Author: Rusty Russell 2017-05-20 06:51:49
Published on: 2017-05-20T06:51:49+00:00
Neil Fincham asks if there is a way to deterministically generate H, the payment hash in LN, without revealing S, the payment preimage used to close a channel. He notes that we can generate Bitcoin addresses using BIP32 without using private keys. Rusty replies that it is possible but not with the current method and explains that for LN we use the terms "payment hash" for H and "payment preimage" for S. He clarifies that we still need the payment preimage to close out the HTLC but could send out payment requests without access to the preimages.Rusty suggests that using a pubkey for the payment hash and a privkey for the payment preimage, we could exactly use BIP32. However, he points out that this cannot be done with SHA256. He also mentions an even more mindblowing scheme using Schnorr where the signature itself serves as a kind of preimage, which would allow a similar partition scheme to what Neil described, but he is not sure about it.
Updated on: 2023-05-24T01:54:33.246980+00:00