Author: Nadav Kohen 2019-07-17 15:37:19
Published on: 2019-07-17T15:37:19+00:00
The author posted a proposal for a scheme where a trusted data provider can use the Lightning Network to privately sell data received atomically with purchase. However, the author has been thinking about situations where an untrusted party is trying to sell its signature to a known message. One example of this is offering a DLC-like Option contract where they are collateralizing themselves in a funding transaction and then selling their signatures to Contract Execution Transactions (CETs). To ensure that the buyer of the signatures pays only if they receive valid signatures for the CETs that are known, the author suggests using ZmnSCPxj's proposed payment points with scalars instead of payment hashes with pre-images. The (Schnorr) signature seller could give the buyer their one-time public key, `R = k*G`, through which the buyer could compute the payment point whose scalar is the seller's signature: `sig*G = R + h(m, R)*A` where `A` is the seller's public key. Using this value as the payment point, the buyer could be assured that they pay only if they receive `sig` from the seller, where `sig` is the desired valid signature of `m`.
Updated on: 2023-06-02T19:32:25.388630+00:00