Author: ZmnSCPxj 2019-01-07 12:11:14
Published on: 2019-01-07T12:11:14+00:00
The context provided by ZmnSCPxj discusses the addition of information to an onion hop packet by F, which includes payment point, exchange rate point, and a signature using the point. OM verifies the exchange rate point, checks if it's economically viable, and confirms that the sum of payment point, exchange rate point and (om_to_s_scalar + s_to_om_scalar) * G corresponds to the point that OM needs to learn the scalar of. However, this setup is susceptible to a key cancellation attack where payment point may be secret * G - exchange_rate_point, thus removing the exchange from controlling when the payment completes. A naive mitigation could be including a signature using the payment point of an empty string in invoices to assure OM that payment point doesn't cancel its point. In the end, ZmnSCPxj advises not to trust money to cryptosystems created by random people on the internet.
Updated on: 2023-06-02T16:12:16.154996+00:00