+/// Only the cheating participant owns a valid witness to propagate a revoked
+/// commitment transaction, thus per_commitment_secret always come from cheater
+/// and revocation_base_secret always come from punisher, which is the broadcaster
+/// of the transaction spending with this key knowledge.
+///
/// Note that this is infallible iff we trust that at least one of the two input keys are randomly
/// generated (ie our own).
/// Note that this is infallible iff we trust that at least one of the two input keys are randomly
/// generated (ie our own).
-pub fn derive_private_revocation_key<T: secp256k1::Signing>(secp_ctx: &Secp256k1<T>, per_commitment_secret: &SecretKey, revocation_base_secret: &SecretKey) -> Result<SecretKey, SecpError> {
- let revocation_base_point = PublicKey::from_secret_key(&secp_ctx, &revocation_base_secret);
+pub fn derive_private_revocation_key<T: secp256k1::Signing>(secp_ctx: &Secp256k1<T>, per_commitment_secret: &SecretKey, countersignatory_revocation_base_secret: &SecretKey) -> Result<SecretKey, SecpError> {
+ let countersignatory_revocation_base_point = PublicKey::from_secret_key(&secp_ctx, &countersignatory_revocation_base_secret);
let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
let rev_append_commit_hash_key = {
let mut sha = Sha256::engine();
let per_commitment_point = PublicKey::from_secret_key(&secp_ctx, &per_commitment_secret);
let rev_append_commit_hash_key = {
let mut sha = Sha256::engine();
let commit_append_rev_hash_key = {
let mut sha = Sha256::engine();
sha.input(&per_commitment_point.serialize());
let commit_append_rev_hash_key = {
let mut sha = Sha256::engine();
sha.input(&per_commitment_point.serialize());
- // Only the transaction broadcaster owns a valid witness to propagate
- // a revoked commitment transaction, thus per_commitment_secret always
- // come from broadcaster and revocation_base_secret always come
- // from countersignatory of the transaction.
- let mut countersignatory_contrib = revocation_base_secret.clone();
+ let mut countersignatory_contrib = countersignatory_revocation_base_secret.clone();
countersignatory_contrib.mul_assign(&rev_append_commit_hash_key)?;
let mut broadcaster_contrib = per_commitment_secret.clone();
broadcaster_contrib.mul_assign(&commit_append_rev_hash_key)?;
countersignatory_contrib.mul_assign(&rev_append_commit_hash_key)?;
let mut broadcaster_contrib = per_commitment_secret.clone();
broadcaster_contrib.mul_assign(&commit_append_rev_hash_key)?;
/// the public equivalend of derive_private_revocation_key - using only public keys to derive a
/// public key instead of private keys.
///
/// the public equivalend of derive_private_revocation_key - using only public keys to derive a
/// public key instead of private keys.
///
+/// Only the cheating participant owns a valid witness to propagate a revoked
+/// commitment transaction, thus per_commitment_point always come from cheater
+/// and revocation_base_point always come from punisher, which is the broadcaster
+/// of the transaction spending with this key knowledge.
+///
/// Note that this is infallible iff we trust that at least one of the two input keys are randomly
/// generated (ie our own).
/// Note that this is infallible iff we trust that at least one of the two input keys are randomly
/// generated (ie our own).
-pub fn derive_public_revocation_key<T: secp256k1::Verification>(secp_ctx: &Secp256k1<T>, per_commitment_point: &PublicKey, revocation_base_point: &PublicKey) -> Result<PublicKey, SecpError> {
+pub fn derive_public_revocation_key<T: secp256k1::Verification>(secp_ctx: &Secp256k1<T>, per_commitment_point: &PublicKey, countersignatory_revocation_base_point: &PublicKey) -> Result<PublicKey, SecpError> {
let commit_append_rev_hash_key = {
let mut sha = Sha256::engine();
sha.input(&per_commitment_point.serialize());
let commit_append_rev_hash_key = {
let mut sha = Sha256::engine();
sha.input(&per_commitment_point.serialize());
- // Only the transaction broadcaster owns a valid witness to propagate
- // a revoked commitment transaction, thus per_commitment_point always
- // come from broadcaster and revocation_base_point always come
- // from countersignatory of the transaction.
- let mut countersignatory_contrib = revocation_base_point.clone();
+ let mut countersignatory_contrib = countersignatory_revocation_base_point.clone();
countersignatory_contrib.mul_assign(&secp_ctx, &rev_append_commit_hash_key)?;
let mut broadcaster_contrib = per_commitment_point.clone();
broadcaster_contrib.mul_assign(&secp_ctx, &commit_append_rev_hash_key)?;
countersignatory_contrib.mul_assign(&secp_ctx, &rev_append_commit_hash_key)?;
let mut broadcaster_contrib = per_commitment_point.clone();
broadcaster_contrib.mul_assign(&secp_ctx, &commit_append_rev_hash_key)?;
pub struct TxCreationKeys {
/// The broadcaster's per-commitment public key which was used to derive the other keys.
pub per_commitment_point: PublicKey,
pub struct TxCreationKeys {
/// The broadcaster's per-commitment public key which was used to derive the other keys.
pub per_commitment_point: PublicKey,
/// transaction to provide their counterparty the ability to punish them if they broadcast
/// an old state.
pub revocation_key: PublicKey,
/// transaction to provide their counterparty the ability to punish them if they broadcast
/// an old state.
