Good morning David, t-bast, and all,
> I'm not aware of any way to currently force single-show signatures in
> Bitcoin, so this is pretty theoretical. Also, single-show signatures
> add a lot of fragility to any setup and make useful features like RBF
> fee bumping unavailable.
With `OP_CAT`, we can enforce that a particular `R` is used, which allows to
implement single-show signatures.
# Assuming signatures are the concatenation of (R,s)
<R> OP_SWAP OP_CAT <ACINQ> OP_CHECKSIG
The above would then feed `s` only on the witness stack.
Regards,
ZmnSCPxj
_______________________________________________
Lightning-dev mailing list
Lightning-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
