OP_PAIRCOMMIT as a candidate for addition to LNhance

From the prelimiary spec, where PC fits in LN-Symmetry:

Vector Commitments

OP_PAIRCOMMIT can be used to commit to a vector of stack elements in a way that is not vulnerable to various forms of witness malleability especially when used in conjunction with OP_CHECKSIGFROMSTACK and OP_INTERNALKEY, since SHA256 implicitly commits to size of the stack elements, making the script cleaner, and simpler. If OP_CAT was used naively, the contract could be easily broken since OP_CHECKTEMPLATEVERIFYis only defined for 32 byte parameters.

# S = 500000000
# IK -> A+B
<sig> <state-n-recovery-data> <state-n-hash> | CTV PC IK CSFSV <S+1> CLTV

before funding sign first state template:

# state-n-hash { nLockTime(S+n), out(contract, amount(A)+amount(B)) }
# settlement-n-hash { nSequence(2w), out(A, amount(A)), out(B, amount(B)) }
# state-n-recovery-data { settlement-n-hash or state-n-balance }

# contract for state n < m
IF
  <sig> <state-m-recovery-data> <state-m-hash> | CTV PC IK CSFSV <S+n+1> CLTV
ELSE
  <settlement-n-hash> CTV
ENDIF
1 Like