Published on: 2019-11-12T07:32:11+00:00
The Lightning Network is exploring the use of "payment points" as an alternative to hashes for the core lock mechanism in lightning transactions. While traditional schemes like 2p-ECDSA or 2p-Schnorr are typically used for payment points, a proposal by uSEkaCIO suggests using a simpler method. This method involves using only a 2-of-2 OP_CHECKMULTISIG and a single signer ECDSA adaptor signature on one of the keys.To implement this method, Alice and Bob communicate their public keys A and B respectively. They then calculate the transaction ID (txid) of the fund transaction, which spends Alice's inputs to an OP_CHECKMULTISIG 2-of-2 with A and B as the keys. From there, Bob sends a signature under B on a refund transaction to Alice, while Alice sends an adaptor signature under A with an auxiliary point Y on the redeem transaction to Bob. The process also involves the use of a random k and a DLEQ proof.This scheme allows for the implementation of features like payment points without the need for a proper multisignature scheme. It has several advantages, including simpler key exchange protocols compared to 2pECDSA and 2pSchnorr, easier specification, and the ability to move towards ideal Schnorr-based endpoints. The proposed scheme is practical and can achieve anything that can be done with 2p-ECDSA/Schnorr scriptless scripts, with the difference being the use of a 2-of-2 OP_CMS P2WSH output instead of a normal p2pkh/public key output.The author of the proposal presents their own version of the single signer ECDSA adaptor algorithms based on previous work. Although there is a security flaw in the scheme related to the calculation of the Diffie-Hellman key, the author believes it is unlikely to affect any practical proposals. The key exchange protocol in this scheme is simpler than both 2pECDSA and 2pSchnorr, making it a natural step towards Schnorr. It can be covered under a single BOLT spec, which would simplify the specification process.The proposed transaction structure can be adjusted to move towards the ideal Schnorr-based endpoint or retain its current form with the pre-image spending path replaced by OP_CMS. The author invites feedback on their idea, highlighting the practicality and potential advantages of this approach.
Updated on: 2023-07-31T22:22:34.389958+00:00