2023 Mar 14

• Reread my Crypto Snapshot February 2022 article. I’ve really come a long way in my understanding of things. Interesting to see the beginning of me really questioning things in crypto.

• SIGHASH_NOINPUT. Sighash flags can modify verification for what signatures need to commit to. SIGHASH_NOINPUT means a signature doesn’t have to sign the input of a transaction, and so you can change what output a transaction spends after signing. This is helpful for eltoo because it allows for channel update transactions to spend from any previous channel state transaction if broadcasted (or any transaction that uses this flag). However, on it’s own this would mean that previous channel update transactions could spend from future ones, so they introduce another restriction of sequence numbers (didn’t learn exactly how, smth with nLocktime).

  • Question: is it possible that on-chain you have two outputs that spend to SIGHASH_NO_INPUT, and when you broadcast your transaction, someone could use it to spend from the other output? I guess the funds are still going to the same place but that seems dangerous?

• Let’s say your channel partner publishes revoked state. Now you broadcast a penalty tx to punish them. Is it possible that they could broadcast a transaction with a high enough fee, that miner’s would prefer to wait the delay and accept that transaction instead? I guess in that case you could still increase your own fee, but this is still pretty bad right?

  • I think this might be called a bribery attack? Think I saw something about this in MAD-HTLC

• HSM stands for Hardware Security Module, it’s a physical device for extra security

• This looks worth: syntax highlighting pager for git, diffs, grep