There are three ways in which that offered HTLC output can be redeemed: Revocation using the revocation public key (the example you mentioned), redeemed using a valid payment preimage or back to the local node after the timeout.
Redeemed using a valid pre-image by remote node:
- The stack starts at
<remotehtlcsig> <payment_preimage>
- Since the
HASH160
of<payment_preimage>
is not equal to theHASH160
ofrevocationpubkey
, the outer ELSE statement is triggered <remote_htlcpubkey>
is pushed to the stack. Stack is now<remotehtlcsig> <payment_preimage> <remote_htlcpubkey>
.OP_SWAP
is pushed to the stack, which swaps the top two items on the stack.- Stack is now
<remotehtlcsig> <remote_htlcpubkey> <payment_preimage>
OP_SIZE 32 OP_EQUAL
verifies that thepayment_preimage
is 32 bytes.- Since the
payment_preimage
is 32 bytes it will output 1. As a resultOP_NOTIF
will not be triggered, and henceOP_ELSE
statement will be triggered.OP_NOTIF
is triggered is the value on the stack is 0OP_ELSE
is triggered if the precedingOP_IF
,OP_NOTIF
andOP_ELSE
are not executed.
- The stack is still
<remotehtlcsig> <remote_htlcpubkey> <payment_preimage>
- The
OP_HASH160
will hash thepaymentpreimage
. Since payment hash isSHA256
of the payment preimage, we need to hash it withRIPEMD160
so that it is equal toHASH160
of thepaymentpreimage
. - If the hash matches, then the stack will be
<remotehtlcsig> <remote_htlcpubkey> OP_CHECKSIG
- If the signature matches the
remote_htlcpubkey
then 1 will be returned to the stack and this offered HTLC output is successfully spent by the remote node.
Redeemed after time-out by the local node:
To trigger the HTLC timeout condition, the local node will use the witness:
0 <remotehtlcsig> <localhtlcsig> 0
The stack starts at
0 <remotehtlcsig> <localhtlcsig> 0
Since the
HASH160
of0
is not equal to theHASH160
ofrevocationpubkey
, the outer ELSE statement is triggered<remote_htlcpubkey>
is pushed to the stack. Stack is now:0 <remotehtlcsig> <localhtlcsig> 0 <remote_htlcpubkey>
OP_SWAP
swaps the top two items on the stack. Stack is now:0 <remotehtlcsig> <localhtlcsig> <remote_htlcpubkey> 0
Since size of
0
is not 32 bytes it will return 0 on top of stack. This triggers theOP_NOTIF
statement. Stack is still:0 <remotehtlcsig> <localhtlcsig> <remote_htlcpubkey> 0
OP_DROP
drops the top item on the stack which is0
. Stack is now :0 <remotehtlcsig> <localhtlcsig> <remote_htlcpubkey>
2
is pushed to the stack. Stack is0 <remotehtlcsig> <localhtlcsig> <remote_htlcpubkey> 2
OP_SWAP
swaps the top two items on the stac. Stack is:0 <remotehtlcsig> <localhtlcsig> 2 <remote_htlcpubkey>
<local_htlcpubkey> 2 OP_CHECKMULTISIG
is pushed to the stack. The stack is thus0 <remotehtlcsig> <localhtlcsig> 2 <remote_htlcpubkey> <local_htlcpubkey> 2 OP_CHECKMULTISIG
.The above is a multisig output which can be spent only with valid signatures from the local and remote keys. These keys are exchanged when adding the HTLC. The output of the above transaction is sent to the local node using a
to_self_delay
using the time-out transactions.