementsProject/lightning.git synced 2025-02-22 06:41:44 +01:00
Code Issues Projects Releases Wiki Activity

doc/deployable-lightning: corrections and fixes.

Browse source 
1) Note incorrect label in txs in Fig1 of LN paper.
2) "an atomic-swap an on-chain.." -> "an atomic-swap *to* an on-chain"
3) "By using a dual anchor and escape transactions" -> "By using a rebalanced single anchor"
4) References to appendices fixed.
5) Move escape transaction scripts out to escape appendix.
6) Fix URL in bibliography (missing comma).

Reported-by: John Newbery
Closes: #11
Closes: #12
Reported-by:
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell 2015-10-19 10:34:58 +10:30
parent 57f0c3b38c
commit 2ab9e3bd7f
3 changed files with 295 additions and 286 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
doc/bitcoin.bib
View file

@ -19,15 +19,9 @@
year={2008} year={2008}
} }
@misc{BitcoinChannels, @misc{BitcoinChannels,
title = {{Instant TX for established business relationships (need replacements/nLockTime)}} title = {{Instant TX for established business relationships (need replacements/nLockTime)}},
July 04, 2011, 02:16:23 AM
urldate = {2011-07-04}, urldate = {2011-07-04},
note = {\url{https://bitcointalk.org/index.php?topic=25786.0;all}} note = {\url{https://bitcointalk.org/index.php?topic=25786.0}}
}
@misc{PaymentChannels,
title = {{Rapidly-adjusted (micro)payments to a pre-determined party}},
urldate = {2015-07-13},
note = {\url{https://en.bitcoin.it/wiki/Contract#Example_7:_Rapidly-adjusted_.28micro.29payments_to_a_pre-determined_party}}
} }
@article{DBLP:journals/corr/DeckerW14, @article{DBLP:journals/corr/DeckerW14,
author = {Christian Decker and author = {Christian Decker and
@ -65,8 +59,7 @@ July 04, 2011, 02:16:23 AM
title = {Alt chains and atomic transfers}, title = {Alt chains and atomic transfers},
note = {\url{https://bitcointalk.org/index.php?topic=193281.msg2224949#msg2224949}}, note = {\url{https://bitcointalk.org/index.php?topic=193281.msg2224949#msg2224949}},
author = {Nolan, Tier}, author = {Nolan, Tier},
urldate = {2015-07-14}, urldate = {2015-07-14}
file = {Alt chains and atomic transfers:/home/rusty/.mozilla/firefox/vfn6if9k.default/zotero/storage/PEHK469N/index.html:text/html}
} }
@misc{go1111111_single_anchor, @misc{go1111111_single_anchor,
title = {Idea to improve Lightning Network}, title = {Idea to improve Lightning Network},

