lightning-dev
[BOLT Draft] Onion Routing Spec
Posted on: October 3, 2016 21:34 UTC
In a discussion on the use of Schnorr keys in Bitcoin, Olaoluwa Osuntokun explains that the same curve equation and domain parameters as Bitcoin would be used, but EC-DSA would be replaced by EC-Schnorr.
This means that pub/priv keys would stay the same, allowing on-chain keys to be used for signing/verifying multi-sign channel authentication proofs. While ECDSA would still be used for everything that could go to the bitcoin blockchain, Schnorr would be used for all other crypto primitives. Concerning the separation of onion privkey, Christian argues that passive or active key rotation for the onion keys is valuable in order to limit the shared secret backlog, allowing it to be forgotten after a rotation, even if forward secrecy is not present.