📅 Original date posted:2017-11-13 📝 Original message: Thank you for your ...

Tomas [ARCHIVE] /

npub1rsp…evk4

2023-06-09 12:47:39

in reply to nevent1q…m4eg

📅 Original date posted:2017-11-13
📝 Original message:
Thank you for your feedback,

On Sun, Nov 12, 2017, at 04:04, Rusty Russell wrote:
> Malleation is a problem for every commitment transaction: we use HTLC
> transactions which depend on it. Now, in theory SIGHASH_NOINPUT could
> be used to work around malleation here too, by allowing you to update
> the dependent transaction, but you need separate keys on every output to
> ensure that transactions can't be connected to the wrong outputs.

But doesn't the current specification already ensure that every key is
only used once? At least that is what I am understanding from the key
derivation rules at:

https://github.com/lightningnetwork/lightning-rfc/blob/master/03-transactions.md

>
> IIRC it cuts the number of updates down by about a factor of 2 under
> typical use, more under weird conditions. Basically you can re-attach
> the HTLC transaction instead of needing a new one.
>
> IMHO SIGHASH_NOINPUT is a generally nice thing to have, though it's
> extremely dangerous if you reuse keys at all. So, don't do that :)

If the prescribed key derivation algorithm ensures uniqueness, under
what circumstances could the keys be reused? Is it just a faulty
implementation here that is the risk?

Thank you,
Tomas

Author Public Key

npub1rsp4w56r24w3zv4xy8zfgesep45qmf9rq6aghxfw3wr7yemqnnwsf9evk4

Show more details

Published at

2023-06-09 12:47:39

Kind type

1 Short Text Note

Event JSON

{ "id": "cb087e902fb5d1dc5eaa37c39a18b2247ad2d6d09e7b59a6c97e839c2d0dbe4a", "pubkey": "1c03575343555d1132a621c49466190d680da4a306ba8b992e8b87e267609cdd", "created_at": 1686314859, "kind": 1, "tags": [ [ "e", "1b5890b1f355aa9bd0c48d19b3a4f0c6e857ab0a1016ed957f0b70c4a4e4b725", "", "root" ], [ "e", "c016f65fa1c42831c71843653af6eed1c0203654498589950d14d7b970c5253b", "", "reply" ], [ "p", "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425" ] ], "content": "📅 Original date posted:2017-11-13\n📝 Original message:\nThank you for your feedback, \n\nOn Sun, Nov 12, 2017, at 04:04, Rusty Russell wrote:\n\u003e Malleation is a problem for every commitment transaction: we use HTLC\n\u003e transactions which depend on it. Now, in theory SIGHASH_NOINPUT could\n\u003e be used to work around malleation here too, by allowing you to update\n\u003e the dependent transaction, but you need separate keys on every output to\n\u003e ensure that transactions can't be connected to the wrong outputs.\n\nBut doesn't the current specification already ensure that every key is\nonly used once? At least that is what I am understanding from the key\nderivation rules at:\n\nhttps://github.com/lightningnetwork/lightning-rfc/blob/master/03-transactions.md\n\n\u003e \n\u003e IIRC it cuts the number of updates down by about a factor of 2 under\n\u003e typical use, more under weird conditions. Basically you can re-attach\n\u003e the HTLC transaction instead of needing a new one.\n\u003e \n\u003e IMHO SIGHASH_NOINPUT is a generally nice thing to have, though it's\n\u003e extremely dangerous if you reuse keys at all. So, don't do that :)\n\nIf the prescribed key derivation algorithm ensures uniqueness, under\nwhat circumstances could the keys be reused? Is it just a faulty \nimplementation here that is the risk?\n\nThank you,\nTomas", "sig": "3eb022812a327a4f85fa87622ab6cc7204fdb46bffcea2bcba2fb1cd78df5dace829360bdc3d396a22e5f10b82db55c7ba0c109141fcf6b6467e268c9df88ea5" }