Thanks AJ for the updated BIP - very exciting!
I'm also interested in this in the context of a Taproot version of Decker-Russell-Osuntokun (eltoo). Thanks ZmnSCPxj for summarizing your thoughts on how this would work. I have had some difficulty understanding when someone might want to use ANYPREVOUT vs. ANYPREVOUTANYSCRIPT and this is a clever demonstration of how the differences can be exploited.
I sketched out the protocol you described to help my understand it (below) and some questions came to mind:
1) If you do a collaborative close, would you need to use script-path spending, or could you use key-path spending instead to improve privacy?
2) You mention 1.5 round trips for the (two party) MuSig signing session. Must there be separate 1.5 round trips for each of the two signatures produced (update, settlement) for each state update?
3) A related question: can the 1.5 round trips for signing be combined with the 1.5 round trips required to update the channel (ie. A signs settlement tx, B signs settlement & update txs, A signs update tx)?
Perhaps something like this:
-> A provides partial signature for settlement tx
<- B provides complete signature for settlement tx and partial signature for update tx
-> A provides complete signature for update tx
4) I'm not sure why AJ's formulation included an addition sig(X), but otherwise is it similar to what you're suggesting?
All the best,
-- Richard
------- my interpretation of your scheme ----
[Fund Channel]
|
|
|
v
P=Musig(A,B)+scripts (Taproot internal key, aka script path key?)
Q=Musig(A,B) (Taproot output key, aka root key?)
OR ----------- [Cooperative Close]
||| Sig(Q) -----+
||| |----> Sig(A)...
||| |
||| |----> Sig(B)...
|||
|||
||+-->[Update(n)]
|| nlocktime/state > n
|| Sig(P)+ANYPREVOUTANYSCRIPT
||
|| OR ---------->[Settle(n)] [Uncooperative Close @ state n]
|| | Sig(P)+ANYPREVOUT
|| | csv [delay] --------+---> Sig(A)... [HTLCs & Settled
|| | | Outputs ]
|| | |---> Sig(B)...
|| v
|+---->[Update(n+1)]
| nlocktime/state > n+1
| Sig(P)+ANYPREVOUTANYSCRIPT
|
| OR ----------->[Settle(n+1)] [Uncooperative Close @ state n+1]
| | Sig(P)+ANYPREVOUT
| | csv [delay] -------+---> Sig(A)... [HTLCs & Settled
| | | Outputs ]
v v |---> Sig(B)...
On Fri, Jul 10, 2020 at 5:30 AM ZmnSCPxj via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote: