You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just wanted to note some of my thoughts on sending money to a fedimint user via a static address, as discussed in #3820. The following scheme should allow for this without trusting the gateway for the amount while making it impossible to link the payments to the address or each other.
In its simplest form the static address consists of three fields:
the gateway api endpoint
a 33 byte secp256k1 public key corresponding to the recipient
a 48 byte bls12_381::G1 public key corresponding to the recipient's federation
The sender now proceeds as follows:
create a random ephemeral secp256k1 keypair
use the ephemeral secret key for a Diffie Hellman key exchange with the recipient's public key and hash the shared point to a shared secret between sender and recipient.
use the shared secret to tweak the recipient's public key to obtain an claim public key
hash the shared secret again to obtain the randomness for threshold encryption of the preimage
hash the shared secret again to the preimage that will be encrypted
threshold encrypt the preimage such that it can be decrypted by the recipient's federation. the encrypted preimage commits to the following values
hash
amount
expiration
claim public key
ephemeral public key
send the ecrypted preimage to the gateway api endpoint and get a invoice in return
we check the invoice for the correct hash and amount
if the invoice is paid, this proofs to us that the federation confirmed the encrypted preimage in an output and the amount is now available to the claim_key
Now the receiver can iterate over all unclaimed incoming contracts, recognise the claim public key as derived from the recipient's key in one of its static addresses and claim the funds with its tweaked private key.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I just wanted to note some of my thoughts on sending money to a fedimint user via a static address, as discussed in #3820. The following scheme should allow for this without trusting the gateway for the amount while making it impossible to link the payments to the address or each other.
In its simplest form the static address consists of three fields:
The sender now proceeds as follows:
Now the receiver can iterate over all unclaimed incoming contracts, recognise the claim public key as derived from the recipient's key in one of its static addresses and claim the funds with its tweaked private key.
Beta Was this translation helpful? Give feedback.
All reactions