bitcoin-dev
OP_Expire and Coinbase-Like Behavior: Making HTLCs Safer by Letting Transactions Expire Safely
Posted on: November 2, 2023 05:24 UTC
In the email, Antoine discusses a potential solution to advanced replacement cycling attacks in the context of lightning spending paths.
He mentions the concept of a reverse time-lock where a lightning spending path becomes invalid after a block height or epoch point. Antoine explains that this solution would not only apply to HTLC-preimage spending paths but also to channel commitment paths.
Antoine points out that under the lightning protocol semantics, both channel commitments can be valid as neither counterparty can trust the other to timely broadcast a commitment state and claim time-sensitive HTLCs. However, he argues that the new reverse time-lock semantic merely shifts the security risk from one counterparty to the other.
Antoine suggests that a forwarding node could receive the preimage off-chain from the payee and block any attempt by the payee to broadcast its commitment transaction before the reverse time-lock expires. This raises concerns about the fairness and trustworthiness of the system.
Additionally, Antoine proposes another solution that involves removing counterparty malleability in setting package total fees and pre-committing fee-bumping reserves. However, he acknowledges that this approach may require a high level of total reserve for each channel.
Overall, Antoine explores the complexities and potential solutions related to advanced replacement cycling attacks in lightning spending paths, highlighting the need for careful consideration of security risks and trade-offs in the design of such systems.
[Link: https://github.com/ariard/bitcoin/commits/2023-10-test-mempool-2]