Commit Graph

300 Commits

Author SHA1 Message Date
Rusty Russell
7564e3f475 test-cli/create-secret-spend-tx: more general tool to spend secret-or-delay outputs
Immediately replaces create-commit-spend-tx and create-steal-tx.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
Rusty Russell
402cd67e10 test-cli/extract-revocation-preimage: helper to get preimage from message
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
Rusty Russell
2e36affb77 test-cli/get-revocation-secret: new helper.
Give the revocation secret (or hash) for a given index number.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
Rusty Russell
ebb068e975 Escape transaction support, test tools to create/check them.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
Rusty Russell
ee3af28980 test-cli/txid-of: simple helper to get txid.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
06fe371b3f protocol: add field so we can specify the escape fee.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
114161a6a5 test-cli/scripts/test.sh: send_after_delay()
Extract and generalize: we're about to get more.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
98d994f930 protocol: add open-complete.
This is where we expose the revocation preimages for the escape
transactions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
6a5ba591ee signature: match alpha hashing bug for multiple inputs.
https://github.com/ElementsProject/elements/issues/37

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
c03c878afc Split into two anchors.
This is a major change; instead of creating a mutual anchor (funding)
transaction, each side creates its own.  We use escape transactions in
case anything goes wrong; these will be revoked later.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
1a46334bd7 protocol: remove new anchor ops.
We didn't implement them yet, and they'll need revision anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
11099d738f script: dual anchor input support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
aa79887d79 script: use the normalized delay script form for commit output.
As documented in the paper; it's also two bytes shorter, and allows
us to use the exact same script for three cases.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
d053181b0b script: add standard routines for secret-or-timedelay outputs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
bde07aa6a7 Makefile: fix make clean, depend on bitcoin/ headers.
Didn't remove program object files, nor depend on all headers.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
465c2b04e8 signature: fix -DDEBUG case, add hash printing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
Rusty Russell
8a127ab8a9 doc: clarify wording on section 3.1
StephenM347 on #lightning-dev indicated it could be clearer that
this is all about changing commitment transactions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:07 +09:30
Rusty Russell
305b8cd27d doc: switch signatures around in escape and commit input scripts.
Because of the way we form the redeemscripts, it's easier to have it
push B's sig then A's.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 15:59:58 +09:30
Rusty Russell
da503c1ee1 doc: simplify anchor output script, fix users.
It's slightly clearer to do the "2" outside the branch.

Also, spending it requires the extra 0 due to OP_CHECKMULTISIG bug.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 16:39:52 +09:30
Rusty Russell
8a4246cb36 permute: use BIP69 order.
It's a canonical ordering, rather than a random shuffle.  Far simpler.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 14:07:44 +09:30
Rusty Russell
d93eee22f5 doc: add figures from LN draft (thanks Joseph!).
Also clean up references to Appendix A.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 14:07:40 +09:30
Rusty Russell
73ba5acca9 doc: fix flaw in escape transactions.
As reported by mmeijeri on r/Bitcoin:

https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct80xpp

As the signature doesn't cover the input itself, you could replace the
secret key from the escape transaction with 0, and it will use the "A and B"
branch of the output.

(This also fixes a bug in the anchor output where the OP_IF consumed the
secret).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 14:07:25 +09:30
Rusty Russell
ce4bdb9fe1 doc: fix error in fast-escape redeemscript.
Reported by killerstorm on reddit:
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct6jyim

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-18 20:40:30 +09:30
Rusty Russell
d9c29387d1 doc: typo from roasbeef on reddit.
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct78mk9

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-18 19:32:37 +09:30
Rusty Russell
e4921b9bc6 Add documentation.
First up, a draft of a paper showing the differences between the LN draft
and this.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-18 10:46:53 +09:30
Rusty Russell
8f64eb90af Switch over to CCAN's ripemd160.
Avoids handing naked u8 arrays around, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:43:36 +09:30
Rusty Russell
0f9ae8a19f ccan: add ripemd160
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:26:13 +09:30
Rusty Russell
81e73926f3 ccan: update.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:25:31 +09:30
Rusty Russell
ec399e13a4 Makefile: update-ccan: new target.
Hacky, but syncs up ccan repository.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:25:09 +09:30
Rusty Russell
402f1d28a8 Update .gitignore.
Reduce the clutter.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:25:01 +09:30
Rusty Russell
456a43c3b4 Clean up extra ccan dirs.
Turns out that CCAN's create-ccan-tree has a bug with submodules.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:24:14 +09:30
Rusty Russell
376e5bb584 README.md: Note Elements requirement.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 14:03:45 +09:30
Rusty Russell
a663dc322c Remove signature leaking.
Alpha has segregated witnesses, so txid doesn't include the inputs.
That means we can create the first commit transaction before we sign
the anchor tx.

Bitcoin will need to do this differently: presumbly via new sipops
(a OP_CHECKSIG2VERIFY I imagine).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 14:00:54 +09:30
Rusty Russell
69b2690ecb HOWTO-USE.md: use alpha instead of bitcoind for examples.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 13:39:27 +09:30
Rusty Russell
f510e29e22 alpha: switch over to Elements Alpha by default.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 13:36:25 +09:30
Rusty Russell
c660629760 test.sh: (alpha) make sure that spending tx fails too soon, succeeds after delay.
This only makes sense when we have CSV support.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 10:47:29 +09:30
Rusty Russell
4011f7ae7c create-commit-spend-tx: set alpha fields, and input locktime.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 10:45:43 +09:30
Rusty Russell
20bb6c65aa protocol fix: use locktime from *other* side.
Which emerged clearly when setting one side's locktime differently than
the other.

Each side specifies the (minimum) time they need to notice a fraud attempt:
this constrains the *other* side.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 10:44:49 +09:30
Rusty Russell
66b1df4036 tx: locktime should be 0.
It doesn't matter until we start setting sequence numbers properly,
so hasn't been noticed until now.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 10:44:44 +09:30
Rusty Russell
1075264c66 close_tx: initialize fee and input amount fields.
Required for alpha.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:55:11 +09:30
Rusty Russell
90e4160862 test.sh: handle appended amounts in transactions.
cut -d: -f1 gets just the transactions, or passed through if no ":".

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:55:11 +09:30
Rusty Russell
ae31431168 tx: centralize transaction writing, append amounts for alpha.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:55:11 +09:30
Rusty Russell
5dc9cd16f9 create-steal-tx: actually output the steal tx, not the commit tx!
... Which reveals it wasn't paying a fee.  So update fix that, and
initialize the alpha tx fields while we're there.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:55:03 +09:30
Rusty Russell
9851436d4d test.sh: restore --steal and --unilateral options
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
62a002c860 script: make DER for signature encoding optional.
Alpha does the sane thing, places signatures raw.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
faae91f3fc Schnorr signature support.
This variation is used by alpha.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
1d82bf51fc signature: fix invalid S check.
The even-S check was based on https://github.com/sipa/bitcoin/commit/a81cd9680
which was replaced by a low-S check in commit e0e14e43d9586409e42919f6cb955540134cda2a

Abstract out and fix the check.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
d20ddb5a90 Use libsecp256k1 instead of openssl for crypto.
We still use openssl for bignums (base58) and for ripemd.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
5a79ef9502 Import secp256k1 (schnorr version)
Imported from: git@github.com:sipa/secp256k1.git schnorr3 (0ab0b47)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell
fbe63124f6 Move DER encoding into bitcoin/signature.c
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30