[Lightning-dev] BOLT11 In the World of Scriptless Scripts

Rusty Russell rusty at rustcorp.com.au
Mon Nov 5 01:38:14 UTC 2018


ZmnSCPxj <ZmnSCPxj at protonmail.com> writes:
> Good morning Rusty and aj and list,
>
>>
>> > > In the payer-supplied data case, I think 'm' should include a signature
>> > > for a key only the payer knows: this lets them prove they made the
>> > > payment.
>> >
>> > I don't object to that, but I think it's unnecessary; as long as there
>> > was a payment for delivery of the widget to "aj" in "Australia" does it
>> > matter if the payment was technically made by "aj" by "Visa on behalf
>> > of aj" or by "Bank of America on behalf of Mastercard on behalf of aj's
>> > friend who owed him some money" ?
>>
>> You often don't want the vendor to know anything about you, and there's
>> often no reason why they should.
>>
>> And it just doesn't work unless you give over uniquely identifying
>> information. AJ posts to r/bitcoin demonstrating payment, demanding his
>> goods. Sock puppet says "No, I'm the AJ in Australia" and cut & pastes
>> the same proof.
>>
>
> Technically speaking, all that AJ in Australia needs to show is that he or she knows, the private key behind the public key that is indicated on the invoice.
>
> Before payment, only the payee knows this private key.
>
> After payment, both AJ in Australia and the payee know this private key (since the payment is conditional on AJ in Australia learning this key).

But the merchant (payee) knows it too.  So the lizard masters[1] at
Blockstream can produce this proof as well?

Cheers,
Rusty.
[1] https://twitter.com/rusty_twit/status/1057794540122206208


More information about the Lightning-dev mailing list