š
Original date posted:2019-10-01
š Original message:
Good morning Christian,
> > - A standard MuSig 2-of-2 bip-schnorr SegWit v1 Funding Transaction Output, confirmed onchain
> > - A "translator transaction" spending the above and paying out to a SegWit v16 output-tagged output, kept offchain.
> > - Decker-Russell-Osuntokun update transaction, signed with `SIGHASH_NOINPUT` spending the translator transaction output.
> > - Decker-Russell-Osuntokun state transaction, signed with `SIGHASH_NOINPUT` spending the update transaction output.
>
> That is very much how I was planning to implement it anyway, using a
> trigger transaction to separate timeout start and the actual
> update/settlement pairs (cfr. eltoo paper Section 4.2). So for eltoo
> there shouldn't be an issue here :-)
My understanding is that a trigger transaction is not in fact necessary for Decker-Russell-Osuntokun: any update transaction could spend the funding transaction output directly, and thereby start the relative timelock.
At least, if we could arrange the funding transaction output to be spendable directly using `SIGHASH_NOINPUT` or variants thereof.
> > Again, the more important point is that special blockchain
> > constructions should only be used in the "bad" unilateral close case.
> > In the cooperative case, we want to use simple plain
> > bip-schnorr-signed outputs getting spent to further bip-schnor/Taproot
> > SegWit v1 addresses, to increase the anonymity set of all uses of
> > Decker-Russell-Osuntokun and other applications that might use
> > `SIGHASH_NOINPUT` in some edge case (but which resolve down to simple
> > bip-schnorr-signed n-of-n cases when the protocol is completed
> > successfully by all participants).
>
> While I do agree that we should keep outputs as unidentifiable as
> possible, I am starting to question whether that is possible for
> off-chain payment networks since we are gossiping about the existence of
> channels and binding them to outpoints to prove their existence anyway.
* Lightning supports unpublished channels, so we do not gossip some outpoints even though they are in fact channels underneath.
* I confess the existence of unpublished channels in the spec fails to summon any reaction other than incredulity from me, but they exist nonetheless, my incredulity notwithstanding.
* Historical channels that have been cooperatively closed are no longer normally gossiped, so the fact that they used to be channels is no longer widely broadcast, and may eventually be forgotten by most or all of the network.
* This means anyone who wants to record the historical use of Lightning will have to retain the information themselves, rather than delegating it to fullnodes everywhere.
>
> Not the strongest argument I know, but there's little point in talking
> ideal cases when we need to weaken that later again.
The point of ideal cases is to strive to approach them, not necessarily achieve them.
Just as a completely unbiased rational reasoner is almost impossible to achieve, does not mean we should give up all attempts to reduce bias.
Outpoints that used to be channels, but have now been closed using cooperative closes, will potentially no longer be widely gossiped as having once been channels, thus it may happen that they will eventually be forgotten by most of the network as once having been channels.
But if the outpoints of those channels are specially marked, then that cannot be forgotten, as the initial block download thereafter will have that history indelibly etched forevermore.
