lightning-dev

Transaction revocation within transaction malleability via anyone-can-revoke hashlocks

Transaction revocation within transaction malleability via anyone-can-revoke hashlocks

Original Postby Rusty Russell

Posted on: April 27, 2017 01:19 UTC

ZmnSCPxj proposes a solution to the problem of transaction malleability, which allows fraudulent receivers to burn coins by invalidating revocation transactions.

The proposed method involves creating a revocable output with a revocation key that is known only to the receiver. The output can be spent after a certain period of time by either the receiver, sender (if they know the key), or anyone who knows the key (after a shorter period of time). If the output is revoked, the receiver must prevent everyone who has the key from accessing the Bitcoin network during a one-day period between the two spending periods. This prevents anyone from claiming the receiver's coins if the sender is unavailable. The proposal also addresses issues related to denial-of-service attacks and the need for bounty hunters to prevent fraud. Rusty points out that this proposal eliminates the need for a "burn window," but still allows attackers to steal coins, particularly if they are miners. Rusty suggests that Tadge's watchers could be used to prevent DoS attacks, but they are subject to malleation. The Lightning Network paper had suggested adding a TX_NOINPUT sighash flag to allow watchers to operate even in the case of malleation, but this would require a soft fork, making it better to wait for SegWit.