This document outlines a method to map a secret scalar value x
from one elliptic curve group (secp256k1) to another elliptic curve group (a pairing-friendly curve).
This method leverages a variation of the Schnorr signature scheme to prove that the same secret scalar is used in both groups without revealing the value of x
.
This approach can be useful in applications where compatibility with different cryptographic groups is required. For example, in the context of using the Lightning Network to purchase in a PTLC a key to be used with pairing-based cryptography. In general, it is interesting for Adaptor Signatures, Scriptless Scripts, and Discreet Log Contracts.
Sats4Files is a protocol for decentralized file hosting. It allows users to request data from untrusted servers, and upon receiving the encrypted data, they can pay for the decryption key via Lightning. The exchange is atomic, ensuring that the user only receives the data if they pay for it, and the seller only gets paid if they deliver the data. The protocol is an efficient form of verifiable encryption, which is similar to verifiable secret sharing using Shamir's algorithm.
This scheme is simplified and does not fully solve the problem, as discussed in the Limitations section. This writeup intends to spark interest to solve the remaining issues beyond the fixes that we suggest.
The client wants to buy from the server the file
corresponding to a particular file_id
.
Here, we assume we have PTLCs on Lightning instead of HTLCs. That means we can buy a discrete logarithm over Li
The client wants to buy from the server the file
corresponding to a particular file_id
. The following is a very basic scheme solving the problem in a naive way.
- The
file
gets chunked into 32-byte chunks. They are hashed into a Merkle root, which is thefile_id
. - The client buys from the server one Merkle branch after another via Lightning payments. The payment's preimage is the Merkle leaf.
- Sending 32 MB requires 1 million Lightning transactions. That means equally many signatures.
A decentralized file hosting protocol in which clients pay per request. Client and server perform a fair exchange of coins against files, using a Lightning payment combined with a proof of encryption. This document describes a naive system which is probably too slow, however it intends to spark a discussion about which proof systems could make it practical, because that could allow to decentralize the web.
A “Sats4Files protocol” allows users to request data from servers, and upon receiving the encrypted data, they can pay for the decryption key, e.g., via Lightning. The exchange is atomic, ensuring that the user only receives the data if they pay for it, and the seller only gets paid if they deliver the data.
Servers respond to client requests with a zero-knowledge proof, which expresses