Good morning again, > Good morning Dave, > > > ZmnSCPxj noted that pay-to-preimage doesn't work with PTLCs.[2] I was > > hoping one of Bitcoin's several inventive cryptographers would come > > along and describe how someone with an adaptor signature could use that > > information to create a pubkey that could be put into a transaction with > > a second output that OP_RETURN included the serialized adaptor > > signature. The pubkey would be designed to be spendable by anyone with > > the final signature in a way that revealed the hidden value to the > > pubkey's creator, allowing them to resolve the PTLC. But if that's > > fundamentally not possible, I think we could advocate for making > > pay-to-revealed-adaptor-signature possible using something like > > OP_CHECKSIGFROMSTACK.[3] > > <snip> > > The signed message could be a signature to `SIGHASH_NONE`, finally an actual > use for that flag.
If you are going to embed it in an `OP_RETURN` in the same transaction, you also need `SIGHASH_ANYPREVOUT`, otherwise you cannot embed the adaptor signature for spending from that transaction in the transaction being spent, it also implies `A[p4s] = a[p4s] * G` is a one-time-use keypair. Regards, ZmnSCPxj _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
