7564e3f475
test-cli/create-secret-spend-tx: more general tool to spend secret-or-delay outputs
...
Immediately replaces create-commit-spend-tx and create-steal-tx.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
402cd67e10
test-cli/extract-revocation-preimage: helper to get preimage from message
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
2e36affb77
test-cli/get-revocation-secret: new helper.
...
Give the revocation secret (or hash) for a given index number.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
ebb068e975
Escape transaction support, test tools to create/check them.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:11 +09:30
ee3af28980
test-cli/txid-of: simple helper to get txid.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
06fe371b3f
protocol: add field so we can specify the escape fee.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
114161a6a5
test-cli/scripts/test.sh: send_after_delay()
...
Extract and generalize: we're about to get more.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
98d994f930
protocol: add open-complete.
...
This is where we expose the revocation preimages for the escape
transactions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
6a5ba591ee
signature: match alpha hashing bug for multiple inputs.
...
https://github.com/ElementsProject/elements/issues/37
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
c03c878afc
Split into two anchors.
...
This is a major change; instead of creating a mutual anchor (funding)
transaction, each side creates its own. We use escape transactions in
case anything goes wrong; these will be revoked later.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
1a46334bd7
protocol: remove new anchor ops.
...
We didn't implement them yet, and they'll need revision anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
11099d738f
script: dual anchor input support.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
aa79887d79
script: use the normalized delay script form for commit output.
...
As documented in the paper; it's also two bytes shorter, and allows
us to use the exact same script for three cases.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
d053181b0b
script: add standard routines for secret-or-timedelay outputs.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
bde07aa6a7
Makefile: fix make clean, depend on bitcoin/ headers.
...
Didn't remove program object files, nor depend on all headers.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
465c2b04e8
signature: fix -DDEBUG case, add hash printing.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:10 +09:30
8a127ab8a9
doc: clarify wording on section 3.1
...
StephenM347 on #lightning-dev indicated it could be clearer that
this is all about changing commitment transactions.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 16:00:07 +09:30
305b8cd27d
doc: switch signatures around in escape and commit input scripts.
...
Because of the way we form the redeemscripts, it's easier to have it
push B's sig then A's.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-24 15:59:58 +09:30
da503c1ee1
doc: simplify anchor output script, fix users.
...
It's slightly clearer to do the "2" outside the branch.
Also, spending it requires the extra 0 due to OP_CHECKMULTISIG bug.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 16:39:52 +09:30
8a4246cb36
permute: use BIP69 order.
...
It's a canonical ordering, rather than a random shuffle. Far simpler.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 14:07:44 +09:30
d93eee22f5
doc: add figures from LN draft (thanks Joseph!).
...
Also clean up references to Appendix A.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 14:07:40 +09:30
73ba5acca9
doc: fix flaw in escape transactions.
...
As reported by mmeijeri on r/Bitcoin:
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct80xpp
As the signature doesn't cover the input itself, you could replace the
secret key from the escape transaction with 0, and it will use the "A and B"
branch of the output.
(This also fixes a bug in the anchor output where the OP_IF consumed the
secret).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-20 14:07:25 +09:30
ce4bdb9fe1
doc: fix error in fast-escape redeemscript.
...
Reported by killerstorm on reddit:
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct6jyim
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-18 20:40:30 +09:30
d9c29387d1
doc: typo from roasbeef on reddit.
...
https://www.reddit.com/r/Bitcoin/comments/3dlxw4/reaching_the_ground_with_lightning_lightning/ct78mk9
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-18 19:32:37 +09:30
e4921b9bc6
Add documentation.
...
First up, a draft of a paper showing the differences between the LN draft
and this.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-18 10:46:53 +09:30
8f64eb90af
Switch over to CCAN's ripemd160.
...
Avoids handing naked u8 arrays around, too.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:43:36 +09:30
0f9ae8a19f
ccan: add ripemd160
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:26:13 +09:30
81e73926f3
ccan: update.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:25:31 +09:30
ec399e13a4
Makefile: update-ccan: new target.
...
Hacky, but syncs up ccan repository.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:25:09 +09:30
402f1d28a8
Update .gitignore.
...
Reduce the clutter.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:25:01 +09:30
456a43c3b4
Clean up extra ccan dirs.
...
Turns out that CCAN's create-ccan-tree has a bug with submodules.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-09 15:24:14 +09:30
376e5bb584
README.md: Note Elements requirement.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 14:03:45 +09:30
a663dc322c
Remove signature leaking.
...
Alpha has segregated witnesses, so txid doesn't include the inputs.
That means we can create the first commit transaction before we sign
the anchor tx.
Bitcoin will need to do this differently: presumbly via new sipops
(a OP_CHECKSIG2VERIFY I imagine).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 14:00:54 +09:30
69b2690ecb
HOWTO-USE.md: use alpha instead of bitcoind for examples.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 13:39:27 +09:30
f510e29e22
alpha: switch over to Elements Alpha by default.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 13:36:25 +09:30
c660629760
test.sh: (alpha) make sure that spending tx fails too soon, succeeds after delay.
...
This only makes sense when we have CSV support.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 10:47:29 +09:30
4011f7ae7c
create-commit-spend-tx: set alpha fields, and input locktime.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 10:45:43 +09:30
20bb6c65aa
protocol fix: use locktime from *other* side.
...
Which emerged clearly when setting one side's locktime differently than
the other.
Each side specifies the (minimum) time they need to notice a fraud attempt:
this constrains the *other* side.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 10:44:49 +09:30
66b1df4036
tx: locktime should be 0.
...
It doesn't matter until we start setting sequence numbers properly,
so hasn't been noticed until now.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-03 10:44:44 +09:30
1075264c66
close_tx: initialize fee and input amount fields.
...
Required for alpha.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:55:11 +09:30
90e4160862
test.sh: handle appended amounts in transactions.
...
cut -d: -f1 gets just the transactions, or passed through if no ":".
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:55:11 +09:30
ae31431168
tx: centralize transaction writing, append amounts for alpha.
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:55:11 +09:30
5dc9cd16f9
create-steal-tx: actually output the steal tx, not the commit tx!
...
... Which reveals it wasn't paying a fee. So update fix that, and
initialize the alpha tx fields while we're there.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:55:03 +09:30
9851436d4d
test.sh: restore --steal and --unilateral options
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
62a002c860
script: make DER for signature encoding optional.
...
Alpha does the sane thing, places signatures raw.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
faae91f3fc
Schnorr signature support.
...
This variation is used by alpha.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
1d82bf51fc
signature: fix invalid S check.
...
The even-S check was based on https://github.com/sipa/bitcoin/commit/a81cd9680
which was replaced by a low-S check in commit e0e14e43d9586409e42919f6cb955540134cda2a
Abstract out and fix the check.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
d20ddb5a90
Use libsecp256k1 instead of openssl for crypto.
...
We still use openssl for bignums (base58) and for ripemd.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
5a79ef9502
Import secp256k1 (schnorr version)
...
Imported from: git@github.com:sipa/secp256k1.git schnorr3 (0ab0b47)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
fbe63124f6
Move DER encoding into bitcoin/signature.c
...
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2015-07-01 16:27:52 +09:30
Rusty Russell