[Lightning-dev] BOLT11 In the World of Scriptless Scripts

ZmnSCPxj ZmnSCPxj at protonmail.com
Mon Nov 5 01:05:17 UTC 2018


Good morning Rusty and aj and list,

>
> > > In the payer-supplied data case, I think 'm' should include a signature
> > > for a key only the payer knows: this lets them prove they made the
> > > payment.
> >
> > I don't object to that, but I think it's unnecessary; as long as there
> > was a payment for delivery of the widget to "aj" in "Australia" does it
> > matter if the payment was technically made by "aj" by "Visa on behalf
> > of aj" or by "Bank of America on behalf of Mastercard on behalf of aj's
> > friend who owed him some money" ?
>
> You often don't want the vendor to know anything about you, and there's
> often no reason why they should.
>
> And it just doesn't work unless you give over uniquely identifying
> information. AJ posts to r/bitcoin demonstrating payment, demanding his
> goods. Sock puppet says "No, I'm the AJ in Australia" and cut & pastes
> the same proof.
>

Technically speaking, all that AJ in Australia needs to show is that he or she knows, the private key behind the public key that is indicated on the invoice.

Before payment, only the payee knows this private key.

After payment, both AJ in Australia and the payee know this private key (since the payment is conditional on AJ in Australia learning this key).

So instead of a non-interactive proof of payment, our law court performs an interactive proof, of the form:

1.  Court: I have this random number X[1], please sign it with the public key P on the invoice, Mr. whoever-you-are.

2.  AJ in Australia: Here's the (R[1], s[1])

3.  Court: I have this random number X[2], please sign it with the public key P on the invoice, Mr. whoever-you-are.

4.  AJ in Australia: Here's the (R[2], s[2])

... skip 194 more steps ...

199. Court: I have this random number X[100], please sign it with the public key P on the invoice, Mr. whoever-you-are.

200. AJ in Australia: Here's the (R[100], s[100])

201.  Court: By the power vested on me by Mathematics, I find Blockstream Store to be liable for the delivery of 100 widgets as indicated on this invoice.  Court is now adjourned.

Is the above theoretically workable, without the need for identifying AJ in Australia, other than via its ability to sign using the private key?

Regards,
ZmnSCPxj


More information about the Lightning-dev mailing list