From nadav at suredbits.com Wed Jul 17 15:37:19 2019 From: nadav at suredbits.com (Nadav Kohen) Date: Wed, 17 Jul 2019 10:37:19 -0500 Subject: [Lightning-dev] Selling Signatures: Another Reason to Move to Payment Points Message-ID: Hi All, I recently posted a proposal here for a scheme through which a trusted data provider can utilize the Lightning Network to privately sell data where data is received atomically with purchase. I've more recently been thinking about situations where a party, that is *not* trusted, is attempting to sell its signature to a known message. One example of a situation where this would be useful is if someone is trying to offer a DLC-like Option contract where they are essentially collateralizing themselves in a funding transaction and then selling their signatures to Contract Execution Transactions (CETs). In this example, we must ensure that the buyer of the signatures pays if and only if they receive valid signatures for the CETs which are known. I believe that this is achievable in a relatively straightforward way if we were to use ZmnSCPxj's proposed payment points with scalars (as opposed to payment hashes with pre-images). The (Schnorr) signature seller could give the buyer their one-time public key, `R = k*G`, through which the buyer could compute the payment point whose scalar is the seller's signature: `sig*G = R + h(m, R)*A` where `A` is the seller's public key. Using this value as the payment point, the buyer could be assured that they pay if and only if they receive `sig` from the seller, where `sig` is the desired valid signature of `m`! Best, Nadav -------------- next part -------------- An HTML attachment was scrubbed... URL: