Author: Anthony Towns 2019-09-25 19:29:58
Published on: 2019-09-25T19:29:58+00:00
In a recent discussion, the possibility of using Lightning Network to pay for a server was brought up. One participant suggested providing R and C along with a zero knowledge proof that one knows an r such that R = SHA256(r) and C = SHA256(x || r). Another participant mentioned insisting on paying only if the server reveals an r that matches some known R such that R = SHA256(r), as currently done in Lightning network. However, the challenge was then posed of proving, knowing only R and x and that there exists some r such that R = SHA256(r), that C = SHA256(x || r). It was suggested that if one knows x and r, they can generate C and R and a zero knowledge proof of the relationship between x, C, and R without revealing r. This could potentially be done with bulletproofs. However, it was noted that this zero knowledge proof already proves that C was generated based on x, making the timestamp unnecessary.
Updated on: 2023-05-23T02:13:56.982381+00:00