568
doc/deployable-lightning.lyx
View file

@ -415,6 +415,17 @@ reference "fig:Figure-1-from"
\end_inset \end_inset
\begin_inset Foot
status collapsed
\begin_layout Plain Layout
Note: this diagram has been corrected since: Commitment Close Tx 1A (CC1b)
-- should be CC1a, and vice-versa
\end_layout
\end_inset
. .
\end_layout \end_layout
@ -669,8 +680,8 @@ There's a slightly more intuitive and more efficient method than exchanging
\end_layout \end_layout
\begin_layout Standard \begin_layout Standard
Instead of using a private key, B uses knowledge of a hash preimage as Instead of using a private key, B uses knowledge of a hash preimage as well
well as its signature to steal funds from a revoked commitment transaction. as its signature to steal funds from a revoked commitment transaction.
Thus, to create a commitment transaction each side provides a hash value; Thus, to create a commitment transaction each side provides a hash value;
to revoke a commitment transaction it provides the prehash image. to revoke a commitment transaction it provides the prehash image.
\end_layout \end_layout
@ -779,7 +790,7 @@ The last of these is particularly pernicious, as BIP62 doesn't solve it:
\begin_layout Standard \begin_layout Standard
Our approach is to only have one-sided anchors. Our approach is to only have one-sided anchors.
These can be later balanced by the lightning network itself, or an atomic-swap These can be later balanced by the lightning network itself, or an atomic-swap
an on-chain bitcoin transaction to an on-chain bitcoin transaction
\begin_inset CommandInset citation \begin_inset CommandInset citation
LatexCommand cite LatexCommand cite
key "go1111111_single_anchor" key "go1111111_single_anchor"
@ -884,7 +895,7 @@ name "fig:HTLC-Using-Revocation"
\begin_layout Standard \begin_layout Standard
The scripts for this can be found in The scripts for this can be found in
\begin_inset CommandInset ref \begin_inset CommandInset ref
LatexCommand ref LatexCommand nameref
reference "sec:Appendix-A:-Scripts" reference "sec:Appendix-A:-Scripts"
\end_inset \end_inset
@ -909,9 +920,9 @@ The use of script conditionals to enforce timeouts instead of using separate
\end_layout \end_layout
\begin_layout Standard \begin_layout Standard
By using a dual anchor and escape transactions, channel establishment can By using a rebalanced single anchor, channel establishment can also avoid
also avoid new CHECKSIG flags, though it loses the important ability to new CHECKSIG flags, though it loses the important ability to outsource
outsource the enforcement of channel contract terms. the enforcement of channel contract terms.
\end_layout \end_layout
\begin_layout Section* \begin_layout Section*
@ -923,14 +934,14 @@ Thanks to mmeijeri on Reddit's r/Bitcoin for pointing out a flaw in escape
transactions reusing the same A and B keys as the commitment transaction transactions reusing the same A and B keys as the commitment transaction
in in
\begin_inset CommandInset ref \begin_inset CommandInset ref
LatexCommand ref LatexCommand nameref
reference "sec:Appendix-B:-Dual" reference "sec:Appendix-B:-Dual"
\end_inset \end_inset
\begin_inset Foot \begin_inset Foot
status collapsed status open
\begin_layout Plain Layout \begin_layout Plain Layout
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightnin https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightnin
@ -940,6 +951,7 @@ g_lightning/ct80xpp
\end_inset \end_inset
. .
Thanks to John Newbery for multiple formatting and typing corrections.
\end_layout \end_layout
\begin_layout Standard \begin_layout Standard
@ -954,7 +966,7 @@ Thanks to Joseph Poon for designing the escape/fast-escape dual-anchor method,
\begin_inset CommandInset bibtex \begin_inset CommandInset bibtex
LatexCommand bibtex LatexCommand bibtex
bibfiles "bitcoin" bibfiles "bitcoin"
options "plain" options "bibtotoc,plain"
\end_inset \end_inset
@ -1062,272 +1074,6 @@ OP_SWAP Put 2 before B's key on the stack.
OP_CHECKMULTISIG Make sure A and B have signed. OP_CHECKMULTISIG Make sure A and B have signed.
\end_layout \end_layout
\begin_layout Subsection*
Escape Transaction
\end_layout
\begin_layout Standard
The escape transaction for A spends A's anchor output and reveals A's secret.
Similarly for B.
\end_layout
\begin_layout Subsubsection*
Escape Input Script
\end_layout
\begin_layout Standard
The extra 0 at the start is due to the OP_CHECKMULTISIG out-by-one-bug.
\end_layout
\begin_layout Description
0
\begin_inset space ~
\end_inset
<SIG-B'>
\begin_inset space ~
\end_inset
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-A>
\begin_inset space ~
\end_inset
{<ANCHOR-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsubsection*
Escape Output Redeemscript
\end_layout
\begin_layout Standard
This allows two paths: one for the other side to use the revocation image,
and one for this side to get their funds back after a delay.
This show's A's script, but B's is the same with A and B exchanged.
\end_layout
\begin_layout Description
OP_HASH160
\begin_inset space ~
\end_inset
<RHASH-A>
\begin_inset space ~
\end_inset
OP_EQUAL Check if the top of stack is the revocation image.
\end_layout
\begin_layout Description
OP_IF
\end_layout
\begin_deeper
\begin_layout Description
<KEY-B> Funds for B.
\end_layout
\end_deeper
\begin_layout Description
OP_ELSE It's A getting their funds back
\end_layout
\begin_deeper
\begin_layout Description
<DELAYTIME>
\begin_inset space ~
\end_inset
OP_CHECKSEQUENCEVERIFY
\begin_inset space ~
\end_inset
OP_DROP Ensure delay.
\end_layout
\begin_layout Description
<KEY-A> Needs to be signed by A.
\end_layout
\end_deeper
\begin_layout Description
OP_ENDIF
\end_layout
\begin_layout Description
OP_CHECKSIG Make sure it's signed correctly.
\end_layout
\begin_layout Subsubsection*
Spending The Escape Output
\end_layout
\begin_layout Standard
Either B using a revocation preimage:
\end_layout
\begin_layout Description
<SIG-B>
\begin_inset space ~
\end_inset
<REVOCATION-IMAGE-A>
\begin_inset space ~
\end_inset
{<ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Standard
Or A using after a timeout:
\end_layout
\begin_layout Description
<SIG-A>
\begin_inset space ~
\end_inset
0
\begin_inset space ~
\end_inset
{<ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsection*
Fast-Escape Transaction
\end_layout
\begin_layout Subsubsection*
Fast-Escape Input Script
\end_layout
\begin_layout Standard
This is identical to the normal escape input script.
\end_layout
\begin_layout Description
0
\begin_inset space ~
\end_inset
<SIG-B'>
\begin_inset space ~
\end_inset
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-A>
\begin_inset space ~
\end_inset
{<ANCHOR-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsubsection*
Fast-Escape Output Redeemscript
\end_layout
\begin_layout Standard
This allows two paths: one for this side to use the other side's secret
(revealed by them using an escape transaction), and one for the other side
to claim this side's anchor funds after a delay.
This show's A's script, but B's is the same with A and B exchanged.
\end_layout
\begin_layout Description
OP_HASH
\begin_inset space ~
\end_inset
<SECRET-B-HASH>
\begin_inset space ~
\end_inset
OP_EQUAL If top argument is B's secret
\end_layout
\begin_layout Description
OP_IF
\end_layout
\begin_deeper
\begin_layout Description
<KEY-A> For A
\end_layout
\end_deeper
\begin_layout Description
OP_ELSE B gets it if A doesn't know the secret.
\end_layout
\begin_deeper
\begin_layout Description
<DELAYTIME>
\begin_inset space ~
\end_inset
OP_CHECKSEQUENCEVERIFY
\begin_inset space ~
\end_inset
OP_DROP Ensure delay.
\end_layout
\begin_layout Description
<KEY-B> Needs to be signed by B.
\end_layout
\end_deeper
\begin_layout Description
OP_ENDIF
\end_layout
\begin_layout Description
OP_CHECKSIG Make sure it's signed correctly.
\end_layout
\begin_layout Subsubsection*
Spending The Fast-Escape Output
\end_layout
\begin_layout Standard
Either A using a B's secret revealed by B using its own escape transaction:
\end_layout
\begin_layout Description
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-B>
\begin_inset space ~
\end_inset
{<FAST-ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Standard
Or B using after a timeout:
\end_layout
\begin_layout Description
<SIG-B>
\begin_inset space ~
\end_inset
0
\begin_inset space ~
\end_inset
{<FAST-ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsection* \begin_layout Subsection*
Commitment Transactions For Generalized Channels Commitment Transactions For Generalized Channels
\begin_inset CommandInset label \begin_inset CommandInset label
@ -2133,5 +1879,275 @@ e: you cannot have an untrusted third party which can monitor the network
B. B.
\end_layout \end_layout
\begin_layout Subsection
Script Definitions for Escape Transactions
\end_layout
