Rusty Russell
f78ea05fc5
test-cli/extract-escape-secret: helper to get escape secret from other side.
When other side uses their escape tx, we extract the secret to we
can use our fast-escape.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
7564e3f475
test-cli/create-secret-spend-tx: more general tool to spend secret-or-delay outputs
Immediately replaces create-commit-spend-tx and create-steal-tx.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
402cd67e10
test-cli/extract-revocation-preimage: helper to get preimage from message
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
2e36affb77
test-cli/get-revocation-secret: new helper.
Give the revocation secret (or hash) for a given index number.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
ebb068e975
Escape transaction support, test tools to create/check them.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
ee3af28980
test-cli/txid-of: simple helper to get txid.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
06fe371b3f
protocol: add field so we can specify the escape fee.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
114161a6a5
test-cli/scripts/test.sh: send_after_delay()
Extract and generalize: we're about to get more.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
98d994f930
protocol: add open-complete.
This is where we expose the revocation preimages for the escape
transactions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
6a5ba591ee
signature: match alpha hashing bug for multiple inputs.
https://github.com/ElementsProject/elements/issues/37
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
c03c878afc
Split into two anchors.
This is a major change; instead of creating a mutual anchor (funding)
transaction, each side creates its own. We use escape transactions in
case anything goes wrong; these will be revoked later.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
1a46334bd7
protocol: remove new anchor ops.
We didn't implement them yet, and they'll need revision anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
11099d738f
script: dual anchor input support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
aa79887d79
script: use the normalized delay script form for commit output.
As documented in the paper; it's also two bytes shorter, and allows
us to use the exact same script for three cases.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
d053181b0b
script: add standard routines for secret-or-timedelay outputs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
bde07aa6a7
Makefile: fix make clean, depend on bitcoin/ headers.
Didn't remove program object files, nor depend on all headers.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
465c2b04e8
signature: fix -DDEBUG case, add hash printing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
8a127ab8a9
doc: clarify wording on section 3.1
StephenM347 on #lightning-dev indicated it could be clearer that
this is all about changing commitment transactions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
305b8cd27d
doc: switch signatures around in escape and commit input scripts.
Because of the way we form the redeemscripts, it's easier to have it
push B's sig then A's.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
da503c1ee1
doc: simplify anchor output script, fix users.
It's slightly clearer to do the "2" outside the branch.
Also, spending it requires the extra 0 due to OP_CHECKMULTISIG bug.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
8a4246cb36
permute: use BIP69 order.
It's a canonical ordering, rather than a random shuffle. Far simpler.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
d93eee22f5
doc: add figures from LN draft (thanks Joseph!).
Also clean up references to Appendix A.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
73ba5acca9
doc: fix flaw in escape transactions.
As reported by mmeijeri on r/Bitcoin:
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct80xpp
As the signature doesn't cover the input itself, you could replace the
secret key from the escape transaction with 0, and it will use the "A and B"
branch of the output.
(This also fixes a bug in the anchor output where the OP_IF consumed the
secret).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
ce4bdb9fe1
doc: fix error in fast-escape redeemscript.
Reported by killerstorm on reddit:
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct6jyim
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
d9c29387d1
doc: typo from roasbeef on reddit.
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct78mk9
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
e4921b9bc6
Add documentation.
First up, a draft of a paper showing the differences between the LN draft
and this.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
8f64eb90af
Switch over to CCAN's ripemd160.
Avoids handing naked u8 arrays around, too.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
0f9ae8a19f
ccan: add ripemd160
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
81e73926f3
ccan: update.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
ec399e13a4
Makefile: update-ccan: new target.
Hacky, but syncs up ccan repository.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
402f1d28a8
Update .gitignore.
Reduce the clutter.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
456a43c3b4
Clean up extra ccan dirs.
Turns out that CCAN's create-ccan-tree has a bug with submodules.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
376e5bb584
README.md: Note Elements requirement.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
a663dc322c
Remove signature leaking.
Alpha has segregated witnesses, so txid doesn't include the inputs.
That means we can create the first commit transaction before we sign
the anchor tx.
Bitcoin will need to do this differently: presumbly via new sipops
(a OP_CHECKSIG2VERIFY I imagine).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
69b2690ecb
HOWTO-USE.md: use alpha instead of bitcoind for examples.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
f510e29e22
alpha: switch over to Elements Alpha by default.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
c660629760
test.sh: (alpha) make sure that spending tx fails too soon, succeeds after delay.
This only makes sense when we have CSV support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
4011f7ae7c
create-commit-spend-tx: set alpha fields, and input locktime.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
20bb6c65aa
protocol fix: use locktime from *other* side.
Which emerged clearly when setting one side's locktime differently than
the other.
Each side specifies the (minimum) time they need to notice a fraud attempt:
this constrains the *other* side.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
66b1df4036
tx: locktime should be 0.
It doesn't matter until we start setting sequence numbers properly,
so hasn't been noticed until now.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
1075264c66
close_tx: initialize fee and input amount fields.
Required for alpha.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
90e4160862
test.sh: handle appended amounts in transactions.
cut -d: -f1 gets just the transactions, or passed through if no ":".
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
ae31431168
tx: centralize transaction writing, append amounts for alpha.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
5dc9cd16f9
create-steal-tx: actually output the steal tx, not the commit tx!
... Which reveals it wasn't paying a fee. So update fix that, and
initialize the alpha tx fields while we're there.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
9851436d4d
test.sh: restore --steal and --unilateral options
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
62a002c860
script: make DER for signature encoding optional.
Alpha does the sane thing, places signatures raw.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
faae91f3fc
Schnorr signature support.
This variation is used by alpha.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
1d82bf51fc
signature: fix invalid S check.
The even-S check was based on https://github.com/sipa/bitcoin/commit/a81cd9680
which was replaced by a low-S check in commit e0e14e43d9586409e42919f6cb955540134cda2a
Abstract out and fix the check.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
d20ddb5a90
Use libsecp256k1 instead of openssl for crypto.
We still use openssl for bignums (base58) and for ripemd.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago
Rusty Russell
5a79ef9502
Import secp256k1 (schnorr version)
Imported from: git@github.com:sipa/secp256k1.git schnorr3 (0ab0b47)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
10 years ago