From: Johnson Lau <jl2012@xbt.hk>
To: Bitcoin Protocol Discussion
<bitcoin-dev@lists.linuxfoundation.org>,
Peter Todd <pete@petertodd.org>, Luke Dashjr <luke@dashjr.org>
Subject: Re: [bitcoin-dev] BIP draft: HTLC transactions
Date: Wed, 17 Aug 2016 06:00:37 -0400 (EDT) [thread overview]
Message-ID: <253352817.96000.1471428037734@privateemail.com> (raw)
In-Reply-To: <201607200617.40917.luke@dashjr.org>
> On July 20, 2016 at 2:17 AM Luke Dashjr via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> On Wednesday, July 20, 2016 5:46:54 AM Peter Todd via bitcoin-dev wrote:
>
> > On Tue, Jul 19, 2016 at 10:35:39PM -0600, Sean Bowe via bitcoin-dev wrote:
> >
> > > I'm requesting feedback for Hash Time-Locked Contract (HTLC) transactions
> > > in Bitcoin.
> > >
> > > HTLC transactions allow you to pay for the preimage of a hash. CSV/CLTV
> > > can be used to recover your funds if the other party is not cooperative.
> > > These
> > >
> > > scripts take the following general form:
> > > [HASHOP] OP_EQUAL
> > > OP_IF
> > >
> > >
> > >
> > > OP_ELSE
> > >
> > > [TIMEOUTOP] OP_DROP
> > >
> > > OP_ENDIF
> > > OP_CHECKSIG
> >
> > Note that because you're hashing the top item on the stack regardless
> > scriptSig's that satisfy HTLC's are malleable: that top stack item can be
> > changed anything in the digest-not-provided case and the script still
> > passes.
>
> OP_SIZE
> OP_IF
> [HASHOP] <digest> OP_EQUALVERIFY
> <seller pubkey>
> OP_ELSE
> <num> [TIMEOUTOP]
> <buyer pubkey>
> OP_ENDIF
> OP_CHECKSIG
>
This is incompatible with my proposal for fixing the OP_IF/NOTIF malleability in segwit ("MINIMALIF"). In this case only the timeout branch may be executed.
To make it compatible, you may use one of the following 2 scripts:
OP_SIZE OP_0NOTEQUAL
OP_IF
[HASHOP] <digest> OP_EQUALVERIFY
<seller pubkey>
OP_ELSE
<num> [TIMEOUTOP] OP_DROP
<buyer pubkey>
OP_ENDIF
OP_CHECKSIG
or
OP_IF
[HASHOP] <digest> OP_EQUALVERIFY
<seller pubkey>
OP_ELSE
<num> [TIMEOUTOP] OP_DROP
<buyer pubkey>
OP_ENDIF
OP_CHECKSIG
The overall witness size are the same for these scripts. They are 1 byte larger than Luke's script, in case MINIMALIF is not enforced.
(btw, the OP_DROP after TIMEOUTOP is missing in Luke's script)
prev parent reply other threads:[~2016-08-17 10:00 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-20 4:35 [bitcoin-dev] BIP draft: HTLC transactions Sean Bowe
2016-07-20 5:46 ` Peter Todd
2016-07-20 6:17 ` Luke Dashjr
2016-08-09 0:46 ` Peter Todd
2016-08-17 10:00 ` Johnson Lau [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=253352817.96000.1471428037734@privateemail.com \
--to=jl2012@xbt.hk \
--cc=bitcoin-dev@lists.linuxfoundation.org \
--cc=luke@dashjr.org \
--cc=pete@petertodd.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox