We can save an opcode in both HTLC send and receive scripts by using
OP_2DROP instead of OP_DROP twice.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Our current proto_to_locktime actually handles relative locktimes,
and HTLCs use absolute. Fix that.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
For open transactions, locktime is a delay we require on the other
side's to-self commit transaction outputs to ensure we can cut them
off if necessary.
For HTLCs, it's an absolute expiry time.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Proposing an HTLC follows the same sequence as proposing a normal
update. There's also requests to complete and remove HTLCs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This shows where funds are going at any time (fees vs to each side).
funding.c is mainly rewritten, and should be clearer now.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This effectively removes the escape-transaction dual anchor code in
favor of single-funder anchor.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Both sides elect a commitment fee, and the lowest is chosen. That means
you can't game the other side (but if you offer too low, then can error
out of course).
Fees are split 50-50 if possible: originally the whole fee has to be
paid by the (single) funder. Neither side can withdraw funds which
would make them unable to pay fees.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Most complex change was gather_updates(), which handles all the "what
is the current state of the channel" logic for our dumb test utils.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is a major change; instead of creating a mutual anchor (funding)
transaction, each side creates its own. We use escape transactions in
case anything goes wrong; these will be revoked later.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
As documented in the paper; it's also two bytes shorter, and allows
us to use the exact same script for three cases.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
StephenM347 on #lightning-dev indicated it could be clearer that
this is all about changing commitment transactions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
It's slightly clearer to do the "2" outside the branch.
Also, spending it requires the extra 0 due to OP_CHECKMULTISIG bug.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
As reported by mmeijeri on r/Bitcoin:
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct80xpp
As the signature doesn't cover the input itself, you could replace the
secret key from the escape transaction with 0, and it will use the "A and B"
branch of the output.
(This also fixes a bug in the anchor output where the OP_IF consumed the
secret).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