pub revocation_key: PublicKey,
/// Countersignatory's HTLC Key
pub countersignatory_htlc_key: PublicKey,
/// Broadcaster's Payment Key (which isn't allowed to be spent from for some delay)
/// Countersignatory's HTLC Key
pub countersignatory_htlc_key: PublicKey,
/// Broadcaster's Payment Key (which isn't allowed to be spent from for some delay)
- { per_commitment_point, revocation_key, broadcaster_htlc_key, countersignatory_htlc_key, delayed_payment_key });
+ { per_commitment_point, revocation_key, broadcaster_htlc_key, countersignatory_htlc_key, broadcaster_delayed_payment_key });
revocation_key: derive_public_revocation_key(&secp_ctx, &per_commitment_point, &countersignatory_revocation_base)?,
broadcaster_htlc_key: derive_public_key(&secp_ctx, &per_commitment_point, &broadcaster_htlc_base)?,
countersignatory_htlc_key: derive_public_key(&secp_ctx, &per_commitment_point, &countersignatory_htlc_base)?,
revocation_key: derive_public_revocation_key(&secp_ctx, &per_commitment_point, &countersignatory_revocation_base)?,
broadcaster_htlc_key: derive_public_key(&secp_ctx, &per_commitment_point, &broadcaster_htlc_base)?,
countersignatory_htlc_key: derive_public_key(&secp_ctx, &per_commitment_point, &countersignatory_htlc_base)?,
- delayed_payment_key: derive_public_key(&secp_ctx, &per_commitment_point, &broadcaster_delayed_payment_base)?,
+ broadcaster_delayed_payment_key: derive_public_key(&secp_ctx, &per_commitment_point, &broadcaster_delayed_payment_base)?,
-pub fn get_revokeable_redeemscript(revocation_key: &PublicKey, to_self_delay: u16, delayed_payment_key: &PublicKey) -> Script {
+pub fn get_revokeable_redeemscript(revocation_key: &PublicKey, contest_delay: u16, broadcaster_delayed_payment_key: &PublicKey) -> Script {
Builder::new().push_opcode(opcodes::all::OP_IF)
.push_slice(&revocation_key.serialize())
.push_opcode(opcodes::all::OP_ELSE)
Builder::new().push_opcode(opcodes::all::OP_IF)
.push_slice(&revocation_key.serialize())
.push_opcode(opcodes::all::OP_ELSE)
-pub fn build_htlc_transaction(prev_hash: &Txid, feerate_per_kw: u32, to_self_delay: u16, htlc: &HTLCOutputInCommitment, delayed_payment_key: &PublicKey, revocation_key: &PublicKey) -> Transaction {
+pub fn build_htlc_transaction(prev_hash: &Txid, feerate_per_kw: u32, contest_delay: u16, htlc: &HTLCOutputInCommitment, broadcaster_delayed_payment_key: &PublicKey, revocation_key: &PublicKey) -> Transaction {
- script_pubkey: get_revokeable_redeemscript(revocation_key, to_self_delay, delayed_payment_key).to_v0_p2wsh(),
+ script_pubkey: get_revokeable_redeemscript(revocation_key, contest_delay, broadcaster_delayed_payment_key).to_v0_p2wsh(),
revocation_key: dummy_key.clone(),
broadcaster_htlc_key: dummy_key.clone(),
countersignatory_htlc_key: dummy_key.clone(),
revocation_key: dummy_key.clone(),
broadcaster_htlc_key: dummy_key.clone(),
countersignatory_htlc_key: dummy_key.clone(),
- let htlc_tx = build_htlc_transaction(&txid, self.feerate_per_kw, local_csv, &this_htlc.0, &self.local_keys.delayed_payment_key, &self.local_keys.revocation_key);
+ let htlc_tx = build_htlc_transaction(&txid, self.feerate_per_kw, local_csv, &this_htlc.0, &self.local_keys.broadcaster_delayed_payment_key, &self.local_keys.revocation_key);
let htlc_redeemscript = get_htlc_redeemscript_with_explicit_keys(&this_htlc.0, &self.local_keys.broadcaster_htlc_key, &self.local_keys.countersignatory_htlc_key, &self.local_keys.revocation_key);
let htlc_redeemscript = get_htlc_redeemscript_with_explicit_keys(&this_htlc.0, &self.local_keys.broadcaster_htlc_key, &self.local_keys.countersignatory_htlc_key, &self.local_keys.revocation_key);
// Further, we should never be provided the preimage for an HTLC-Timeout transaction.
if this_htlc.0.offered && preimage.is_some() { unreachable!(); }
// Further, we should never be provided the preimage for an HTLC-Timeout transaction.
if this_htlc.0.offered && preimage.is_some() { unreachable!(); }
- let mut htlc_tx = build_htlc_transaction(&txid, self.feerate_per_kw, local_csv, &this_htlc.0, &self.local_keys.delayed_payment_key, &self.local_keys.revocation_key);
+ let mut htlc_tx = build_htlc_transaction(&txid, self.feerate_per_kw, local_csv, &this_htlc.0, &self.local_keys.broadcaster_delayed_payment_key, &self.local_keys.revocation_key);
// Channel should have checked that we have a remote signature for this HTLC at
// creation, and we should have a sensible htlc transaction:
assert!(this_htlc.1.is_some());
// Channel should have checked that we have a remote signature for this HTLC at
// creation, and we should have a sensible htlc transaction:
assert!(this_htlc.1.is_some());