Eugene Siegel [ARCHIVE] on Nostr: ð Original date posted:2022-03-07 ð Original message: I'm not sure if this is ...
ð
Original date posted:2022-03-07
ð Original message:
I'm not sure if this is known, but I'm pretty sure it's benign and so I
thought I'd share since I found it interesting and maybe someone else will
too. I'm not sure if this is already known either.
https://github.com/lightning/bolts/blob/master/03-transactions.md#offered-htlc-outputs
Offered HTLCs have three claim paths: the revocation case, the offerer
claiming through the HTLC-timeout transaction, and the receiver claiming
via their sig + preimage. The offering party can claim via the HTLC-timeout
case on their commitment transaction with their signature and the remote's
signature (SIGHASH_ALL) after the cltv_expiry timeout. Since the remote
party gives them a signature, after the timeout, the offering party can
claim with the remote's signature + preimage, but can only spend with the
HTLC-timeout transaction because of SIGHASH_ALL. This assumes that the
remote party doesn't claim it first. I can't think of any cases where the
offering party would know the preimage AND want to force close, so that's
why I think it's benign. It does make the witness smaller. The same trick
isn't possible with the Received HTLC's due to OP_CHECKLOCKTIMEVERIFY.
Eugene (Crypt-iQ on github)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20220307/b2eda6a8/attachment.html>;
ð Original message:
I'm not sure if this is known, but I'm pretty sure it's benign and so I
thought I'd share since I found it interesting and maybe someone else will
too. I'm not sure if this is already known either.
https://github.com/lightning/bolts/blob/master/03-transactions.md#offered-htlc-outputs
Offered HTLCs have three claim paths: the revocation case, the offerer
claiming through the HTLC-timeout transaction, and the receiver claiming
via their sig + preimage. The offering party can claim via the HTLC-timeout
case on their commitment transaction with their signature and the remote's
signature (SIGHASH_ALL) after the cltv_expiry timeout. Since the remote
party gives them a signature, after the timeout, the offering party can
claim with the remote's signature + preimage, but can only spend with the
HTLC-timeout transaction because of SIGHASH_ALL. This assumes that the
remote party doesn't claim it first. I can't think of any cases where the
offering party would know the preimage AND want to force close, so that's
why I think it's benign. It does make the witness smaller. The same trick
isn't possible with the Received HTLC's due to OP_CHECKLOCKTIMEVERIFY.
Eugene (Crypt-iQ on github)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20220307/b2eda6a8/attachment.html>;