*Disclaimer*: I have just finished Highschool and I'm only learning a bit in my free time.This may be fundamentally broken ;)
*Motivation*: If I had to timestamp multiple messages I could simply aggregate them in a merkle tree and pay relatively low fees per message. However, if I only need to timestamp something once in a while I need to rely on free services or pay high fees. *Solution*: buy a place in a merkle tree "risk-free" 1. send hash x of my message (or the merkle root of another tree) to the timstamping server 2. server calculates Pedersen commit: C = x*H + r*G, hashes it, builds merkle tree with other commits in it and publishes a valid transaction containing the merkle root to the Bitcoin blockchain 3. after a certain number of block confirmations and with the given proof I can confirm that the commitment C is indeed part of the Bitcoin blockchain 4. I now have to send a lightning payment with C - x*H = r*G as the payment point to the timestamping server and as a proof of payment the server must reveal r to receive the money. --> With both r and x I have a valid Pedersen commitment. This introduces an additional security assumption to Bitcoin timestamps but if the discrete logarithm is broken Bitcoin has bigger problems than broken timestamps. *Conclusion* This scheme essentially shifts the risk of a timestamping service from the buyer to the seller who now has to pay the onchain transaction fee upfront. Hence, the seller will most likely charge a small fee upfront just like some submarineswap providers do. Regards Konstantin Ketterer
_______________________________________________ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev