Author: ZmnSCPxj 2018-03-19 00:25:13
Published on: 2018-03-19T00:25:13+00:00
The concept of making atomic multipath payment (AMP) has been introduced with the properties of having proof-of-payment and multipath decorrelation. The BIP32 hierarchically derived (HD) keys by Wuille are looked at to derive child keys for integer i. If an i, a private child key k_i and the public parent key K_par is known, the private parent key k_par can be derived. A conditional payment is required, which can only be performed if the payee provides a private key that matches a public key. The Scriptless Script (SS) concept by Poelstra provides this work beforehand where the payee provides a T = t * G, and the Scriptless Script construction requires that the payee reveal the t in order to claim the payment. But, we still need a timelock in case the payee refuses to reveal the proof-of-payment t. Maxwell has provided a construction, taproot (TR), which forms the timelock half of an HTLC. For a multipath payment, the invoice would contain the parent public key K_par. From this, the payer derives as many K_i as it needs to split the payment to. It sets up conditional payments that require revelation of the private child key k_i for each K_i it derives. The payee will wait for the entire payment to reach it and then claim all of them. This reveals all the private child keys k_i, any one of which will let the payer extract the parent private key k_par that serves as proof-of-payment. Each path has a different k_i, thus providing multipath decorrelation. ZmnSCPXj mentions that he is not a mathematician and there might be a mistake somewhere.
Updated on: 2023-05-24T22:17:20.059656+00:00