Good morning all, > > What's the nasty compromise? > > > > Let's also not underestimate how big of an update switching to dlog based > > > > HTLCs will be. > > Was referring to losing proof-of-payment; that's vital in a system > > without intermediaries. We have to decide what the lesser evil is.
Without the inherent ZKCP, it becomes impossible to build a trustless off-to-on/on-to-offchain bridge, since a trustless swap outside of Lightning becomes impossible. To my mind, ZKCP is an important building block in cryptocurrency: it is what we use in Lightning for routing. Further, ZKCP can be composed together to form a larger ZKCP, which again is what we use in Lightning for routing. The ZKCP here is what lets LN endpoint to interact with the chain and lets off-to-on/on-to-offchain bridges to be trustless. off/onchain bridges are important as they provide: 1. Incoming channels: Get some onchain funds from cold storage (or borrowed), create an outgoing channel (likely to the bridge for best chance of working), then ask bridge for an invoice to send money to an address you control onchain. The outgoing channel capacity becomes incoming capacity, you get (most of) your money back (minus fees) onchain. 2. Reloading spent channels. Give bridge an invoice and pay to the bridge to trigger it reloading your channel. 3. Unloading full channels. If you earn so much money (minus what you spend on expenses, subcontractors, employees, suppliers, etc.) you can use the bridge to send directly to your cold storage. #1 lets us leave out double-funded channels. #2 and #3 lets us leave out splice. The interaction between bridge and Lightning is simply via BOLT11 invoices. Those provide the ZKCP necessary to make the bridge trustless. AMP enhances such a Lightning+bridge network, since the importance of maximum channel capacity is reduced if a ZKCP-providing AMP is available. For myself, I would rather leave out AMP and double-funding and splicing than remove ZKCP. One could imagine a semi-trusted ZKCP service for real-world items. Some semi-trusted institution provides special safeboxes for rent that can be unlocked either by seller private key after 1008 blocks, or by the recipient key and a proof-of-payment preimage (and records the preimage in some publicly-accessible website). To sell a real-world item, make a BOLT11 invoice, bring item to a safebox, lock it with appropriate keys and the invoice payment hash, give BOLT11 invoice to buyer. Buyer pays and gets proof-of-payment preimage, goes to safebox and gets item. Multi-way trades (A wants item from B, B wants item from C, C wants item from A) are just compositions of ZKCP. > > And yeah, I called it Schnorr-Eltoonicorn not only because it's sooooo > > pretty, but because actually capturing it will be a saga. Bards shall sing about The Hunt for Schnorr-Eltoonicorn for ages, until Satoshi himself is but a vague memory of a myth long forgotten. Regards, ZmnSCPxj _______________________________________________ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
