Question on Asymmetric Revocable Commitments
I'm trying to understand asymmetric revocable commitments from Andreas' book. In particular, I'm looking at page 295 (2nd edition).
Irene can confidently sign this transaction, since if transmitted it will immediately pay her what she is owed. Hitesh holds the transaction, but knows that if he transmits it in a unilateral channel closing, he will have to wait 1000 blocks to get paid. When the channel is advanced to the next state, Hitesh has to revoke this commitment transaction before Irene agrees to sign the next commitment transaction. To do that, all he has to do is send the revocation key to Irene. Once Irene has the revocation key for this commitment, she can sign the next commitment with confidence. She knows that if Hitesh tries to cheat by publishing the prior commitment, she can use the revocation key to redeem Hitesh’s delayed output. If Hitesh cheats, Irene gets BOTH outputs.
Output 0 <5 bitcoin>: <Irene's Public Key> CHECKSIG Output 1 <5 bitcoin>: IF # Revocation penalty output <Revocation Public Key> ELSE <1000 blocks> CHECKSEQUENCEVERIFY DROP <Hitesh's Public Key> ENDIF CHECKSIG
The code example shows that there are two ways of redeeming Hitesh' 5 Bitcoin. Either by posting the "Revocation Public Key" or by waiting for a 1,000 blocks.
What I don't understand is the following. If Hitesh tries to cheat by publishing the prior commitment, why can't he also use his own revocation key (which he knows, since he created it) to redeem the output?
What prevents him from doing this?
https://ift.tt/2FigTPf
Comments
Post a Comment