Hi All, I recently posted a proposal here for a scheme through which a trusted data provider can utilize the Lightning Network to privately sell data where data is received atomically with purchase.
I've more recently been thinking about situations where a party, that is *not* trusted, is attempting to sell its signature to a known message. One example of a situation where this would be useful is if someone is trying to offer a DLC-like Option contract where they are essentially collateralizing themselves in a funding transaction and then selling their signatures to Contract Execution Transactions (CETs). In this example, we must ensure that the buyer of the signatures pays if and only if they receive valid signatures for the CETs which are known. I believe that this is achievable in a relatively straightforward way if we were to use ZmnSCPxj's proposed payment points with scalars (as opposed to payment hashes with pre-images). The (Schnorr) signature seller could give the buyer their one-time public key, `R = k*G`, through which the buyer could compute the payment point whose scalar is the seller's signature: `sig*G = R + h(m, R)*A` where `A` is the seller's public key. Using this value as the payment point, the buyer could be assured that they pay if and only if they receive `sig` from the seller, where `sig` is the desired valid signature of `m`! Best, Nadav
_______________________________________________ Lightning-dev mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
