From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id EF93399A for ; Wed, 17 Aug 2016 10:00:42 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from erelay3.ox.registrar-servers.com (erelay3.ox.registrar-servers.com [192.64.117.2]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 53ACC1E6 for ; Wed, 17 Aug 2016 10:00:40 +0000 (UTC) Received: from localhost (unknown [127.0.0.1]) by erelay1.ox.registrar-servers.com (Postfix) with ESMTP id 64A172200771; Wed, 17 Aug 2016 10:00:39 +0000 (UTC) Received: from erelay1.ox.registrar-servers.com ([127.0.0.1]) by localhost (erelay.ox.registrar-servers.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id njAlNolnmskr; Wed, 17 Aug 2016 06:00:38 -0400 (EDT) Received: from MTA-06.privateemail.com (unknown [10.20.150.160]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by erelay1.ox.registrar-servers.com (Postfix) with ESMTPS id 2DA222206BE5; Wed, 17 Aug 2016 06:00:38 -0400 (EDT) Received: from APP-06 (unknown [10.20.147.156]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by MTA-06.privateemail.com (Postfix) with ESMTPSA id B54C76003D; Wed, 17 Aug 2016 10:00:37 +0000 (UTC) Date: Wed, 17 Aug 2016 06:00:37 -0400 (EDT) From: Johnson Lau Reply-To: Johnson Lau To: Bitcoin Protocol Discussion , Peter Todd , Luke Dashjr Message-ID: <253352817.96000.1471428037734@privateemail.com> In-Reply-To: <201607200617.40917.luke@dashjr.org> References: <20160720054654.GA1420@fedora-21-dvm> <201607200617.40917.luke@dashjr.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Medium X-Mailer: Open-Xchange Mailer v7.8.1-Rev18 X-Originating-Client: open-xchange-appsuite X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] BIP draft: HTLC transactions X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2016 10:00:43 -0000 > On July 20, 2016 at 2:17 AM Luke Dashjr via bitcoin-dev wrote: > > On Wednesday, July 20, 2016 5:46:54 AM Peter Todd via bitcoin-dev wrote: > > > On Tue, Jul 19, 2016 at 10:35:39PM -0600, Sean Bowe via bitcoin-dev wrote: > > > > > I'm requesting feedback for Hash Time-Locked Contract (HTLC) transactions > > > in Bitcoin. > > > > > > HTLC transactions allow you to pay for the preimage of a hash. CSV/CLTV > > > can be used to recover your funds if the other party is not cooperative. > > > These > > > > > > scripts take the following general form: > > > [HASHOP] OP_EQUAL > > > OP_IF > > > > > > > > > > > > OP_ELSE > > > > > > [TIMEOUTOP] OP_DROP > > > > > > OP_ENDIF > > > OP_CHECKSIG > > > > Note that because you're hashing the top item on the stack regardless > > scriptSig's that satisfy HTLC's are malleable: that top stack item can be > > changed anything in the digest-not-provided case and the script still > > passes. > > OP_SIZE > OP_IF > [HASHOP] OP_EQUALVERIFY > > OP_ELSE > [TIMEOUTOP] > > OP_ENDIF > OP_CHECKSIG > This is incompatible with my proposal for fixing the OP_IF/NOTIF malleability in segwit ("MINIMALIF"). In this case only the timeout branch may be executed. To make it compatible, you may use one of the following 2 scripts: OP_SIZE OP_0NOTEQUAL OP_IF [HASHOP] OP_EQUALVERIFY OP_ELSE [TIMEOUTOP] OP_DROP OP_ENDIF OP_CHECKSIG or OP_IF [HASHOP] OP_EQUALVERIFY OP_ELSE [TIMEOUTOP] OP_DROP OP_ENDIF OP_CHECKSIG The overall witness size are the same for these scripts. They are 1 byte larger than Luke's script, in case MINIMALIF is not enforced. (btw, the OP_DROP after TIMEOUTOP is missing in Luke's script)