1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 10:00:04 +01:00
Commit Graph

84 Commits

Author SHA1 Message Date
Landon Mutch
5db55df16a BOLT 1,2,3: apply updated stylesheet guidelines for list capitalization, punctuation 2017-12-07 02:36:10 +00:00
Landon Mutch
7a8a5d88dd BOLT 2,3: fix changes requested 2017-11-28 23:11:55 +00:00
Landon Mutch
cd3c49eb88 BOLT 3: fix typo 2017-11-28 23:11:55 +00:00
Landon Mutch
785d69de41 BOLT 3: complete first pass copy-edit according to stylesheet guidelines; 2017-11-28 23:11:55 +00:00
Landon Mutch
f23e3dd56b BOLT 1,2,3: first pass copy-edit;
BOLT 1,2: minor header spacing fixes
BOLT 3: first pass copy edit, according to capitalization, formatting stylesheet guidelines;
2017-11-28 23:11:55 +00:00
Rusty Russell
4f91f0bb2a htlckey: new basepoint avoid holding the payment secret.
This is stolen from @sstone's #243 "reduce attack surface".

This breaks compatibility, as agreed at the 2017-11-13 meeting.
Note also that it does not update the test vectors.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-11-14 22:58:11 +00:00
ueno
6d43b28258 fix some links 2017-10-17 07:25:48 +00:00
Pierre-Marie Padiou
2aa9f971af fixed typo htlc->HTLC (#262) 2017-10-12 11:40:05 +02:00
Jim Posen
31ae0035c0 BOLT 03: Correct txid of funding transaction in test vector.
The txid has the wrong endianness since Bitcoin reverses the byte
order of double-SHA256 hashes.
2017-09-25 12:28:40 +09:30
Jim Posen
fc31c379e2 BOLT 03: Remove extra 0x01 byte from private keys in test vectors.
An 0x01 byte is appended to the end of private keys in the test
vectors to mark them as using compressed serialization to derive the
pubkeys. Two of the private keys have two 0x01 bytes appended,
presumably by accident.
2017-09-25 12:28:40 +09:30
Jim Posen
22dfcbabcc BOLT 03: Fix appendix numbers and TOC links. 2017-09-25 12:28:40 +09:30
Jim Posen
a01f4c55d3 BOLT 03: Fix pseudcode for shachain algorithm.
When deriving a secret from a seed and index, the bits of the index
must be iterated in reverse order.
2017-09-25 12:28:40 +09:30
Janus Troelsen
49edc5417f Fix link to localkey-remotekey-local_delayedkey-and-remote_delayedkey-derivation 2017-08-26 16:42:32 +09:30
Rusty Russell
4dc97605cc BOLT 3: define closing transaction.
The only surprise here (maybe?) is that we use the commitment number encoding.
I think that makes sense, but it was unspecified before.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-08 10:05:18 +09:30
Rusty Russell
95e7196560 BOLT 3: fix references to RIPEMD160(revocationkey)
They should be HASH160, aka RIPEMD160(SHA256()).

Closes: #179
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-23 17:56:53 +02:00
Olaoluwa Osuntokun
61b5b3f7b4 BOLT 3: clarify description of revocation key derivation (#170)
This commit attempts to clarify some ambiguity in the way the
revocation key derivation was formerly described. Rather than framing
the description in terms of local vs remote nodes, we instead frame the
description around the _process_ of creating a new commitment
transaction for a remote node,

[ minor typos and remove weird part-sentence -- RR ]
2017-05-20 09:50:51 +09:30
Rusty Russell
f0da3978e9 Underscores for all terms, not just fields.
Plus a few more missing ones, and some consistency fixes in names
as pointed out by Roasbeed and Fabrice.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-15 12:54:53 -07:00
Rusty Russell
5f06896403 BOLT 3: instead of ripemd-of-X, use RIPEMD160(X).
This is more specific and clearer.

Reported-by: Olaoluwa Osuntokun <laolu32@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-15 12:54:53 -07:00
Rusty Russell
63edd2e869 BOLT 3: use correct field name for HTLC timeout value.
It's called cltv_expiry in BOLT 2's update_add_htlc.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-15 12:54:53 -07:00
Rusty Russell
407b9927bf BOLT 3: Replace many hyphens with underscores in descriptions.
Not sure how I missed these:
1. funding-pubkey -> funding_pubkey
2. to-self-delay -> to_self_delay
3. per-commitment-point -> per_commitment_point
4. per-commitment-secret -> per_commitment_secret
5. revocation-basepoint -> revocation_basepoint
6. delayed-payment-basepoint -> delayed_payment_basepoint
7. payment-basepoint -> payment_basepoint

