📅 Original date posted:2015-07-24
📝 Original message:
Ah sorry, that only solves the Commitment Transactions, not the HTLC
outputs. It's also not possible to use the pubkeys as identifiers, as
Rusty said, P2SH would be used.
While it's possible to only check only recent blocks before the
Commitment Transaction for the search space (e.g. 3 days worth), since
you know when the Commitment Transaction was broadcast, the search space
limitation sort of breaks down if you permit long-dated HTLCs.
Worst-case it may be possible to have long-dated HTLCs on a seperate
hash-tree, but it's not an ideal solution.
In retrospect, this P2SH problem is somewhat exacerbated by the fact
that the timeout being different numbers as well, so ideally that should
be stored as part of the output. The tradeoff between having the entire
script in the output (which results in larger transactions), and using
P2SH (which reduces bits of entropy/identifiability) is a bit of a
problem. For some reason, I've always assumed the output would be
included (ignoring isStandard issues), but that may not be optimal.
For now, I think a reasonable stop-gap solution would be to have some
small storage of prior commitment transactions. For every commitment,
and each HTLC output, store the timeout and the original Commitment
Transaction height when the HTLC was first made. That should be enough
information to work with (you can work backwards if you know which
Commitment Transaction the HTLC was first created) and amounts to 48
bits (6 bytes) of storage per HTLC output per fully expired Commitment
Transaction. I generally dislike OP_RETURN as a solution, but it's
possible.
Thanks for bringing this up, I haven't really properly considered this!
--
Joseph Poon
Joseph Poon [ARCHIVE] /
npub1ej…p9cq8
2023-06-09 12:43:44
in reply to nevent1q…rfl9
Author Public Key
npub1ej6vep7y2km5l6awukffelg8yeppkth2vjkjk9jypd5w336rxggs3p9cq8Published at
2023-06-09 12:43:44Event JSON
{
"id": "2d8ec8ebe9462c48b01da6c5bd96c8346063bfb5a36e2f6dbb332e3f24790af2",
"pubkey": "ccb4cc87c455b74febaee5929cfd0726421b2eea64ad2b16440b68e8c7433211",
"created_at": 1686314624,
"kind": 1,
"tags": [
[
"e",
"70bc73032209813d1efbd8c41b490ea29a02fc5941bbed8bed53cf49c33f8564",
"",
"root"
],
[
"e",
"0d8c7054fe1f11e4874c7d786390b14566806af02252a0d5c46f6aeab45fd675",
"",
"reply"
],
[
"p",
"ccb4cc87c455b74febaee5929cfd0726421b2eea64ad2b16440b68e8c7433211"
]
],
"content": "📅 Original date posted:2015-07-24\n📝 Original message:\nAh sorry, that only solves the Commitment Transactions, not the HTLC\noutputs. It's also not possible to use the pubkeys as identifiers, as\nRusty said, P2SH would be used.\n\nWhile it's possible to only check only recent blocks before the\nCommitment Transaction for the search space (e.g. 3 days worth), since\nyou know when the Commitment Transaction was broadcast, the search space\nlimitation sort of breaks down if you permit long-dated HTLCs.\n\nWorst-case it may be possible to have long-dated HTLCs on a seperate\nhash-tree, but it's not an ideal solution.\n\nIn retrospect, this P2SH problem is somewhat exacerbated by the fact\nthat the timeout being different numbers as well, so ideally that should\nbe stored as part of the output. The tradeoff between having the entire\nscript in the output (which results in larger transactions), and using\nP2SH (which reduces bits of entropy/identifiability) is a bit of a\nproblem. For some reason, I've always assumed the output would be\nincluded (ignoring isStandard issues), but that may not be optimal.\n\nFor now, I think a reasonable stop-gap solution would be to have some\nsmall storage of prior commitment transactions. For every commitment,\nand each HTLC output, store the timeout and the original Commitment\nTransaction height when the HTLC was first made. That should be enough\ninformation to work with (you can work backwards if you know which\nCommitment Transaction the HTLC was first created) and amounts to 48\nbits (6 bytes) of storage per HTLC output per fully expired Commitment\nTransaction. I generally dislike OP_RETURN as a solution, but it's\npossible.\n\nThanks for bringing this up, I haven't really properly considered this!\n\n-- \nJoseph Poon",
"sig": "7833d1bb420233e435c3ae3d5bf8a277c8683591e4440ed197dd9b26f079a047ee6df2a0b89c6c5a63083f85e485066b98c5df946413998758e397e2dcdeee9b"
}