You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We don't want to sign all messages because ecrecover is an expensive operation, specially we don't want to sign the Delivered messages because that would double the number of signatures, without encryption that means that an Delivered message can be easily forged.
A forged Delivered's can be used to make a channel unusable and maybe to steal some asset.
To make a channels unusable an Delivered for a DirectTransfer or Secret message is sufficient, since the sender would update it's state while the partner won't.
To steal some asset a MediatedTransfer is required, ABC, B would need to intercept the RevealSecret messages and make sure that C don't receive it until the the BC lock expires, then it can settle the transaction AB on chain with the secret learned from the intercepted message (Secure against interception of RevealSecret messages #473).
This is still possible with the Secret Registry iff the lock expiration changes, and this is possible since the settle timeout is not enforced to be constant through out the network
With an encryption scheme faster than ecrecoverable signatures we can drop the signatures from the messages that are not exposed to the smart contract (messages that are signed only to inform us about the sender, eg. SecretRequest, TransferTimeout, etc.)
We don't want to sign all messages because
ecrecoveris an expensive operation, specially we don't want to sign theDeliveredmessages because that would double the number of signatures, without encryption that means that anDeliveredmessage can be easily forged.A forged
Delivered's can be used to make a channel unusable and maybe to steal some asset.Deliveredfor aDirectTransferorSecretmessage is sufficient, since the sender would update it's state while the partner won't.ABC, B would need to intercept theRevealSecretmessages and make sure that C don't receive it until the theBClock expires, then it can settle the transactionABon chain with the secret learned from the intercepted message (Secure against interception of RevealSecret messages #473).With an encryption scheme faster than
ecrecoverable signatures we can drop the signatures from the messages that are not exposed to the smart contract (messages that are signed only to inform us about the sender, eg. SecretRequest, TransferTimeout, etc.)