public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: ZmnSCPxj <ZmnSCPxj@protonmail.com>
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>,
	Bitcoin Protocol Discussion
	<bitcoin-dev@lists.linuxfoundation.org>
Cc: Dr Maxim Orlovsky <orlovsky@protonmail.com>
Subject: Re: [bitcoin-dev] Storm: escrowed storage and messaging at L2/L3
Date: Wed, 21 Aug 2019 07:32:25 +0000	[thread overview]
Message-ID: <x1b18QXzxALwxxp8ehwcB7XORizrw5vOJ9BNXWpXbd2SJgUra-AFIyTgnM_yxKEtCg_frZcz916NLmm-pTsCD4Z7aOFprdQ_W87mHnn8vYg=@protonmail.com> (raw)
In-Reply-To: <6o-9VFKLR0h4CUf_fUN1rAqwTTZMlxk2CwwHSbuuvesIapG8ySj4KyHyUmHRh8rf7Lc2urCX8vw7tmlkP60SfvS3VyWnauD25_E8psrcx7I=@protonmail.com>

Good morning Maxim,

The Deaf Bob Attack
===================

It seems to me that Bob can promote the N3 problem to the N2 problem.

Suppose Alice contacts Bob to get the data.
However, Bob happens to have lost the data in a tragic boating accident.

Now, supposedly what Alice does in this case would be to broadcast the HTLC settlement transaction, whose signature was provided by Bob during protocol setup.

But this seems unworkable.

* If Bob managed to sign the HTLC settlement transaction, what `SIGHASH` flags did Bob sign with?
  * If it was `SIGHASH_ALL` or `SIGHASH_SINGLE`, then Bob already selected the decryption key at setup time.
  * If it was `SIGHASH_NONE`, then Alice could put any SCRIPT, including `<Alice> OP_CHECKSIG`.

If Bob already selected the decryption key at setup time, then Bob can ignore Alice.

* If Alice does not publish the HTLC settlement transaction, then Bob will eventually enter the N2 state and get the stake+reward.
* If Alice *does* publish the HTLC settlement transaction, without Bob giving the encrypted data, then Bob can just use the hashlock and reveal the decryption key.
  * The decryption key is useless without the encrypted data!

It seems this part is not workable?
As the decryption key is embedded in the HTLC, Alice cannot get a signature from Bob without the decryption key already being selected by Bob (and thus already claimable even without any data being returned by Bob).


Regards,
ZmnSCPxj


  reply	other threads:[~2019-08-21  7:32 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-19 22:08 [bitcoin-dev] Storm: escrowed storage and messaging at L2/L3 Dr Maxim Orlovsky
2019-08-21  4:14 ` ZmnSCPxj
2019-08-21  7:32   ` ZmnSCPxj [this message]
2019-08-21  9:33     ` Stefan Richter
2019-08-21 17:04     ` Dr Maxim Orlovsky
2019-08-21 10:51   ` Dr Maxim Orlovsky
2019-08-21 12:48     ` ZmnSCPxj
     [not found]   ` <A733B8A1-2E88-47F4-A6CF-C56C84E8FF9A@pandoracore.com>
2019-08-21 12:12     ` ZmnSCPxj

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='x1b18QXzxALwxxp8ehwcB7XORizrw5vOJ9BNXWpXbd2SJgUra-AFIyTgnM_yxKEtCg_frZcz916NLmm-pTsCD4Z7aOFprdQ_W87mHnn8vYg=@protonmail.com' \
    --to=zmnscpxj@protonmail.com \
    --cc=bitcoin-dev@lists.linuxfoundation.org \
    --cc=orlovsky@protonmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox