Author: ZmnSCPxj 2020-06-21 02:10:32
Published on: 2020-06-21T02:10:32+00:00
In a message exchange, ZmnSCPxj pointed out that pay-to-preimage doesn't work with PTLCs. The requester was hoping for a solution from Bitcoin's cryptographers to create a pubkey with which the transaction could be made. The pubkey would be designed to be spendable by anyone with the final signature in a way that revealed the hidden value to the pubkey's creator, allowing them to resolve the PTLC. However, if it is not possible, they thought of advocating for making pay-to-revealed-adaptor-signature possible using something like OP_CHECKSIGFROMSTACK. The signed message could be a signature to SIGHASH_NONE finally, an actual use for that flag. If the message is going to embed in an OP_RETURN in the same transaction, then it also needs SIGHASH_ANYPREVOUT; otherwise, you cannot embed the adaptor signature for spending from that transaction in the transaction being spent. It also implies A[p4s] = a[p4s] * G is a one-time-use keypair.
Updated on: 2023-06-03T00:51:28.573039+00:00