Author: Mats Jerratsch 2015-11-27 14:44:19
Published on: 2015-11-27T14:44:19+00:00
The discussion is about finding cleaner solutions for revealing private keys. The current solutions may force the other party to reveal the private key, but with dozens of HTLCs or payments that pay to two or more payment keys, it can become complicated. Mats provided a BIP request to the bitcoin-dev mailing list, and there should not be too much resistance if the use case is good enough and there are few drawbacks. Anthony Towns proposed an alternative approach, which was deemed more complicated by him and Andy Toshi. Rusty Russell pointed out that the proposed solution wouldn't work if sigA, sigB, and sigC all shared the same r and SIGHASH settings. Anthony suggested using stack operations to implement scriptPubkey and having scriptSig contain Q, R, and three signatures. There are six sig ops but only three different signatures, and getting various combinations to have the same signature forces the same r value between each of the signatures without needing a separate op to check it explicitly. It is mathematically possible to come up with Q, R, sigA, sigB, sigC where sigA.r, sigB.r, and sigC.r are all different, but it should be safely intractable.
Updated on: 2023-05-23T21:29:28.877581+00:00