From the prelimiary spec, where PC fits in LN-Symmetry:
Vector Commitments
OP_PAIRCOMMIT
can be used to commit to a vector of stack elements in a way that
is not vulnerable to various forms of witness malleability especially when used
in conjunction with OP_CHECKSIGFROMSTACK
and OP_INTERNALKEY
,
since SHA256 implicitly commits to size of the stack elements, making the script
cleaner, and simpler. If OP_CAT
was used naively, the contract could be easily
broken since OP_CHECKTEMPLATEVERIFY
is only defined for 32 byte parameters.
# S = 500000000
# IK -> A+B
<sig> <state-n-recovery-data> <state-n-hash> | CTV PC IK CSFSV <S+1> CLTV
before funding sign first state template:
# state-n-hash { nLockTime(S+n), out(contract, amount(A)+amount(B)) }
# settlement-n-hash { nSequence(2w), out(A, amount(A)), out(B, amount(B)) }
# state-n-recovery-data { settlement-n-hash or state-n-balance }
# contract for state n < m
IF
<sig> <state-m-recovery-data> <state-m-hash> | CTV PC IK CSFSV <S+n+1> CLTV
ELSE
<settlement-n-hash> CTV
ENDIF