Hi all,
We'd like to bring to your attention our recent result concerning HTLC.
Here are the technical report and a short post outlining the main points:
* https://arxiv.org/abs/2006.12031
* https://ittayeyal.github.io/2020-06-22-mad-htlc
Essentially, we find that HTLC security relies on miners
Hi ZmnSCPxj,
Thank you for taking the time to respond, these are very good points.
Responses inline.
On Tue, Jun 23, 2020 at 12:48 PM ZmnSCPxj wrote:
> Good morning Itay, Ittay, and Matan,
>
> I believe an unstated assumption in Bitcoin is that miners are
> short-sighted.
>
> The reasoning for
Of course the order at the end should have been switched:
Consider first the case where Alice *does not* publish preimage "A": Bob
can safely publish preimage "B" and get both the Deposit and Collateral
tokens after the timeout.
Now, consider the case where Alice *publishes* preimage "A": If Bob
p
Hi ZmnSCPxj,
That's a good point. Basically there are two extremes, if everyone is
non-myoptic (rational), they should wait even for a small fee (our mad-htlc
result), and if everyone else is myopic (rational), a non-myopic miner
should only wait for a fairly large fee, depending on miner sizes an
Hi ZmnSCPxj,
1. If all miners are rational and non-myopic, they will support the attack.
They don't need to cooperate, it's not the end of Bitcoin, but they all
have to know everyone is rational and non-myopic. If you want to be secure
in a situation like this then mad-htlc helps. Otherwise you ca