Alejandro Ranchal Pedrosa [ARCHIVE] on Nostr: 📅 Original date posted:2019-04-20 📝 Original message: Hi ZmnSCPxj, I suppose ...
📅 Original date posted:2019-04-20
📝 Original message:
Hi ZmnSCPxj,
I suppose some variant of that proposal might mitigate the attack, but
it would trigger a race condition between the valid state of the
sub-factory and the new state of the channel.
Also, as you said, Alice and Bob might be interested in stealing anyways
from Carol, regardless of losing the race, if the stolen funds are more.
Best,
Alejandro.
On 17/04/2019 13:45, ZmnSCPxj wrote:
> Good morning Alejandro, and list,
>
> I am uncertain if this would completely solve it, but Discrete Log Contracts has a mechanism by which an Oracle is enforced to reveal its private key, if it publishes multiple signatures signing different messages for a particular sampling.
> It seems like a way to ensure, that a public key is used only once.
>
> Can this mechanism be somehow used, so that if Alice and Bob sign an alternate transaction spending the A,B output (thus invalidating the sub-factory transaction), they also reveal to Carol the private key?
> Carol can then punish this behavior by burning the A,B output and sending it all as fees to miners.
>
> However, it may be insufficient.
> If the A,B channel is very small in capacity, Alice and Bob may be willing to sacrifice it in exchange for stealing larger amounts from Carol.
>
>
>
> Regards,
> ZmnSCPxj
--
Alejandro Ranchal Pedrosa
📝 Original message:
Hi ZmnSCPxj,
I suppose some variant of that proposal might mitigate the attack, but
it would trigger a race condition between the valid state of the
sub-factory and the new state of the channel.
Also, as you said, Alice and Bob might be interested in stealing anyways
from Carol, regardless of losing the race, if the stolen funds are more.
Best,
Alejandro.
On 17/04/2019 13:45, ZmnSCPxj wrote:
> Good morning Alejandro, and list,
>
> I am uncertain if this would completely solve it, but Discrete Log Contracts has a mechanism by which an Oracle is enforced to reveal its private key, if it publishes multiple signatures signing different messages for a particular sampling.
> It seems like a way to ensure, that a public key is used only once.
>
> Can this mechanism be somehow used, so that if Alice and Bob sign an alternate transaction spending the A,B output (thus invalidating the sub-factory transaction), they also reveal to Carol the private key?
> Carol can then punish this behavior by burning the A,B output and sending it all as fees to miners.
>
> However, it may be insufficient.
> If the A,B channel is very small in capacity, Alice and Bob may be willing to sacrifice it in exchange for stealing larger amounts from Carol.
>
>
>
> Regards,
> ZmnSCPxj
--
Alejandro Ranchal Pedrosa