My opinion is that the ForceMove protocol needs to make the following guarantee:
G1: Suppose Alice holds a supported state at turn
n
.
Suppose a blockchain eventE
is emitted at timet
.
Assume that Alice can reliably noticeE
, decide what to do, and submit a transactiontx
that is mined before timet + challengeDuration
.
Then Alice can ensure [optional: in constant time], that the channel cannot be finalized at a turnm < n
.
With this guarantee, it is much easier to prove the security of Alice’s assets, both
- in theory, when Alice has an unlimited amount of patience; and
- in practice, when Alice might want to go on holiday, and protect her assets temporarily
The simplest way to do this is to choose the optional “in constant time” version of the guarantee, and O4 (without A1) provides this guarantee.
A stronger guarantee which might be nice is:
G2: The
turnNumRecord
stored on-chain is the turn number of the most recent supported state seen by the adjudicator.
This would require O6. (Note that G2 trivially implies G1.)
I think the most sensible thing to do is:
- first, do O4 without A1
- second, if desired do O6
Note that per-participant turnNumRecords
might still fit into 256 bits if stored in a struct, assuming a small enough number of participants. For example, using 32 bit turn numbers and a 40 bit finalizedAt
leaves 120 bits for struct bookkeeping plus hash-collision-security. It might be possible to fit this in 256 bits and still offer safety. This would allow O6 + A1, at the cost of losing the minimal storage usage in larger channels.