[Lightning-dev] Selling timestamps (via payment points and scalars + Pedersen commitments ) [try2]

[Konstantin Ketterer]

*Disclaimer*: I have just finished Highschool and I'm only learning a bit
in my free time.This may be fundamentally broken ;)

*Motivation*: If I had to timestamp multiple messages I could simply
aggregate them in a merkle tree and pay relatively low fees per message.
However, if I only need to timestamp something once in a while I need to
rely on free services or pay high fees.

*Solution*: buy a place in a merkle tree "risk-free"

1. send hash x of my message (or the merkle root of another tree) to the
timstamping server
2. server calculates Pedersen commit: C = x*H + r*G, hashes it, builds
merkle tree with other commits in it and publishes a valid transaction
containing the merkle root to the Bitcoin blockchain
3. after a certain number of block confirmations and with the given proof I
can confirm that the commitment C is indeed part of the Bitcoin blockchain
4. I now have to send a lightning payment with C - x*H = r*G as the payment
point  to the timestamping server and as a proof of payment the server must
reveal r to receive the money.

--> With both r and x I have a valid Pedersen commitment.

This introduces an additional security assumption to Bitcoin timestamps but
if the discrete logarithm is broken Bitcoin has bigger problems than broken
timestamps.

*Conclusion*
This scheme essentially shifts the risk of a timestamping service from the
buyer to the seller who now has to pay the onchain transaction fee upfront.
Hence, the seller will most likely charge a small fee upfront just like
some submarineswap providers do.

Regards
Konstantin Ketterer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20190925/8d6502f0/attachment.html>