| submitted by /u/joselfgaray
Consider there are $ n$ parties $ P_1,\cdots,P_n$ having their identities as $ id=1,\cdots,n$ . They wish to calculate $ f(s_1,\cdots,s_n)=(s_1+\cdots+s_n) \bmod n$ , where $ s_i$ are individual parties secret. Parties are using Bitcoin to execute the protocol.
Now, I want to handle the function $ f$ if some of them leave the protocol. Suppose $ P_3$ and $ P_4$ said in the beginning that they might exit the lottery in mid-way. Their final decision of leaving/continuing will be known in the real-time in mid of execution of the protocol. If both of them leaves the protocol then $ s_3$ and $ s_4$ should not be included in computing $ f$ , and the winner should not be among $ P_3$ and $ P_4$ . But if either of them continues the protocol then their input should be included in computing $ f$ .
I somewhat understand the two way channels used in lightning. But I fail to see how trust is avoided.
If I’m the middle node I’m perfectly fine with forwarding a payment, if I received the payment first. The initial payer can reason that he will only make the payment if all intermediate nodes have shifted the payment to the receiver. It seems like until at least one party takes the risk the payment is in some kind of Mexican standoff.
How is this avoided / cryptograpically enforced?