Author: ZmnSCPxj 2019-05-08 04:37:37
Published on: 2019-05-08T04:37:37+00:00
In an email conversation between Sjors Provoost and Pieter Wuille, they discussed the possibility of avoiding an "everyone agrees" branch by using an unknown discrete logarithm. The technique involves taking random data, hashing it with SHA256 and acquiring a 256-bit number, and then treating that number as an X coordinate to see if there exists a point on the secp256k1 curve at that coordinate. About half of the possible X coordinates will have a point on the curve. The scalar behind the above point cannot be known unless either the hash function is broken or ECDLP is broken. The point is just an arbitrary point on the curve, so it is unknown to the rest of the world whether somebody knows the scalar or nobody knows. Lightning developers may have an opinion on everyone agreeing with respect to hash pre-images. Lightning may eventually switch to using payment points/scalars instead of hashes/preimages, which would allow them to have path decorrelation within a route and in multiple routes of the same payment. This is enabled by Schnorr, as this requires Scriptless Script.
Updated on: 2023-06-13T18:37:48.224258+00:00