After reading about Lightning Networks in this and similar articles, I realized that I don’t understand how the protocol & the system prevents the following scenario:
- There is an established channel between Alice & Bob.
- The transaction outputs of the latest ‘agreed’ off-chain transaction are 1BC on Alice’s side and 1 BC on Bob’s side.
- Alice & Bob initiate a new transaction.
- Alice & Bob exchange their parts of revocation keys.
- Bob decides to cheat and pretends to “disappear”, not signing the new transaction and not responding, but still being online and monitoring on-chain transactions.
- At some point in time, if Alice wants to free up her 1 bitcoin, she executes latest ‘agreed’ transaction, but her funds are locked for 2 weeks.
- While pretending to be unresponsive, Bob is monitoring the chain and executes the revocation clause as soon as it happens, getting both bitcoins.
Obviously, significant time may pass between #5 and #6, but if Bob can afford to wait, he can pull that trick.
It seems that in order to avoid that, new off-chain transactions need to be signed in a single distributed transaction with the exchange of revocation keys, but I don’t see how it is feasible. I’ve read multiple mentions that the keys are exchanged prior to signing new transactions.
I’ve read a similar question here, but I don’t think it really addresses the situation I’ve described.
What am I missing?