📅 Original date posted:2020-06-20
📝 Original message:
Good morning again,
> Good morning Dave,
>
> > ZmnSCPxj noted that pay-to-preimage doesn't work with PTLCs.[2] I was
> > hoping one of Bitcoin's several inventive cryptographers would come
> > along and describe how someone with an adaptor signature could use that
> > information to create a pubkey that could be put into a transaction with
> > a second output that OP_RETURN included the serialized adaptor
> > signature. The pubkey would be designed to be spendable by anyone with
> > the final signature in a way that revealed the hidden value to the
> > pubkey's creator, allowing them to resolve the PTLC. But if that's
> > fundamentally not possible, I think we could advocate for making
> > pay-to-revealed-adaptor-signature possible using something like
> > OP_CHECKSIGFROMSTACK.[3]
>
> <snip>
>
> The signed message could be a signature to `SIGHASH_NONE`, finally an actual use for that flag.
If you are going to embed it in an `OP_RETURN` in the same transaction, you also need `SIGHASH_ANYPREVOUT`, otherwise you cannot embed the adaptor signature for spending from that transaction in the transaction being spent, it also implies `A[p4s] = a[p4s] * G` is a one-time-use keypair.
Regards,
ZmnSCPxj
ZmnSCPxj [ARCHIVE] /
npub1g5…3ms3l
2023-06-09 13:00:31
in reply to nevent1q…jhkg
Author Public Key
npub1g5zswf6y48f7fy90jf3tlcuwdmjn8znhzaa4vkmtxaeskca8hpss23ms3lPublished at
2023-06-09 13:00:31Event JSON
{
"id": "890ea62d432265e7f74cfdf62f3f4af7212e2c8c3ca032fab5fe03f9021186e4",
"pubkey": "4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861",
"created_at": 1686315631,
"kind": 1,
"tags": [
[
"e",
"4ca42899fa8de714a727dbf98bf2ddb3daa5c45e423147e099276bcf1b70702d",
"",
"root"
],
[
"e",
"683bc0430dcea527b86cfe7a49ceb33a9ce3c8713690511559e13ad784044f47",
"",
"reply"
],
[
"p",
"4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861"
]
],
"content": "📅 Original date posted:2020-06-20\n📝 Original message:\nGood morning again,\n\n\u003e Good morning Dave,\n\u003e\n\u003e \u003e ZmnSCPxj noted that pay-to-preimage doesn't work with PTLCs.[2] I was\n\u003e \u003e hoping one of Bitcoin's several inventive cryptographers would come\n\u003e \u003e along and describe how someone with an adaptor signature could use that\n\u003e \u003e information to create a pubkey that could be put into a transaction with\n\u003e \u003e a second output that OP_RETURN included the serialized adaptor\n\u003e \u003e signature. The pubkey would be designed to be spendable by anyone with\n\u003e \u003e the final signature in a way that revealed the hidden value to the\n\u003e \u003e pubkey's creator, allowing them to resolve the PTLC. But if that's\n\u003e \u003e fundamentally not possible, I think we could advocate for making\n\u003e \u003e pay-to-revealed-adaptor-signature possible using something like\n\u003e \u003e OP_CHECKSIGFROMSTACK.[3]\n\u003e\n\u003e \u003csnip\u003e\n\u003e\n\u003e The signed message could be a signature to `SIGHASH_NONE`, finally an actual use for that flag.\n\nIf you are going to embed it in an `OP_RETURN` in the same transaction, you also need `SIGHASH_ANYPREVOUT`, otherwise you cannot embed the adaptor signature for spending from that transaction in the transaction being spent, it also implies `A[p4s] = a[p4s] * G` is a one-time-use keypair.\n\nRegards,\nZmnSCPxj",
"sig": "de3a6f4c096baf460b4383573c37f4d2b795dc22637fb4a9c794df4d58c7558c9e988dbdf4e6ddce0bd3f33fc5559708eb802dbb1a71f4ede01dc26cbe8be13b"
}