bitcointxoko/guides
1
1
Fork 0
Code Issues Pull Requests 9 Actions Packages Projects Releases Wiki Activity

Update ln-03.md

Browse Source
This commit is contained in:
Bitcoin Txoko
2024-11-21 21:38:20 +01:00
committed by GitHub
parent e9c51a6956
commit dd045b6d24
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
en/ln-03.md
+2 -2
View File
@@ -56,7 +56,7 @@ Bob will have:
Now, when it's time for Alice to construct the commitment transaction, she will send Bob her commitment point pubkey `CA1`. Bob will send her his revocation basepoint pubkey `RB1`. Alice can now derive the revocation pubkey to be included in the commitment transaction as follows: Now, when it's time for Alice to construct the commitment transaction, she will send Bob her commitment point pubkey `CA1`. Bob will send her his revocation basepoint pubkey `RB1`. Alice can now derive the revocation pubkey to be included in the commitment transaction as follows:
``` ```
Rev_A2 = R_B1 * sha256( R_B1 || C_A1 ) + C_A1 * sha256( C_A1 || R_B1 ) Rev_A1 = R_B1 * sha256( R_B1 || C_A1 ) + C_A1 * sha256( C_A1 || R_B1 )
``` ```
Now Alice's `to_local` output looks like this: Now Alice's `to_local` output looks like this:
@@ -76,7 +76,7 @@ OP_CHECKSIG
When it's time for Alice and Bob to update state and invalidate the old state, Alice sends Bob her private key for the commitment point `cA2`. With this key, Bob now has both Alice's per commitment point private key `cA1` as well as his own revocation basepoint private key `rB1` which corresponds to the public key `RB1` he sent Alice earlier when Alice was constructing the commitment transaction. So now with these two pieces of information, Bob can derive the private key corresponding to the public key `Rev_A1` and therefore spend via the revocation output. He can calculate the private key as follows: When it's time for Alice and Bob to update state and invalidate the old state, Alice sends Bob her private key for the commitment point `cA2`. With this key, Bob now has both Alice's per commitment point private key `cA1` as well as his own revocation basepoint private key `rB1` which corresponds to the public key `RB1` he sent Alice earlier when Alice was constructing the commitment transaction. So now with these two pieces of information, Bob can derive the private key corresponding to the public key `Rev_A1` and therefore spend via the revocation output. He can calculate the private key as follows:
``` ```
rev_A2 = r_B1 * sha256( R_B1 || C_A1 ) + c_A1 * sha256( C_A1 || R_B1 ) rev_A1 = r_B1 * sha256( R_B1 || C_A1 ) + c_A1 * sha256( C_A1 || R_B1 )
``` ```
Alice will never be able to derive this private key because she does not have and will never have Bob's revocation basepoint private key `rB1`. Alice will never be able to derive this private key because she does not have and will never have Bob's revocation basepoint private key `rB1`.