From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8636CC016F for ; Sat, 13 Jun 2020 01:20:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 6F40687FAF for ; Sat, 13 Jun 2020 01:20:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tvsM0bsM4MNE for ; Sat, 13 Jun 2020 01:20:26 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail4.protonmail.ch (mail4.protonmail.ch [185.70.40.27]) by whitealder.osuosl.org (Postfix) with ESMTPS id 6146287FA1 for ; Sat, 13 Jun 2020 01:20:26 +0000 (UTC) Date: Sat, 13 Jun 2020 01:20:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail; t=1592011224; bh=SzwR6pYxJFnPjMAIRfPUqYk0PdR11SleqX0LDDHHEF4=; h=Date:To:From:Cc:Reply-To:Subject:In-Reply-To:References:From; b=qufFtNv+Td8bSue1x9BBfqYNPlrYzmipm/03CX7lIVBJfe75IHg9D+GTseLqi5vGq 70REeqL9Y2Uu3dOF3L3ov76jniNSSZVpP1CiCEO4sUI7ecp6k4Qjkt44P8Jxu9P+oI xe91whgeU6KVJ//RyMhHZNylGH5k/eOGZjVAwP3k= To: ZmnSCPxj , Bitcoin Protocol Discussion From: ZmnSCPxj Reply-To: ZmnSCPxj Message-ID: <7BPgx65Eh5HE5wLIqeG9G-bdsxxkDJJIzcyOJvS6_FIxXfA10sbFe5dfwQDNiEOExZ9Y72lHq88lKzcBRIFnYGFY5I2vwk6Dg7BcCMjmS2Y=@protonmail.com> In-Reply-To: References: <7cWQJzkWNEZCI2fYYrJCFxrmGfDGFAtsOyGpXRmB-g4Qhm2jzhyxLtuOIpJAr2CMJjAjri12lmR-h96ev3NWqaTgDtc_NN0yhyVxuIlBuzU=@protonmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [bitcoin-dev] CoinPool, exploring generic payment pools for Fun and Privacy X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Jun 2020 01:20:28 -0000 Good morning Antoine, By dropping the requirement that a participant can seamlessly leave the Coi= nPool, it allows participants to split up their coins among new aliases and= to use a different identity for later claiming coins. With WabiSabi, none of the other participants can get a mapping between cur= rent-state aliases and the actual participants. Now, in order to authorize moving coins from an output on the current state= to a new output on the next state, obviously the pool needs to get a signa= ture from its current owner. Ideally, we would not want to have to implement SCRIPT inside the CoinPool = software. And with Taproot, a pubkey can hide one or more SCRIPTs. If we use pubkeys as the identities of owners of coins, then it allows an a= lias to encode a SCRIPT. With the combination of both features, we can instantiate HTLCs (or, with `= SIGHASH_ANYPREVOUT`, PTLCs) inside a CoinPool "alias" pubkey identity, allo= wing for interoperation with LN. Now suppose I have 1.0 BTC in a CoinPool. I want to make an HTLC with you (hashlocked to you, timelocked to me), for = 0.5 BTC. I encode the HTLC SCRIPT, and put it into a Taproot whose internal pubkey i= s a MuSig of fresh identities of mine and yours. Then, inside the CoinPool, I split my 1.0BTC to a 0.5BTC coin to a fresh id= entity of mine, and 0.5BTC to our HTLC Taproot. If you can acquire the hash, you give it to me, and I am supposed to hand y= ou a partial signature share to the HTLC Taproot that you can later complet= e and present to the CoinPool in the next update round in order to get the = HTLC value. If I do not hand you the signature share even after you hand the hash, you = just drop the entire CoinPool onchain, instantiating the HTLC Taproot outpu= t onchain, and using the SCRIPT branch to claim using the hash you know. If the timelock expires, I ask you to hand over your partial signature to t= he HTLC Taproot that I can later complete and present to the CoinPool in th= e next update round to recover the HTLC value. If you do not hand over the signature share, I drop the CoinPool onchain, w= hich instantiates the HTLC Taproot output onchain, and use the SCRIPT branc= h to claim using the timelock branch. You can also ask to abort the HTLC "early", before the timelock expires, by= handing over your partial signature to the HTLC Taproot, which I can later= complete and present to the CoinPool in the next update round. This is equivalent to `update_fail_htlc` in the current LN BOLT spec. This allows operation of any SCRIPT, incidentally, without requiring that C= oinPool software include a SCRIPT interpreter, only signature validation. Any time an output absolutely needs a SCRIPT, we just drop the CoinPool onc= hain and let onchain handle the SCRIPT interpretation. Regards, ZmnSCPxj