bitcoin-dev

OP_Expire and Coinbase-Like Behavior: Making HTLCs Safer by Letting Transactions Expire Safely

OP_Expire and Coinbase-Like Behavior: Making HTLCs Safer by Letting Transactions Expire Safely

Original Postby Peter Todd

Posted on: October 21, 2023 10:31 UTC

The email discusses a clever idea that aims to prevent a specific attack.

However, it is pointed out that the proposed solution does not effectively address the attack. The situation is explained using an example involving two individuals named Carol and Bob. Previously, only one person, Carol, could perform the attack known as the replacement cycling attack. However, with the implementation of the "anyone-can-spend" branch, multiple individuals, including miners, can now perform the attack and benefit from it.From Bob's perspective, this new situation poses a risk of not being able to learn about the preimage in time and consequently failing to redeem the received HTLC (Hashed Time-Lock Contract) output. On the other hand, Carol's viewpoint remains relatively unchanged. They still have the opportunity to successfully spend the offered HTLC output after the redeemed HTLC output times out, or they may fail. It is not relevant to Carol whether the failure occurs because Bob received their refund or if someone else spent the offered HTLC output via the anyone-can-spend path.Additionally, the proposed solution is deemed inferior to another method called OP_Expire for several reasons. One important drawback is that the anyone-can-spend branch imposes a strict deadline for Bob. In contrast, with OP_Expire, once the HTLC preimage branch has expired, Bob has the flexibility to spend the offered HTLC output at their convenience, as they are the only party with the ability to do so. However, it is noted that with full-RBF (Replace-By-Fee), anyone can execute the code on behalf of miners, except in cases where the replacement is not possible due to the RBF anti-Denial-of-Service rules. The email also mentions that people are already utilizing this approach to manipulate signature-less ordinal transactions.For more information, you can visit Peter Todd's website at https://petertodd.org or contact him at peter@petertodd.org.