We are aware of no other company using systems more comprehensive or more effective than Binance. And there was an idea that instead of using the MuSig2 output, visit the next page commitment transaction, actually, the funding output would have both a keypath spend that would be MuSig2, but also a scriptpath spend that would use a plain, normal 2-of-2 multisig, so that all the commitment transactions would use the scriptpath spend. So this would really simplify the proposal, but is it really worth it, because it still makes the commitment transactions weakness bigger than if we just spend the MuSig2 output. The main question that we had during the Summit is that there’s work when the current proposal spends the MuSig2 output for both commitment transactions and splices and mutual closes, which means that we have to manage nonce-state, MuSig2 nonce-state in many places, and it’s potentially dangerous because managing those nonces correctly is really important for security. There’s no serialization format, and there’s strong recommendations against not doing this, right?
So, there are arguments for doing it both ways, and it’s not decided yet. So, just a bit of context there. It is a compound of the words bit and coin. Mang Sweeney was already trading bitcoin when it was worth $10 a coin since speculative buying and selling was popular even then, according to the anonymous buyer. Other than receiving payee funds, a Bitcoin wallet can be funded by mining or by buying Bitcoins directly. Iran, as of October 2020, had issued over 1,000 bitcoin mining licenses. Bitcoin would see significant and often explosive growth over the years that followed. They’re kind of all over the place. But I don’t think we’ll allow you to have any kind of multiplier, because one of the other ideas was that you could also just announce some UTXOs that you own, with the proof that you own them, with a total value of, for example, 2 bitcoin, and then that would grant you the ability to announce up to X times that in channels without having to point to any specific onchain output.
And I’m curious how Lightning engineers are thinking about taproot and MuSig2 related channels and how the audience should think about their nearer term uses in Lightning, in contrast to something that I think a lot of Bitcoin hopefuls are thinking about, which is Point Time Locked Contracts (PTLCs) involving schnorr signatures and adaptor signatures. Greg Sanders: Well, with penalties, maybe it’s less of a problem, but also pinning is a problem in lots of other scenarios too, Discreet Log Contracts (DLCs), any sort of time-sensitive contract, right? Mike Schmidt: Greg had mentioned DLCs as another potential protocol or different types of protocols that should be considering relay policy, mempool, and getting confirmations. We noted in the newsletter, “We strongly recommend readers with an interest in transaction relay policy, which affects almost all second-layer protocols, read the notes for the insightful feedback provided by LN developers on several ongoing initiatives”. This question, I guess, is for Murch, Greg or t-bast, but are there other layer 2 protocols that we see having an interest in contributing to some of these discussions?
Mike Schmidt: Murch, you good to wrap up this first bullet? Mike Schmidt: Go ahead, Murch. Mike Schmidt: Murch or t-bast, any other comments on taproot and MuSig2 channels? Mike Schmidt: The taproot and MuSig2 channel discussion somewhat leads into the updated channel announcement discussion and how gossip protocol would need to be upgraded in order to support moving to P2TR outputs. I think this is still going to be different for later, and we are just going to be allowing any kind of UTXO in your channel announcement that has to match the capacity of the channel that you are announcing. I think we’re going to stick to a simple version, where you allow pointing to any type of output to pay for your channel. Bastien Teinturier: Sure. So right now, when we announced the channel on the network, we explicitly announced node IDs and the Bitcoin keys that are inside the multisig 2-of-2, and people verified that the output that we are referencing is actually locked with the script hash of multisig 2-of-2 of those two keys, so you can only use it with scripts that really follow the format of Lightning channels without taproot.