📅 Original date posted:2013-06-20
📝 Original message:> which could involve proving something to a third party that has not seen
> the communication between payer and payee.
OK - I think I follow now. So a third-party who does not see any of the
communication between the payer and payee only knows the HASH160. Let's say
the payee denies receipt of the funds....
It's easy to prove what public key it was sent to (it's the preimage), but
you can't prove the parent of that public key. You can provide any number of
ParentPubKey * Multiplier that could have been used, so the 3rd party is
unconvinced by a "matching" ParentPubKey * Multiplier.
However, if you calculated the destination using: PubKeyParent *
HMAC(Multiplier,PubKeyParent) as Timo said, now if you give the 3rd party a
PubKeyParent and Multiplier (or Addend) that produces the destination
address, you've proven the payment is in fact spendable by PubKeyParent, and
they can't deny receipt. Very cool.
Sorry for "echoing" this back, it took me a little while to work it out, so
I thought I'd write it down. Hope I got it right...
If you give {PubKey, ChainCode} you do get this feature. If you give
{ParentPubKey, Addend} or {ParentPubKey, Addend, ChainCode} you're back to
having plausible deniability.
If BIP32's CKD'((Kpar, cpar), i) was actually HMAC(HMAC(cpar, i), Kpar) you
could give HMAC(cpar, i) instead of Addend, and then you would get this
feature; a way to 'skip down' a level in the wallet hierarchy, keep the
'chain of custody' so to speak back to the ParentPubKey intact, without
having to disclose the ChainCode. Meh...
Thanks,
--Jeremy
Jeremy Spilman [ARCHIVE] /
npub10e…jc727
2023-06-07 15:03:33
in reply to nevent1q…ds42
Author Public Key
npub10etkvm8l0jr0jsgdx02dxnhnu5g989dnca90guj5rklwkaplnh3sgjc727Seen on
wss://relay.noswhere.comPublished at
2023-06-07 15:03:33Event JSON
{
"id": "86c6cc8dc72ac03fd1daa767e3dfe7fb3edf8cd554122a2d3f5da86340500b1e",
"pubkey": "7e57666cff7c86f9410d33d4d34ef3e5105395b3c74af472541dbeeb743f9de3",
"created_at": 1686150213,
"kind": 1,
"tags": [
[
"e",
"60c63b2d935c09c2d6c618c7776de45a3225391d6d5c2bbb728d2b54da18fc56",
"",
"root"
],
[
"e",
"4b87573bbe81b976795bb868d57738d8dc3c3ab878d0de47b4139218e9d51b57",
"",
"reply"
],
[
"p",
"6b41dfcce682764d40c00fd6580a99614b6bbe8a8332085dea07afbc47ba9e8f"
]
],
"content": "📅 Original date posted:2013-06-20\n📝 Original message:\u003e which could involve proving something to a third party that has not seen \n\u003e the communication between payer and payee.\n\nOK - I think I follow now. So a third-party who does not see any of the \ncommunication between the payer and payee only knows the HASH160. Let's say \nthe payee denies receipt of the funds....\n\nIt's easy to prove what public key it was sent to (it's the preimage), but \nyou can't prove the parent of that public key. You can provide any number of \nParentPubKey * Multiplier that could have been used, so the 3rd party is \nunconvinced by a \"matching\" ParentPubKey * Multiplier.\n\nHowever, if you calculated the destination using: PubKeyParent * \nHMAC(Multiplier,PubKeyParent) as Timo said, now if you give the 3rd party a \nPubKeyParent and Multiplier (or Addend) that produces the destination \naddress, you've proven the payment is in fact spendable by PubKeyParent, and \nthey can't deny receipt. Very cool.\n\nSorry for \"echoing\" this back, it took me a little while to work it out, so \nI thought I'd write it down. Hope I got it right...\n\nIf you give {PubKey, ChainCode} you do get this feature. If you give \n{ParentPubKey, Addend} or {ParentPubKey, Addend, ChainCode} you're back to \nhaving plausible deniability.\n\nIf BIP32's CKD'((Kpar, cpar), i) was actually HMAC(HMAC(cpar, i), Kpar) you \ncould give HMAC(cpar, i) instead of Addend, and then you would get this \nfeature; a way to 'skip down' a level in the wallet hierarchy, keep the \n'chain of custody' so to speak back to the ParentPubKey intact, without \nhaving to disclose the ChainCode. Meh...\n\nThanks,\n--Jeremy",
"sig": "6834c2cc8d02e70cc2a669eb8f967d5ef600891a387fe98c591642ae25ddee6bea272b25dfa8d36227d668239d353be0e895a0dc61e8eb9351c881703a7faacc"
}