Good morning Benjamin,
Your caution is laudable, I think.
> Yes, bitcoin is wise to at least hash the pub key until use. Granted,
> lightning (necessarily?) risks public key exposure, but in a pinch there are
> other signature algorithms for lightning to move to.
Lightning cannot *quickly*
If I'm not mistaken, the scriptless scripts concept (as currently
formulated) falls to Schor's algorithm, and at present there is no
alternative implementation of the concept to fall back on. Correct? Lest we
build a house of cards, I'd strongly urge everyone to not depend on
functional concepts
FWIW, Conner pointed out that the initial ZK Proof for the correctness of
the
Paillier params (even w/ usage of bulletproofs) has multiple rounds of
interaction,
iirc up to 5+ (with additional pipelining) rounds of interaction.
-- Laolu
On Mon, May 7, 2018 at 5:14 PM Olaoluwa Osuntokun
Hi Pedro,
Very cool stuff! When I originally discovered the Lindell's technique, my
immediate thought was the we could phase this in as a way to _immediately_
(no
additional Script upgrades required), replace the regular 2-of-2 mulit-sig
with
a single p2wkh. The immediate advantages of this