{"type":"rich","version":"1.0","title":"Nadav Kohen [ARCHIVE] wrote","author_name":"Nadav Kohen [ARCHIVE] (npub1ge…rtua0)","author_url":"https://yabu.me/npub1geqdlge6ysz9qlq3w758422flnkgqklpu9veu80ehjprcd04ugyqkrtua0","provider_name":"njump","provider_url":"https://yabu.me","html":"📅 Original date posted:2019-07-17\n📝 Original message:\nHi All,\n\nI recently posted a proposal here for a scheme through which a trusted data\nprovider can utilize the Lightning Network to privately sell data where\ndata is received atomically with purchase.\n\nI've more recently been thinking about situations where a party, that is\n*not* trusted, is attempting to sell its signature to a known message. One\nexample of a situation where this would be useful is if someone is trying\nto offer a DLC-like Option contract where they are essentially\ncollateralizing themselves in a funding transaction and then selling their\nsignatures to Contract Execution Transactions (CETs). In this example, we\nmust ensure that the buyer of the signatures pays if and only if they\nreceive valid signatures for the CETs which are known.\n\nI believe that this is achievable in a relatively straightforward way if we\nwere to use ZmnSCPxj's proposed payment points with scalars (as opposed to\npayment hashes with pre-images). The (Schnorr) signature seller could give\nthe buyer their one-time public key, `R = k*G`, through which the buyer\ncould compute the payment point whose scalar is the seller's signature:\n`sig*G = R + h(m, R)*A` where `A` is the seller's public key. Using this\nvalue as the payment point, the buyer could be assured that they pay if and\nonly if they receive `sig` from the seller, where `sig` is the desired\nvalid signature of `m`!\n\nBest,\nNadav\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20190717/95c848fb/attachment.html\u003e"}