Bitcoin script for "Cerberus - Incentivizing Watchtowers", implemented with the bcoin.js library.
How to setup and verify the implementation:
- Clone this repository
- go to the top directory of the repository
npm install(assumes a workingnpmandnodejsinstallation. nodejs v12 is not yet supported due to limitations of thebcoinlibrary.)npm test
Let channel between Alice (with funds a) and Bob (with funds b). Bob employs
watchtower W. All scripts are P2WSH.
Like LN:
- value:
a + b - redeem script:
2 <pubkey1> <pubkey2> 2 OP_CHECKMULTISIG, wherepubkey1,pubkey2are thefunding_pubkeys of Alice and Bob, sorted by ascending order of their DER-encodings.- Spendable by witness script
0 <pubkey1_sig> <pubkey2_sig>
- Spendable by witness script
- value:
a + b + ε(provided by W) - redeem script:
2 <collateral_pubkey1> <collateral_pubkey2> 2 OP_CHECKMULTISIG, wherecollateral_pubkey1,collateral_pubkey2are the public keys of Bob and W, sorted by ascending order of their DER-encodings.- Spendable by witness script
0 <collateral_sig1> <collateral_sig2>
- Spendable by witness script
- unique input spends Funding output with witness script
0 <pubkey1_sig> <pubkey2_sig> - output 1: like LN
revocation
- value:
a - redeem script:
WhereOP_IF # Revocation 2 <revocation_pubkey1> <revocation_pubkey2> 2 OP_CHECKMULTISIG OP_ELSE # Normal `bob_delay` OP_CHECKSEQUENCEVERIFY OP_DROP <alice_delayed_pubkey> OP_CHECKSIG OP_ENDIF<revocation_pubkey1>and<revocation_pubkey2>are the two keys<alice_collateral_pubkey>and<watchtower_revocation_pubkey>, sorted by ascending order of their DER-encodings.- Spendable by witness scripts
<alice_delayed_sig> 0(normal path) or0 <revocation_sig1> <revocation_sig2> 1(revocation path)
- value:
- output 2:
- value:
b - redeem script:
WhereOP_IF # Revocation 2 <revocation_pubkey3> <revocation_pubkey4> 2 OP_CHECKMULTISIG OP_ELSE # Normal `bob_delay` OP_CHECKSEQUENCEVERIFY OP_DROP <bob_delayed_pubkey> OP_CHECKSIG OP_ENDIF<revocation_pubkey3>and<revocation_pubkey4>are the two keys<bob_collateral_pubkey>and<watchtower_revocation_pubkey>, sorted by ascending order of their DER-encodings.- Spendable by witness scripts
<bob_delayed_sig> 0(normal path) or0 <revocation_sig3> <revocation_sig4> 1(revocation path)
- value:
- input 1 spends output 1 of a Commitment tx, following the revocation path.
- input 2 spends output 2 of a Commitment tx, following the revocation path.
- output:
- value:
a + b - redeem script: P2WPKH to
<bob_pubkey>
- value:
- unique input spends the output of a Collateral tx, with witness script
0 <collateral_sig1> <collateral_sig2>. - unique output:
- value:
a + b + ε - redeem script:
WhereOP_IF # Penalty `bob_delay` OP_CHECKSEQUENCEVERIFY OP_DROP 2 <penalty_pubkey1> <penalty_pubkey2> 2 OP_CHECKMULTISIG OP_ELSE # Normal `long_delay` OP_CHECKSEQUENCEVERIFY OP_DROP <watchtower_penalty_pubkey> OP_CHECKSIG OP_ENDIF<penalty_pubkey1>and<penalty_pubkey2>are the two keys<bob_penalty_pubkey>and<watchtower_penalty_pubkey>, sorted by ascending order of their DER-encodings.- Spendable by witness scripts
<watchtower_penalty_sig> 0(normal path) or0 <penalty_sig1> <penalty_sig2> 1(penalty path)
- value:
-
input 1 spends output 2 of a Commitment tx, following the normal path.
-
input 2 spends the output of a Collateral tx.
-
output:
- value:
b' + a + b + ε, whereb'is Bob's old balance as found in the Commitment tx spent by this Penalty tx - redeem script: P2WPKH to
<bob_pubkey>
- value:
-
input 1 spends output 2 of a Commitment tx, following the normal path.
-
input 2 spends the output of a Reclaim tx, following the penalty path.
-
output:
- value:
b' + a + b + ε, whereb'is Bob's old balance as found in the Commitment tx spent by this Penalty tx - redeem script: P2WPKH to
<bob_pubkey>
- value: