Secure initiation of state channels

[Cobor]

Hi everyone,

I need help understanding the primitive block to initiating a state channel. To make it simple, let assume this is a one-way channel: buyer at one end (that is Alice), seller at the other (that is Bob). In the literature, I read that Alice, in order to initiate the channel, needs to first sign a transaction to a 2-2 multisig address (her and Bob). This sounds already like an issue to me. Why on earth one would feel comfortable to lose full control over his fund to a stranger? Then I read (Mastering Bitcoin) that Alice would first sign the refund transaction before committing the funding one and ask Bob to sign it and send it back to her. Having that refund transaction in her possession, that she will keep unbroadcast as long as Bob is acting fairly, she will feel comfortable signing and broadcasting the 2-2 multisig (her and Bob) funding transaction. That makes sense to me.

The question I have is: how can the refund transaction can even be crafted (nor signed) since its input should be the output of the funding transaction, which doesn't exist yet at that time?

Thanks a lot!

[Cobor]

The answer is in LN whitepaper:

" 3.1.2 Spending from an Unsigned Transaction

The Lightning Network uses a SIGHASH NOINPUT transaction to spend from this 2-of-2 Funding Transaction output, as it is necessary to spend from a transaction for which the signatures are not yet exchanged. SIGHASH NOINPUT, implemented using a soft-fork, ensures transactions can be spent from before it is signed by all parties, as transactions would need to be signed to get a transaction ID without new sighash flags. Without SIGHASH NOINPUT, Bitcoin transactions cannot be spent from before they may be broadcast —it’s as if one could not draft a contract without paying the other party first. SIGHASH NOINPUT resolves this problem. See Appendix A for more information and implementation."


Reading in appendix A:

"Without SIGHASH NOINPUT, one cannot build outputs before the transaction can be funded. It is as if one cannot make any agreements without committing funds without knowing what one is committing to. SIGHASH NOINPUT allows one to build redemption for transactions which do not yet exist. In other words, one can form agreements before funding the transaction if the output is a 2-of-2 multisignature transaction."

OK so SIGHASH NOINPUT is what makes this possible and indeed answer my question.

The paper doesn't go into too much details of actual implementation of this. If anyone knows a resource where one can dig to the bottom about these Bitcoin script puzzles it would be much appreciated!

Cheers

[Cricktor]

How about Mastering the Lightning Network (LN) by Andreas M. Antonopoulos? It's still on my read-this list and I only glimpsed over very few chapters. Therefore I can't say if it suits you or you'll find what you want to know about Lightning Network. If it's similar to Mastering Bitcoin, at least I won't be disappointed.

[Cobor]

Thanks for the link. Looks like an interesting resource indeed.

[apogio]

It's an incredible book and I highly suggest it. You can find all of his books here: https://aantonop.com/books/

dislaimer: I have only read the ones that refer to bitcoin