Nadav Kohen [ARCHIVE] on Nostr: 📅 Original date posted:2019-07-17 📝 Original message: Hi All, I recently posted ...
📅 Original date posted:2019-07-17
📝 Original message:
Hi All,
I recently posted a proposal here for a scheme through which a trusted data
provider can utilize the Lightning Network to privately sell data where
data is received atomically with purchase.
I've more recently been thinking about situations where a party, that is
*not* trusted, is attempting to sell its signature to a known message. One
example of a situation where this would be useful is if someone is trying
to offer a DLC-like Option contract where they are essentially
collateralizing themselves in a funding transaction and then selling their
signatures to Contract Execution Transactions (CETs). In this example, we
must ensure that the buyer of the signatures pays if and only if they
receive valid signatures for the CETs which are known.
I believe that this is achievable in a relatively straightforward way if we
were to use ZmnSCPxj's proposed payment points with scalars (as opposed to
payment hashes with pre-images). The (Schnorr) signature seller could give
the buyer their one-time public key, `R = k*G`, through which the buyer
could compute the payment point whose scalar is the seller's signature:
`sig*G = R + h(m, R)*A` where `A` is the seller's public key. Using this
value as the payment point, the buyer could be assured that they pay if and
only if they receive `sig` from the seller, where `sig` is the desired
valid signature of `m`!
Best,
Nadav
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20190717/95c848fb/attachment.html>;
📝 Original message:
Hi All,
I recently posted a proposal here for a scheme through which a trusted data
provider can utilize the Lightning Network to privately sell data where
data is received atomically with purchase.
I've more recently been thinking about situations where a party, that is
*not* trusted, is attempting to sell its signature to a known message. One
example of a situation where this would be useful is if someone is trying
to offer a DLC-like Option contract where they are essentially
collateralizing themselves in a funding transaction and then selling their
signatures to Contract Execution Transactions (CETs). In this example, we
must ensure that the buyer of the signatures pays if and only if they
receive valid signatures for the CETs which are known.
I believe that this is achievable in a relatively straightforward way if we
were to use ZmnSCPxj's proposed payment points with scalars (as opposed to
payment hashes with pre-images). The (Schnorr) signature seller could give
the buyer their one-time public key, `R = k*G`, through which the buyer
could compute the payment point whose scalar is the seller's signature:
`sig*G = R + h(m, R)*A` where `A` is the seller's public key. Using this
value as the payment point, the buyer could be assured that they pay if and
only if they receive `sig` from the seller, where `sig` is the desired
valid signature of `m`!
Best,
Nadav
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20190717/95c848fb/attachment.html>;