summaryrefslogtreecommitdiff
path: root/c4/2d1d311ea22234c3b8b1bf82398fac10b22d6d
blob: e07704c7cfc780e832f3039f6ea24aced35e95a9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
Return-Path: <jl2012@xbt.hk>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id EF93399A
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 17 Aug 2016 10:00:42 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from erelay3.ox.registrar-servers.com
	(erelay3.ox.registrar-servers.com [192.64.117.2])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 53ACC1E6
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 17 Aug 2016 10:00:40 +0000 (UTC)
Received: from localhost (unknown [127.0.0.1])
	by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id
	64A172200771; Wed, 17 Aug 2016 10:00:39 +0000 (UTC)
Received: from erelay1.ox.registrar-servers.com ([127.0.0.1])
	by localhost (erelay.ox.registrar-servers.com [127.0.0.1]) (amavisd-new,
	port 10024)
	with LMTP id njAlNolnmskr; Wed, 17 Aug 2016 06:00:38 -0400 (EDT)
Received: from MTA-06.privateemail.com (unknown [10.20.150.160])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by erelay1.ox.registrar-servers.com (Postfix) with ESMTPS id
	2DA222206BE5; Wed, 17 Aug 2016 06:00:38 -0400 (EDT)
Received: from APP-06 (unknown [10.20.147.156])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by MTA-06.privateemail.com (Postfix) with ESMTPSA id B54C76003D;
	Wed, 17 Aug 2016 10:00:37 +0000 (UTC)
Date: Wed, 17 Aug 2016 06:00:37 -0400 (EDT)
From: Johnson Lau <jl2012@xbt.hk>
Reply-To: Johnson Lau <jl2012@xbt.hk>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>, 
	Peter Todd <pete@petertodd.org>, Luke Dashjr <luke@dashjr.org>
Message-ID: <253352817.96000.1471428037734@privateemail.com>
In-Reply-To: <201607200617.40917.luke@dashjr.org>
References: <CAKazn3mKUMMz0wyqTsgbkd4mBLgvG2PXziXhgRTi4hX_ApbPhg@mail.gmail.com>
	<20160720054654.GA1420@fedora-21-dvm>
	<201607200617.40917.luke@dashjr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Medium
X-Mailer: Open-Xchange Mailer v7.8.1-Rev18
X-Originating-Client: open-xchange-appsuite
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] BIP draft: HTLC transactions
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2016 10:00:43 -0000


> On July 20, 2016 at 2:17 AM Luke Dashjr via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> 
> On Wednesday, July 20, 2016 5:46:54 AM Peter Todd via bitcoin-dev wrote:
> 
> > On Tue, Jul 19, 2016 at 10:35:39PM -0600, Sean Bowe via bitcoin-dev wrote:
> > 
> > > I'm requesting feedback for Hash Time-Locked Contract (HTLC) transactions
> > > in Bitcoin.
> > > 
> > > HTLC transactions allow you to pay for the preimage of a hash. CSV/CLTV
> > > can be used to recover your funds if the other party is not cooperative.
> > > These
> > > 
> > > scripts take the following general form:
> > >  [HASHOP]  OP_EQUAL
> > >  OP_IF
> > > 
> > > 
> > > 
> > > OP_ELSE
> > > 
> > >  [TIMEOUTOP] OP_DROP 
> > > 
> > > OP_ENDIF
> > >  OP_CHECKSIG
> > 
> > Note that because you're hashing the top item on the stack regardless
> > scriptSig's that satisfy HTLC's are malleable: that top stack item can be
> > changed anything in the digest-not-provided case and the script still
> > passes.
> 
> OP_SIZE
> OP_IF
>  [HASHOP] <digest> OP_EQUALVERIFY
>  <seller pubkey>
> OP_ELSE
>  <num> [TIMEOUTOP]
>  <buyer pubkey>
> OP_ENDIF
> OP_CHECKSIG
> 

This is incompatible with my proposal for fixing the OP_IF/NOTIF malleability in segwit ("MINIMALIF"). In this case only the timeout branch may be executed.

To make it compatible, you may use one of the following 2 scripts:

OP_SIZE OP_0NOTEQUAL
OP_IF
 [HASHOP] <digest> OP_EQUALVERIFY
 <seller pubkey>
OP_ELSE
 <num> [TIMEOUTOP] OP_DROP
 <buyer pubkey>
OP_ENDIF
OP_CHECKSIG

or

OP_IF
 [HASHOP] <digest> OP_EQUALVERIFY
 <seller pubkey>
OP_ELSE
 <num> [TIMEOUTOP] OP_DROP
 <buyer pubkey>
OP_ENDIF
OP_CHECKSIG

The overall witness size are the same for these scripts. They are 1 byte larger than Luke's script, in case MINIMALIF is not enforced.

(btw, the OP_DROP after TIMEOUTOP is missing in Luke's script)