Author: ZmnSCPxj 2019-09-25 13:30:39
Published on: 2019-09-25T13:30:39+00:00
The proposed solution involves buying a place in a Merkle tree "risk-free" by sending a hash x of a message to the timestamping server, which calculates Pedersen commit, builds Merkle tree with other commits, and publishes it in the Bitcoin blockchain. After confirmation of commitment C, payment can be made using a lightning payment with C - xH = rG as payment point. However, Lightning does not yet support payment points/scalars. The client can induce the server to "waste" a slot on committing information without getting paid but cannot prove that the commitment commits to its message without paying. Floating and subscriber clients can avoid this issue. It is suggested to use sign-to-contract on-chain directly or pay-for-pedersen-commitment for rare operations. Payment points/scalars can prevent route correlation, allow for pay-for-signature, noncustodial Lightning escrow, and parallel payments. A zero-knowledge proof is proposed where R = SHA256(r) and C = SHA256(x || r), but it is unclear how to prove this operation knowing only R and x.
Updated on: 2023-06-02T20:26:43.042318+00:00