📅 Original date posted:2018-10-16
📝 Original message:
ZmnSCPxj via Lightning-dev <lightning-dev at lists.linuxfoundation.org>
writes:
>> One thing that I think we should lift from the multiple funding output
>> approach is the "pre seating of inputs". This is cool as it would allow
>> clients to generate addresses, that others could deposit to, and then have
>> be spliced directly into the channel. Public derivation can be used, along
>> with a script template to do it non-interactively, with the clients picking
>> up these deposits, and initiating a splice in as needed.
>
> I am uncertain what this means in particular, but let me try to
> restate what you are talking about in other terms:
>
> 1. Each channel has two public-key-derivation paths (BIP32) to create onchain addresses. One for each side of the channel.
> 2. When somebody sends to one of the onchain addresses in the path, their client detects this.
> 3. The client initiates a splice-in automatically from this UTXO paying to that address into the channel.
>
> It seems to me naively that the above can be done by the client
> software without any modifications to the Lightning Network BOLT
> protocol, as long as the BOLT protocol is capable of supporting *some*
> splice-in operation, i.e. it seems to be something that a client
> software can implement as a feature without requiring a BOLT change.
> Or is my above restatement different from what you are talking about?
>
> How about this restatement?
>
> 1. Each channel has two public-key-derivation paths (BIP32) to create onchain addresses. One for each side of the channel.
> 2. The base of the above is actually a combined private-public keypair of both sides (e.g. created via MuSig or some other protocol). Thus the addresses require cooperation of both parties to spend.
> 3. When somebody sends to one of the onchain addresses in the path, their client detects this.
> 4. The client updates the current transaction state, such that the new commit transaction has two inputs ( the original channel transaction and the new UTXO).
>
> The above seems unsafe without trust in the other peer, as, the other
> peer can simply refuse to create the new commit transaction. Since
> the address requires both parties to spend, the money cannot be spent
> and there is no backoff transaction that can be used. But maybe you
> can describe some mechanism to ensure this, if this is what is meant
> instead?
This could easily be solved by making the destination address a Taproot
address, which by default is just a 2-of-2, but in the uncooperative
case it can reveal the script it commits to, which is just a timelocked
refund that requires a single-sig. The only problem with this is that
the refund would be non-interactive, and so the entirety of the funds,
that may be from a third-party, need to be claimed by one endpoint,
i.e., there is no splitting the funds in case of an uncollaborative
refund. Not sure how important that is though, since I don't think
third-party funds will come from unrelated parties, e.g., most of these
funds will come from an on-chain wallet that is under the control of
either parties so the refund should go back to that party anyway.
Cheers,
Christian
Christian Decker [ARCHIVE] /
npub1wt…gtuyn
2023-06-09 12:51:47
in reply to nevent1q…3q4j
Author Public Key
npub1wtx5qvewc7pd6znlvwktq03mdld05mv3h5dkzfwd3dc30gdmsptsugtuynPublished at
2023-06-09 12:51:47Event JSON
{
"id": "589ea9182ee0d00e6cf86254e4917d5bb64bb74172cebadb73bd5396593f96ab",
"pubkey": "72cd40332ec782dd0a7f63acb03e3b6fdafa6d91bd1b6125cd8b7117a1bb8057",
"created_at": 1686315107,
"kind": 1,
"tags": [
[
"e",
"d33837a10906296cdab5e5ff391835a12bd3f5d27bdac072961b20f094855a4d",
"",
"root"
],
[
"e",
"b01b83c1cf11564240f75bc1f65c9812296b118ad33646357618829e679990a9",
"",
"reply"
],
[
"p",
"4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861"
]
],
"content": "📅 Original date posted:2018-10-16\n📝 Original message:\nZmnSCPxj via Lightning-dev \u003clightning-dev at lists.linuxfoundation.org\u003e\nwrites:\n\n\u003e\u003e One thing that I think we should lift from the multiple funding output\n\u003e\u003e approach is the \"pre seating of inputs\". This is cool as it would allow\n\u003e\u003e clients to generate addresses, that others could deposit to, and then have\n\u003e\u003e be spliced directly into the channel. Public derivation can be used, along\n\u003e\u003e with a script template to do it non-interactively, with the clients picking\n\u003e\u003e up these deposits, and initiating a splice in as needed.\n\u003e\n\u003e I am uncertain what this means in particular, but let me try to\n\u003e restate what you are talking about in other terms:\n\u003e\n\u003e 1. Each channel has two public-key-derivation paths (BIP32) to create onchain addresses. One for each side of the channel.\n\u003e 2. When somebody sends to one of the onchain addresses in the path, their client detects this.\n\u003e 3. The client initiates a splice-in automatically from this UTXO paying to that address into the channel.\n\u003e\n\u003e It seems to me naively that the above can be done by the client\n\u003e software without any modifications to the Lightning Network BOLT\n\u003e protocol, as long as the BOLT protocol is capable of supporting *some*\n\u003e splice-in operation, i.e. it seems to be something that a client\n\u003e software can implement as a feature without requiring a BOLT change.\n\u003e Or is my above restatement different from what you are talking about?\n\u003e\n\u003e How about this restatement?\n\u003e\n\u003e 1. Each channel has two public-key-derivation paths (BIP32) to create onchain addresses. One for each side of the channel.\n\u003e 2. The base of the above is actually a combined private-public keypair of both sides (e.g. created via MuSig or some other protocol). Thus the addresses require cooperation of both parties to spend.\n\u003e 3. When somebody sends to one of the onchain addresses in the path, their client detects this.\n\u003e 4. The client updates the current transaction state, such that the new commit transaction has two inputs ( the original channel transaction and the new UTXO).\n\u003e\n\u003e The above seems unsafe without trust in the other peer, as, the other\n\u003e peer can simply refuse to create the new commit transaction. Since\n\u003e the address requires both parties to spend, the money cannot be spent\n\u003e and there is no backoff transaction that can be used. But maybe you\n\u003e can describe some mechanism to ensure this, if this is what is meant\n\u003e instead?\n\nThis could easily be solved by making the destination address a Taproot\naddress, which by default is just a 2-of-2, but in the uncooperative\ncase it can reveal the script it commits to, which is just a timelocked\nrefund that requires a single-sig. The only problem with this is that\nthe refund would be non-interactive, and so the entirety of the funds,\nthat may be from a third-party, need to be claimed by one endpoint,\ni.e., there is no splitting the funds in case of an uncollaborative\nrefund. Not sure how important that is though, since I don't think\nthird-party funds will come from unrelated parties, e.g., most of these\nfunds will come from an on-chain wallet that is under the control of\neither parties so the refund should go back to that party anyway.\n\nCheers,\nChristian",
"sig": "2c7f5dcbf0a9eb321fb74137c41e73bad55ca61d6101a4a1b62521a19394b9932461349d2c8e22db3daa0f46b5e9494bd9cf6ef3448ecc3777590fcab457c491"
}