📅 Original date posted:2019-03-14
📝 Original message:
On Thu, Mar 14, 2019 at 05:22:59AM +0000, ZmnSCPxj via Lightning-dev wrote:
> When reading through your original post I saw you mentioned something about output tagging somehow conflicting with Taproot, so I assumed Taproot is not useable in this case.
I'm thinking of tagged outputs as "taproot plus" (ie, plus noinput),
so if you used a tagged output, you could do everything normal taproot
address could, but also do noinput sigs for them.
So you might have:
funding tx -> cooperative claim
funding tx -> update 3 [TAGGED] -> settlement 3 -> claim
funding tx -> update 3 [TAGGED] ->
update 4 [TAGGED,NOINPUT] ->
settlement 4 [TAGGED,NOINPUT] ->
claim [NOINPUT]
In the cooperative case, no output tagging needed.
For the unilateral case, you need to tag all the update tx's, because
they *could* be spend by a later update with a NOINPUT sig, and if
that actually happens, then the settlement tx also needs to use a
NOINPUT sig, and if you're using scriptless scripts to resolve HTLCs,
claiming/refunding the HTLCs needs a partially-pre-signed tx which also
needs to be a NOINPUT sig, meaning the settlement tx also needs to be
tagged in that case.
You'd only need the script path for the last case where there actually
are multiple updates, but because you have to have a tagged output in the
second case anyway, maybe you've already lost privacy and always using
NOINPUT and the script path for update and settlement tx's would be fine.
> However, it is probably more likely that I simply misunderstood what you said, so if you can definitively say that it would be possible to hide the clause "or a NOINPUT sig from A with a non-NOINPUT sig from B" behind a Taproot then I am fine.
Yeah, that's my thinking.
> Minor pointless reactions:
> > 5. if you're using scriptless scripts to do HTLCs, you'll need to
> > allow for NOINPUT sigs when claiming funds as well (and update
> > the partial signatures for the non-NOINPUT cases if you want to
> > maximise privacy), which is a bit fiddly
> If I remember accurately, we do not allow bilateral/cooperative close when HTLC is in-flight.
> However, I notice that later you point out that a non-cheating unilateral close does not need NOINPUT, so I suppose. the above thought applies to that case.
Yeah, exactly.
Trying to maximise privacy there has the disadvantage that you have to
do a new signature for every in-flight HTLC every time you update the
state, which could be a lot of signatures for very active channels.
Cheers,
aj
Anthony Towns [ARCHIVE] /
npub17r…x9l2h
2023-06-09 12:54:27
in reply to nevent1q…sqpp
Author Public Key
npub17rld56k4365lfphyd8u8kwuejey5xcazdxptserx03wc4jc9g24stx9l2hPublished at
2023-06-09 12:54:27Event JSON
{
"id": "8ea639b1097d37611a2b23e9fb1f2d97a5bec6f5c284509a141db7bfd122211b",
"pubkey": "f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab",
"created_at": 1686315267,
"kind": 1,
"tags": [
[
"e",
"86a47a61621252784fd45b6d576812ee01ce9af9bd2a53aeaae914577c5267a8",
"",
"root"
],
[
"e",
"cc32ce6981367c653b223dbca349f2f2746b351bcbda95ffda344b76a9827afd",
"",
"reply"
],
[
"p",
"4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861"
]
],
"content": "📅 Original date posted:2019-03-14\n📝 Original message:\nOn Thu, Mar 14, 2019 at 05:22:59AM +0000, ZmnSCPxj via Lightning-dev wrote:\n\u003e When reading through your original post I saw you mentioned something about output tagging somehow conflicting with Taproot, so I assumed Taproot is not useable in this case.\n\nI'm thinking of tagged outputs as \"taproot plus\" (ie, plus noinput),\nso if you used a tagged output, you could do everything normal taproot\naddress could, but also do noinput sigs for them.\n\nSo you might have:\n\n funding tx -\u003e cooperative claim\n\n funding tx -\u003e update 3 [TAGGED] -\u003e settlement 3 -\u003e claim\n\n funding tx -\u003e update 3 [TAGGED] -\u003e \n update 4 [TAGGED,NOINPUT] -\u003e \n\t\t settlement 4 [TAGGED,NOINPUT] -\u003e \n\t\t claim [NOINPUT]\n\nIn the cooperative case, no output tagging needed.\n\nFor the unilateral case, you need to tag all the update tx's, because\nthey *could* be spend by a later update with a NOINPUT sig, and if\nthat actually happens, then the settlement tx also needs to use a\nNOINPUT sig, and if you're using scriptless scripts to resolve HTLCs,\nclaiming/refunding the HTLCs needs a partially-pre-signed tx which also\nneeds to be a NOINPUT sig, meaning the settlement tx also needs to be\ntagged in that case.\n\nYou'd only need the script path for the last case where there actually\nare multiple updates, but because you have to have a tagged output in the\nsecond case anyway, maybe you've already lost privacy and always using\nNOINPUT and the script path for update and settlement tx's would be fine.\n\n\u003e However, it is probably more likely that I simply misunderstood what you said, so if you can definitively say that it would be possible to hide the clause \"or a NOINPUT sig from A with a non-NOINPUT sig from B\" behind a Taproot then I am fine.\n\nYeah, that's my thinking.\n\n\u003e Minor pointless reactions:\n\u003e \u003e 5. if you're using scriptless scripts to do HTLCs, you'll need to\n\u003e \u003e allow for NOINPUT sigs when claiming funds as well (and update\n\u003e \u003e the partial signatures for the non-NOINPUT cases if you want to\n\u003e \u003e maximise privacy), which is a bit fiddly\n\u003e If I remember accurately, we do not allow bilateral/cooperative close when HTLC is in-flight.\n\u003e However, I notice that later you point out that a non-cheating unilateral close does not need NOINPUT, so I suppose. the above thought applies to that case.\n\nYeah, exactly.\n\nTrying to maximise privacy there has the disadvantage that you have to\ndo a new signature for every in-flight HTLC every time you update the\nstate, which could be a lot of signatures for very active channels.\n\nCheers,\naj",
"sig": "3afe64d828cb7265c4ac311fde6f9694e407d1254c945b2872578504f2e0910de1dd44aea2babd87a31da923c390d899808c933cc3c93ed3ad63848e92230075"
}