Author: Anthony Towns 2018-11-02 03:19:45
Published on: 2018-11-02T03:19:45+00:00
The Lightning Network community is discussing what the payment flow for lightning might look like in the future. Rusty Russell, a Linux kernel developer and one of the original developers of Bitcoin's Lightning Network, has suggested using secp256k1 public/private keys for payment hashes/preimages as an experimental/optional feature in v1.1 of the Lightning specification. This move is seen as necessary for payment decorrelation, AMP, and third-party verifiable proof-of-payment. Russell also suggests that invoices should be able to be paid multiple times by different individuals and payments should be provable in a way that prevents fraud. He outlines a hypothetical example where Alice sells a t-shirt to Bob and provides him with a receipt that is signed with her public key. The signature must be a Schnorr sig that contains (R,s) with the vendor choosing R and not revealing R's preimage as that would reveal their private key. If both the vendor and customer know R, then to get the signature, the private key holder must reveal s. Russel proposes a mechanism for AMP splits and joins, which involves knowing x_i for each input and y_j for each output other than the first and verifying I_i = O_1 + x_i*G and O_j = O_1 + y_j*G. He believes this will allow all incoming HTLCs to be claimed given the secret from any outgoing HTLC.
Updated on: 2023-05-20T08:54:56.824508+00:00