pull down to refresh

I recommend Elle Mouton's HTLC Overview and HTLC Deep dive too if you feel like anything was ambiguous.
146 sats \ 1 reply \ @ek 7 Aug
Thanks, that was very helpful!
I started reading it from the beginning and got stuck on a question about revocation yesterday:
In Part 2, the revocation key system was described as follows:
  1. Alice generates a temporary private key dA1 and its corresponding public key PA1 and sends the public key to Bob.
  2. Then Alice creates a commitment transaction where the to_local_output output has a spending path that is immediately spendable by Bob if he has the private key dA1.
  3. If Alice and Bob agree to update their channel state, then the private keys for the previous state will be swapped (ie: Alice will send Bob dA1).
For some reason, I assumed that Alice would sign her commitment transaction with dA1 if she ever wants to broadcast it. But when she gives dA1 to Bob later to revoke this commitment transaction, I thought Bob could simply create, sign and broadcast her commitment transaction himself and then penalize her for it, taking all the funds of the channel. I think I had essentially the same question as someone had here.
The answer is that since all commitment transactions spend the same multisig output of the funding transaction, the commitment transactions need a signature from these private keys. And Bob does never receive Alice's private key for that signature. He can create the commitment transaction but not Alice's signature.
It's funny how stuff becomes obvious after you struggled with it for a few hours.
reply
111 sats \ 0 replies \ @k00b 7 Aug
I'm fond of reading something for a cursory understanding without taxing myself, letting it background, then repeating periodically until it's pretty much intuitive.
Trying to learn something all at once is like storing all your data in memory. I just write parts of it to disk over a day/couple of days, then try again with all the "indices" my brain made.
reply