Author: Nicolas Dorier 2016-03-08 15:51:00
Published on: 2016-03-08T15:51:00+00:00
In a discussion about Lightning network, Mats Jerratsch expressed concerns about the security implications of disclosing R values for accepted payments. While there isn't technically a security issue if R values are disclosed when the payment is not in the current commitment, proof-of-payment relies on revealing R values only for accepted payments. Otherwise, knowing R values no longer proves that a payment has been made. CJP asked how deriving R values from a tree structure works for larger networks and Nicolas Dorier responded that Shachain is a variant of this which avoids generating several million hashes in advance. Rusty Russell suggested using hashing in the Deployable Lightning paper but didn't actually spell out the idea. Alice does not have to disclose R if she does not want to and Bob cannot know the next R because R(n+1) = PreImage(R(n)).
Updated on: 2023-05-23T22:55:10.567172+00:00