This is a nice scheme.
Pedersen commitments + pay to point seems to be the most practical way to
do it but you can generalise this paying for a decommitment idea to any
commitment scheme. For example, you could do this in a payment channel with
hashes if we had something like OP_CAT. e.g HTLC
Good morning aj,
> On Wed, Sep 25, 2019 at 01:30:39PM +, ZmnSCPxj wrote:
>
> > > Since it's off chain, you could also provide R and C and a zero knowledge
> > > proof that you know an r such that:
> > > R = SHA256( r )
> > > C = SHA256( x || r )
>
> > > in which case you could do it with
On Wed, Sep 25, 2019 at 01:30:39PM +, ZmnSCPxj wrote:
> > Since it's off chain, you could also provide R and C and a zero knowledge
> > proof that you know an r such that:
> > R = SHA256( r )
> > C = SHA256( x || r )
> > in which case you could do it with lightning as it exists today.
> I can
Good morning aj, and list,
> > Solution: buy a place in a merkle tree "risk-free"
> >
> > 1. send hash x of my message (or the merkle root of another tree) to the
> > timstamping server
> >
> > 2. server calculates Pedersen commit: C = xH + rG, hashes it, builds merkle
> > tree with
*Disclaimer*: I have just finished Highschool and I'm only learning a bit
in my free time.This may be fundamentally broken ;)
*Motivation*: If I had to timestamp multiple messages I could simply
aggregate them in a merkle tree and pay relatively low fees per message.
However, if I only need to