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-15 12:54:53 -07:00
Rusty Russell
c0fa965036 BOLT 3: Add URL for BIP69.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-11 11:20:36 +09:30
Rusty Russell
8c0e55ac37 BOLT 4: underscores and backticks everywhere.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-11 11:20:36 +09:30
Rusty Russell
925b39a619 BOLT 3: typo fixes.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-03 13:08:07 +09:30
Rusty Russell
5ed243de2d BOLT 3: fix labels on test vectors.
As per ElementsProject/lightning#134 Fabrice points out that to calculate
our own commitment tx, we use the *other* side's revocation basepoint:

	The revocationkey is a blinded key: the remote node provides the base,
	and the local node provides the blinding factor which it later
	reveals

Thus, we fix the test vectors by renaming "local_revocation_basepoint"
to "remote_revocation_basepoint", which is what we should be using.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-24 12:24:24 +10:30
Rusty Russell
e6aa70ebc0 BOLT 3: update test vectors for new scripts and weight calculation.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-08 05:50:44 +10:30
Rusty Russell
aeb6e45d7e BOLT 3: fix internal remote_secret_key documentation.
We didn't update it for 394da29189
"BOLT 3: fix test vector derivation."

This doesn't actually change any results, just fixes an intermediate
calculation.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-08 05:50:44 +10:30
Rusty Russell
7c59d6990b BOLT 3: update numbers in example calculation.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-08 05:50:44 +10:30
Rusty Russell
392008a7d3 BOLT 3,5: update weight calculations for revocation key hash in script.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-08 05:50:44 +10:30
Rusty Russell
a597738b94 BOLT 3: Use revocation key hash rather than revocation key in scripts.
This means more bytes if we need to create a penalty tx, but less for
normal operation:

Witness script for offered htlcs: 139 bytes -> 133 bytes.
Witness script for accepted htlcs: 156 bytes -> 139 bytes.

It's also a little simpler; it's just an OP_IF around the old scripts
to test for the revocation key being the top arg.

Suggested-by: Joseph Poon <joseph@lightning.network>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-08 05:50:44 +10:30
pm47
557db43378 make htlc outputs of the commitment tx spendable with revocation key
(Merge conflict in test vectors fixed by selecting Pierre's, will have to
 be re-evaluated).

Closes: #105
2017-03-07 09:21:40 +10:30
Rusty Russell
034c234829 BOLT 2,3: SHOULD NOT create malleable funding tx.
But note that our funding transaction example is.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 06:39:28 +10:30
Rusty Russell
dc0b529161 BOLT 3: update test vectors for ec99f893f3
The weights of HTLCs were corrected by Pierre in "fixed htlc weight
calculation": this adjusts the test vectors to match.

This also means that the feerate thresholds change.

In addition, this fixes feerate on "maximum feerate" tests,
and corrects the fee for the htlc-timeout tx.

Reported-by: Fabrice Drouin <fabrice.drouin@acinq.fr>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-22 09:59:37 +10:30
Rusty Russell
0801f05795 BOLT 3: Note the HTLC number when annotating witness scripts.
This is more distinctive than amount.

No normative changes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-22 09:59:37 +10:30
Rusty Russell
394da29189 BOLT 3: fix test vector derivation.
The test vectors themselves were fine, but they're supposed to be derived
from known basepoints (and I was actually testing this with some new code).

I accidentally used the *remote* per-commitment-point, instead of the *local*
per-commitment-point to derive the remotekey/remote_privkey; since we are
generating the local transaction, this is wrong.  We don't need to know
the remote per-commitment-point at all, in fact.

Thus, the remotekey (and signatures) in the test vectors change.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-22 09:59:37 +10:30
pm47
ec99f893f3 fixed htlc weight calculation 2017-02-10 11:33:41 +10:30
Rusty Russell
fb5e8667bb bolt3 fix and enhance tx testvectors (#99)
This is a smerge of Fabrice Drouin and my work: he update them, I updated them and enhanced them, he found bugs, I re-derived them, etc.

- rename keys properly
- fix fees
- sign all transactions
- Derive test transaction vectors from minimal subset of parameters.
- rewrite test vectors to test edge cases for trimming.
- add funding tx test vector, make testable on regtest.

This adds a funding transaction test (really, we only specify the output), but importantly adds enough information to duplicate a blockchain with that particular funding tx:

$ rm -rf ~/.bitcoin/regtest/
$ bitcoind -regtest=1 &
$ bitcoin-cli -regtest=1 submitblock  0000002006226e46111a0b59caaf126043eb5bbf28c34f3a5e332a1fc7b2b73cf188910fadbb20ea41a8423ea937e76e8151636bf6093b70eaff942930d20576600521fdc30f9858ffff7f20000000000101000000010000000000000000000000000000000000000000000000000000000000000000ffffffff03510101ffffffff0100f2052a010000001976a9143ca33c2e4446f4a305f23c80df8ad1afdcf652f988ac00000000
$ bitcoin-cli -regtest=1 generate 431
$ bitcoin-cli -regtest=1 sendrawtransaction 0200000001adbb20ea41a8423ea937e76e8151636bf6093b70eaff942930d20576600521fd000000006b48304502210090587b6201e166ad6af0227d3036a9454223d49a1f11839c1a362184340ef0240220577f7cd5cca78719405cbf1de7414ac027f0239ef6e214c90fcaab0454d84b3b012103535b32d5eb0a6ed0982a0479bbadc9868d9836f6ba94dd5a63be16d875069184ffffffff028096980000000000220020c015c4a6be010e21657068fc2e6a9d02b27ebe4d490a25846f7237f104d1a3cd20256d29010000001600143ca33c2e4446f4a305f23c80df8ad1afdcf652f900000000

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 11:15:33 +10:30
Rusty Russell
0dd1d383ed BOLT 3: fix trimming typo.
If the htlc amount, after htlc fee is *subtracted*, is less than the dust limit,
trim it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-01 12:42:04 +10:30
Rusty Russell
d907eacbac BOLT 3: use P2WPKH instead of P2PKH.
Not only is it shorter and cheaper, but the rest of the document (including
test vectors and weight calculation) assumed it already.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-31 13:09:53 +10:30
Rusty Russell
76937db387 BOLT 3: minor cleanup.
Remove redundant sentence about commitment txin; it's specified exactly
3 lines later.

Refer to the Commitment Transaction section in "Commitment Transaction
Construction".

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 16:05:11 +10:30
Rusty Russell
de8be3072d BOLT 3: Spell out how to construct the commitment transaction.
* I add the term "trimmed outputs" for sub-dust outputs; this matters
  for both fee calculation and transaction construction.

* Introduce the concept of "base fee": this is what needs to be
  extracted from the funder.

* The requirements are spread between the different sections, let's
  tie it together in a new section at the end.

* Spell out all the steps in the example which calculates fees.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 06:23:28 +10:30
Rusty Russell
1819ff9355 BOLT 3: dust-limit should be dust-limit-satoshis
That's the name of the field in BOLT 2.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 06:23:28 +10:30
Rusty Russell
b29269419a BOLT 3: Fix amounts in example.
Since we changed from / 1024 to / 1000 in fddc992b2d, the example is
out-of-date.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-25 06:23:28 +10:30
Rusty Russell
30e0cc6782 BOLT 3: Fix one-letter URL typo.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-24 06:55:45 +10:30
Rusty Russell
6aaa9322a1 BOLT 3: Add test vectors for key derivation. (#83)
* BOLT 3: Add test vectors for key derivation.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-24 06:52:29 +10:30
Rusty Russell
fddc992b2d BOLT 2, BOLT 3: fee-per-kw kilo == 1000, not 1024.
I checked the bitcoin source to be sure, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-01-22 16:17:30 -08:00
Christopher Jämthagen
f1eaa25446 BOLT 3: Use 0x20 as high byte for locktime in commitment transaction
The most significant byte of the locktime in a commitment transaction
must be set to 0x20. This is to make sure that the locktime value
is always higher than 500,000,000, making it interpreted as a Unix
epoch timestamp, and not a block height. It also makes sure that the
locktime is below the current time, allowing the commitment transaction
to be included in a block.

Since the sequence field in the input of the commitment transaction is
used for the other half of the obscured commitment transaction number,
it will never assume the maxInt value (0xFFFFFFFF) which would disable
locktime checking.
2017-01-13 22:57:14 +01:00
Christopher Jämthagen
2045d6d632 witnessScript is part of witness + null dummy for OP_CHECKMULTISIG (#70)
* Add null dummy consumed by OP_CHECKMULTISIG
* scriptsig -> witness.
* witness script -> witness.
2017-01-04 16:09:18 +10:30
pm47
7751ee11f2 added test vectors for transactions 2017-01-04 15:55:41 +10:30
pm47
2c4cd03b4c added a section about who pays the fee 2017-01-04 15:55:41 +10:30
pm47
4339f033e6 moved weight computation to Appendix section, fixed index 2017-01-04 15:55:41 +10:30