\begin_layout Subsection*
Escape Transaction
\end_layout
\begin_layout Standard
The escape transaction for A spends A's anchor output and reveals A's secret.
Similarly for B.
\end_layout
\begin_layout Subsubsection*
Escape Input Script
\end_layout
\begin_layout Standard
The extra 0 at the start is due to the OP_CHECKMULTISIG out-by-one-bug.
\end_layout
\begin_layout Description
0
\begin_inset space ~
\end_inset
<SIG-B'>
\begin_inset space ~
\end_inset
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-A>
\begin_inset space ~
\end_inset
{<ANCHOR-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsubsection*
Escape Output Redeemscript
\end_layout
\begin_layout Standard
This allows two paths: one for the other side to use the revocation image,
and one for this side to get their funds back after a delay.
This show's A's script, but B's is the same with A and B exchanged.
\end_layout
\begin_layout Description
OP_HASH160
\begin_inset space ~
\end_inset
<RHASH-A>
\begin_inset space ~
\end_inset
OP_EQUAL Check if the top of stack is the revocation image.
\end_layout
\begin_layout Description
OP_IF
\end_layout
\begin_deeper
\begin_layout Description
<KEY-B> Funds for B.
\end_layout
\end_deeper
\begin_layout Description
OP_ELSE It's A getting their funds back
\end_layout
\begin_deeper
\begin_layout Description
<DELAYTIME>
\begin_inset space ~
\end_inset
OP_CHECKSEQUENCEVERIFY
\begin_inset space ~
\end_inset
OP_DROP Ensure delay.
\end_layout
\begin_layout Description
<KEY-A> Needs to be signed by A.
\end_layout
\end_deeper
\begin_layout Description
OP_ENDIF
\end_layout
\begin_layout Description
OP_CHECKSIG Make sure it's signed correctly.
\end_layout
\begin_layout Subsubsection*
Spending The Escape Output
\end_layout
\begin_layout Standard
Either B using a revocation preimage:
\end_layout
\begin_layout Description
<SIG-B>
\begin_inset space ~
\end_inset
<REVOCATION-IMAGE-A>
\begin_inset space ~
\end_inset
{<ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Standard
Or A using after a timeout:
\end_layout
\begin_layout Description
<SIG-A>
\begin_inset space ~
\end_inset
0
\begin_inset space ~
\end_inset
{<ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsection*
Fast-Escape Transaction
\end_layout
\begin_layout Subsubsection*
Fast-Escape Input Script
\end_layout
\begin_layout Standard
This is identical to the normal escape input script.
\end_layout
\begin_layout Description
0
\begin_inset space ~
\end_inset
<SIG-B'>
\begin_inset space ~
\end_inset
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-A>
\begin_inset space ~
\end_inset
{<ANCHOR-REDEEMSCRIPT>}
\end_layout
\begin_layout Subsubsection*
Fast-Escape Output Redeemscript
\end_layout
\begin_layout Standard
This allows two paths: one for this side to use the other side's secret
(revealed by them using an escape transaction), and one for the other side
to claim this side's anchor funds after a delay.
This show's A's script, but B's is the same with A and B exchanged.
\end_layout
\begin_layout Description
OP_HASH
\begin_inset space ~
\end_inset
<SECRET-B-HASH>
\begin_inset space ~
\end_inset
OP_EQUAL If top argument is B's secret
\end_layout
\begin_layout Description
OP_IF
\end_layout
\begin_deeper
\begin_layout Description
<KEY-A> For A
\end_layout
\end_deeper
\begin_layout Description
OP_ELSE B gets it if A doesn't know the secret.
\end_layout
\begin_deeper
\begin_layout Description
<DELAYTIME>
\begin_inset space ~
\end_inset
OP_CHECKSEQUENCEVERIFY
\begin_inset space ~
\end_inset
OP_DROP Ensure delay.
\end_layout
\begin_layout Description
<KEY-B> Needs to be signed by B.
\end_layout
\end_deeper
\begin_layout Description
OP_ENDIF
\end_layout
\begin_layout Description
OP_CHECKSIG Make sure it's signed correctly.
\end_layout
\begin_layout Subsubsection*
Spending The Fast-Escape Output
\end_layout
\begin_layout Standard
Either A using a B's secret revealed by B using its own escape transaction:
\end_layout
\begin_layout Description
<SIG-A>
\begin_inset space ~
\end_inset
<SECRET-B>
\begin_inset space ~
\end_inset
{<FAST-ESCAPE-REDEEMSCRIPT>}
\end_layout
\begin_layout Standard
Or B using after a timeout:
\end_layout
\begin_layout Description
<SIG-B>
\begin_inset space ~
\end_inset
0
\begin_inset space ~
\end_inset
{<FAST-ESCAPE-REDEEMSCRIPT>}
\end_layout
\end_body \end_body
\end_document \end_document

BIN
doc/deployable-lightning.pdf
View file

Binary file not shown.