aljaz/specs
1
1
Fork 0
mirror of https://github.com/bits-wallet/specs.git synced 2025-12-17 13:44:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update 02.md

Browse Source
This commit is contained in:
brqgoo
2023-02-07 22:55:47 +03:00
committed by GitHub
parent 42bb4d65a1
commit 3251e847e0
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
02.md
View File

@@ -26,17 +26,19 @@ Inconvenient for onboarding new users who have no UTXO possession in the beginni
## Specification ## Specification
This BDS proposes a non-interactive channel opening scheme called _channel addresses_. _Channel addresses_ make it possible to craft on-chain bitcoin addresses such that when funded, becomes a payment channel between _to_self_ and _to_remote_, where the channel funds are initially kept on _to_self_ side. This BDS proposes a non-interactive channel opening scheme called _channel addresses_. _Channel addresses_ make it possible to craft on-chain bitcoin addresses such that when funded, becomes a payment channel between _to_self_ and _to_remote_, where the channel funds are initially kept on _to_self_ side.
The specification first defines how to derive child public keys from a parent _npub_ using plain tweaking. Then passing derived child keys to key aggregation algorithm (KeyAgg) to obtain the aggregate public key for BIP340 verification. And finally applying X-only tweaking to 2-of-2 aggregate public key to add a single-leaf script path spend. The added script path spend enforces a non-interactive refund closure. The refund closure permits _to_self_ to spend funds after a relative locktime, similar to pre-segwit timeout channel design. The specification first defines how to derive child public keys from a parent _npub_ using plain tweaking. Then passing derived child keys to key aggregation algorithm (KeyAgg) to obtain the aggregate public key, and finally applying an x-only tweak to 2-of-2 aggregate public key to add a single-leaf script path. The added script path enforces a non-interactive refund closure that permits _to_self_ to spend funds after a relative locktime, similar to pre-segwit timeout channel design.
Adding a non-interactive refund closure to a 2-of-2 multisig removes the need to craft a refund transaction in advance of funding a channel output. _to_self_ can exit from the script path after the expiry if the _to_remote_ happens to be non-collaborative in exchanging signatures for a refund. Adding a non-interactive refund closure to a 2-of-2 multisig removes the need to craft a refund transaction in advance of funding a channel output. _to_self_ can exit from the script path after the expiry if the _to_remote_ happens to be non-collaborative in exchanging signatures for a refund.
Ultimately, it's _to_remote_ responsibility to close the channel shortly before channel expiry. While this design consume more on-chain footprint than a regular channel formation, its anticipated _to_self_ users to mostly receive funds over [_silent swaps_](https://github.com/bits-wallet/specs/blob/main/04.md) and rarely through _channel addresses_. Ultimately, it's _to_remote_ responsibility to close the channel shortly before channel expiry. While this design consume more on-chain footprint over time than a regular channel formations, its anticipated _to_self_ users to mostly receive funds over [_silent swaps_](https://github.com/bits-wallet/specs/blob/main/04.md) and rarely through _channel addresses_.
## Crafting Channel Addresses
The number _u_ of the number of channel addresses: _2<sup>32</sup>_.
### Child Key Derivation ### Child Key Derivation
- The nostr parent secret key _nsec_: a 32-byte array. - The nostr parent secret key _nsec_: a 32-byte array.
- The nostr parent public key _npub_: _cbytes(int(nsec)⋅G)_. - The nostr parent public key _npub_: _cbytes(int(nsec)⋅G)_.
- The tweak derivation secret _ds_: a 32-byte array. - The tweak derivation secret _ds_: a 32-byte array.
- The number _u_ of child keys _2<sup>32</sup>_.
- Let _ds_ = _hash<sub>BDS-02/dersec</sub>(nsec)_. - Let _ds_ = _hash<sub>BDS-02/dersec</sub>(nsec)_.
- For _i = 1 .. u_: - For _i = 1 .. u_:
- - The BDS-02 child secret key _sk<sub>i</sub>_. - - The BDS-02 child secret key _sk<sub>i</sub>_.
@@ -47,20 +49,20 @@ Ultimately, it's _to_remote_ responsibility to close the channel shortly before
- - Let _sk<sub>i</sub>_ = _bytes(32, (int(nsec) + int(t<sub>i</sub> )) mod n)_. - - Let _sk<sub>i</sub>_ = _bytes(32, (int(nsec) + int(t<sub>i</sub> )) mod n)_.
### Key Aggregation ### Key Aggregation
- The number _u_ of child keys : _2<sup>32</sup>_.
- For _i = 1 < u< 2<sup>32</sup>_: - For _i = 1 < u< 2<sup>32</sup>_:
- - The _to_self_ : 32-byte x-only user child public key. - - The _to_self_ : 32-byte x-only user child public key.
- - The _to_remote_ : 32-byte x-only well-known LSP public key. - - The _to_remote_ : 32-byte x-only well-known LSP public key.
- - The _keygen_ctx_ : MuSig2 keygen context containing the aggregate key. - - The _keygen_ctx_ : MuSig2 keygen context containing the aggregate key.
- - The _addr_ : Expiring channel address.
- - Let _to_self_ = _cbytes(pk<sub>i</sub>)_. - - Let _to_self_ = _cbytes(pk<sub>i</sub>)_.
- - Let _to_remote_ = _cbytes(bytes(33, 0x025de7cd8fd3a0a38f1cab124defd4c3043203c3f2b66328484e321d3ede5f84f6))_. - - Let _to_remote_ = _cbytes(bytes(33, 0x025de7cd8fd3a0a38f1cab124defd4c3043203c3f2b66328484e321d3ede5f84f6))_.
- - Let _keygen_ctx<sub>i</sub>_ = _KeyAgg([to_self, to_remote])_. - - Let _keygen_ctx<sub>i</sub>_ = _KeyAgg([to_self, to_remote])_.
- - Let Q<sub>i</sub>, gacc<sub>i</sub>, and , tacc<sub>i</sub> = _keygen_ctx<sub>i</sub>_. - - Let Q<sub>i</sub>, gacc<sub>i</sub>, and , tacc<sub>i</sub> = _keygen_ctx<sub>i</sub>_.
### Adding Refund Closure ### Adding Refund Closure
- For _i = 1 < u< 2<sup>32</sup>_:
- - The _ex_ : a 2-byte minimally encoded channel expiry as relative locktime. - - The _ex_ : a 2-byte minimally encoded channel expiry as relative locktime.
- - The _ts_ : a 39-byte raw tapscript for a non-interactive refund closure. - - The _ts_ : a 39-byte raw tapscript for a non-interactive refund closure.
- - - The _addr_ : Expiring channel address.
- - Let _ex_ = _CScriptNum(26280)_. - - Let _ex_ = _CScriptNum(26280)_.
- - Let _ts_ = `<ex> OP_CHECKSEQUENCEVERIFY OP_DROP <to_self> OP_CHECKSIG`. - - Let _ts_ = `<ex> OP_CHECKSEQUENCEVERIFY OP_DROP <to_self> OP_CHECKSIG`.
- - Let _ts<sub>hash</sub>_ = _hash<sub>TapLeaf</sub>(0xc0 || 0x27 || ts)_. - - Let _ts<sub>hash</sub>_ = _hash<sub>TapLeaf</sub>(0xc0 || 0x27 || ts)_.