Regards,
ZmnSCPxj
ZmnSCPxj [ARCHIVE] /
npub1g5ā¦3ms3l
2023-06-09 12:56:20
in reply to nevent1qā¦84zf
Author Public Key
npub1g5zswf6y48f7fy90jf3tlcuwdmjn8znhzaa4vkmtxaeskca8hpss23ms3lPublished at
2023-06-09 12:56:20Event JSON
{
"id": "db439f3d23d5413b2502aff8a63ea63830996379026f4e659f0c56a908bfc0fc",
"pubkey": "4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861",
"created_at": 1686315380,
"kind": 1,
"tags": [
[
"e",
"cdcb20d8f8d63cc4e462299d7b2042087b535b172c963061dbb6929331fffa55",
"",
"root"
],
[
"e",
"9a3e35b66b1615390ca69424ce79cbf76beaf632c090515918068157c17535a4",
"",
"reply"
],
[
"p",
"72cd40332ec782dd0a7f63acb03e3b6fdafa6d91bd1b6125cd8b7117a1bb8057"
]
],
"content": "š
Original date posted:2019-10-01\nš Original message:\nGood morning Christian,\n\n\u003e \u003e - A standard MuSig 2-of-2 bip-schnorr SegWit v1 Funding Transaction Output, confirmed onchain\n\u003e \u003e - A \"translator transaction\" spending the above and paying out to a SegWit v16 output-tagged output, kept offchain.\n\u003e \u003e - Decker-Russell-Osuntokun update transaction, signed with `SIGHASH_NOINPUT` spending the translator transaction output.\n\u003e \u003e - Decker-Russell-Osuntokun state transaction, signed with `SIGHASH_NOINPUT` spending the update transaction output.\n\u003e\n\u003e That is very much how I was planning to implement it anyway, using a\n\u003e trigger transaction to separate timeout start and the actual\n\u003e update/settlement pairs (cfr. eltoo paper Section 4.2). So for eltoo\n\u003e there shouldn't be an issue here :-)\n\nMy understanding is that a trigger transaction is not in fact necessary for Decker-Russell-Osuntokun: any update transaction could spend the funding transaction output directly, and thereby start the relative timelock.\nAt least, if we could arrange the funding transaction output to be spendable directly using `SIGHASH_NOINPUT` or variants thereof.\n\n\n\u003e \u003e Again, the more important point is that special blockchain\n\u003e \u003e constructions should only be used in the \"bad\" unilateral close case.\n\u003e \u003e In the cooperative case, we want to use simple plain\n\u003e \u003e bip-schnorr-signed outputs getting spent to further bip-schnor/Taproot\n\u003e \u003e SegWit v1 addresses, to increase the anonymity set of all uses of\n\u003e \u003e Decker-Russell-Osuntokun and other applications that might use\n\u003e \u003e `SIGHASH_NOINPUT` in some edge case (but which resolve down to simple\n\u003e \u003e bip-schnorr-signed n-of-n cases when the protocol is completed\n\u003e \u003e successfully by all participants).\n\u003e\n\u003e While I do agree that we should keep outputs as unidentifiable as\n\u003e possible, I am starting to question whether that is possible for\n\u003e off-chain payment networks since we are gossiping about the existence of\n\u003e channels and binding them to outpoints to prove their existence anyway.\n\n* Lightning supports unpublished channels, so we do not gossip some outpoints even though they are in fact channels underneath.\n * I confess the existence of unpublished channels in the spec fails to summon any reaction other than incredulity from me, but they exist nonetheless, my incredulity notwithstanding.\n* Historical channels that have been cooperatively closed are no longer normally gossiped, so the fact that they used to be channels is no longer widely broadcast, and may eventually be forgotten by most or all of the network.\n * This means anyone who wants to record the historical use of Lightning will have to retain the information themselves, rather than delegating it to fullnodes everywhere.\n\n\u003e\n\u003e Not the strongest argument I know, but there's little point in talking\n\u003e ideal cases when we need to weaken that later again.\n\nThe point of ideal cases is to strive to approach them, not necessarily achieve them.\nJust as a completely unbiased rational reasoner is almost impossible to achieve, does not mean we should give up all attempts to reduce bias.\n\nOutpoints that used to be channels, but have now been closed using cooperative closes, will potentially no longer be widely gossiped as having once been channels, thus it may happen that they will eventually be forgotten by most of the network as once having been channels.\nBut if the outpoints of those channels are specially marked, then that cannot be forgotten, as the initial block download thereafter will have that history indelibly etched forevermore.\n\nRegards,\nZmnSCPxj",
"sig": "f11b407a45b38203206deecdfdb644871d290e7804da00bcebe5afe38d11c5e992ec2da0310170995b73cc3a8545255cf82dfcbabd233cfb54008b4fd4b1817e"
}