Hi, this is something that's been on my mind for a while and wanted to know if this could be useful for some applications.

Right now, Lightning micropayments are often used as a sort of anti-spam mechanism, like on stacker.news where you need to pay 1 sat to post or comment, or L402 which lets you monetize API calls.

But not everyone has a lightning wallet, and while you often need to send a negligble amount of sats (1-10), this still may not be desirable

UTXO Proofs

Here's a nifty thing Lightning does as an anti-spam mechanism. Imagine I'm a Lightning node, and I want to cause payments to fail. What's stopping me from announcing to the world I have a billion channels with limitless capacity and 0 fees, only for people to fail to route through them?

Lightning requires that any publicly gossiped channels include a "proof of ownership" for that channel. This means that when you announce a channel, you include the UTXO id, and a signature from both channel members proving you own this UTXO. This makes spam infeasible, because you can blacklist nodes based on their UTXOs and creating UTXOs isn't free.

So what if we could use this same method for other applications? Imagine for example stacker.news is getting overwhelmed with spam, so they remove the free 5 comments and require a Lightning payment. This could potentially lose them some users. Instead imagine if you could also get a few free comments by providing stacker.news a signed message showing proof of some UTXO.

The biggest downside I see would be privacy. This is an issue for Lightning too, as any public channels can easily be identified based on gossip and linked to their on-chain UTXOs. From what I can tell this is still an unsolved problem for Lightning, and it's not clear how to solve it (some sort of zero-knowledge proof of ownership of a UTXO, without revealing the UTXO itself would be required but I'm not aware of any proposed ways to do this). But it could be a helpful way for bitcoiners who don't have Lightning setup yet to still use services like L402, stacker.news, etc.

100 sats \ 2 replies \ @benthecarman 6 Oct 2023

From what I can tell this is still an unsolved problem for Lightning, and it's not clear how to solve it

This is a solvable problem. You can do something similiair to how monero works where you give a signature that is valid over many utxos, so the verifiier knows that you own 1 of the utxos but it could be any of the ones you provided

0 sats \ 1 reply \ @shibe OP 6 Oct 2023

Hmm interesting, but couldn't you potentially produce a lot of such "proofs". And how would you effectively blacklist a certain utxo/proof? Would all the utxos involved in that proof be tainted?

100 sats \ 0 replies \ @anon 6 Oct 2023

Monero has something called key image to solve it. It ensures that each proof has an identical component based on the key. So you can know if two proofs are to the same key and discard duplicates but still don't know which one it is. I don't remember the details enough to say if it's possible to use on Bitcoin. Probably yes.