public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Johnson Lau <jl2012@xbt.hk>
To: Bitcoin Protocol Discussion
	<bitcoin-dev@lists.linuxfoundation.org>,
	 Peter Todd <pete@petertodd.org>, Luke Dashjr <luke@dashjr.org>
Subject: Re: [bitcoin-dev] BIP draft: HTLC transactions
Date: Wed, 17 Aug 2016 06:00:37 -0400 (EDT)	[thread overview]
Message-ID: <253352817.96000.1471428037734@privateemail.com> (raw)
In-Reply-To: <201607200617.40917.luke@dashjr.org>


> On July 20, 2016 at 2:17 AM Luke Dashjr via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
> 
> On Wednesday, July 20, 2016 5:46:54 AM Peter Todd via bitcoin-dev wrote:
> 
> > On Tue, Jul 19, 2016 at 10:35:39PM -0600, Sean Bowe via bitcoin-dev wrote:
> > 
> > > I'm requesting feedback for Hash Time-Locked Contract (HTLC) transactions
> > > in Bitcoin.
> > > 
> > > HTLC transactions allow you to pay for the preimage of a hash. CSV/CLTV
> > > can be used to recover your funds if the other party is not cooperative.
> > > These
> > > 
> > > scripts take the following general form:
> > >  [HASHOP]  OP_EQUAL
> > >  OP_IF
> > > 
> > > 
> > > 
> > > OP_ELSE
> > > 
> > >  [TIMEOUTOP] OP_DROP 
> > > 
> > > OP_ENDIF
> > >  OP_CHECKSIG
> > 
> > Note that because you're hashing the top item on the stack regardless
> > scriptSig's that satisfy HTLC's are malleable: that top stack item can be
> > changed anything in the digest-not-provided case and the script still
> > passes.
> 
> OP_SIZE
> OP_IF
>  [HASHOP] <digest> OP_EQUALVERIFY
>  <seller pubkey>
> OP_ELSE
>  <num> [TIMEOUTOP]
>  <buyer pubkey>
> OP_ENDIF
> OP_CHECKSIG
> 

This is incompatible with my proposal for fixing the OP_IF/NOTIF malleability in segwit ("MINIMALIF"). In this case only the timeout branch may be executed.

To make it compatible, you may use one of the following 2 scripts:

OP_SIZE OP_0NOTEQUAL
OP_IF
 [HASHOP] <digest> OP_EQUALVERIFY
 <seller pubkey>
OP_ELSE
 <num> [TIMEOUTOP] OP_DROP
 <buyer pubkey>
OP_ENDIF
OP_CHECKSIG

or

OP_IF
 [HASHOP] <digest> OP_EQUALVERIFY
 <seller pubkey>
OP_ELSE
 <num> [TIMEOUTOP] OP_DROP
 <buyer pubkey>
OP_ENDIF
OP_CHECKSIG

The overall witness size are the same for these scripts. They are 1 byte larger than Luke's script, in case MINIMALIF is not enforced.

(btw, the OP_DROP after TIMEOUTOP is missing in Luke's script)


      parent reply	other threads:[~2016-08-17 10:00 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-20  4:35 [bitcoin-dev] BIP draft: HTLC transactions Sean Bowe
2016-07-20  5:46 ` Peter Todd
2016-07-20  6:17   ` Luke Dashjr
2016-08-09  0:46     ` Peter Todd
2016-08-17 10:00     ` Johnson Lau [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=253352817.96000.1471428037734@privateemail.com \
    --to=jl2012@xbt.hk \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=luke@dashjr.org \
    --cc=pete@petertodd.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox