PTLC

PTLCs differ from HTLCs in their primary locking and unlocking method:

• HTLC hash locks: are locked using a hash digest and unlocked by providing the corresponding preimage. The most commonly used hash function is SHA256, which produces a 256-bit (32-byte) digest commonly generated from a 32-byte preimage.

• When used to secure multiple payments (e.g. an atomic swap), all payments use the same preimage and hash lock. This creates a link between those payments if they’re published onchain or if they’re routed offchain though surveillance nodes.

• PTLC point locks: are locked using a public key (a point on Bitcoin’s elliptic curve) and unlocked by providing a corresponding signature from a satisfied signature adaptor. For a proposed schnorr signature construction, the key would be 32 bytes and the signature 64 bytes. However, using either multiparty ECDSA or schnorr key aggregation and signing, the keys and signature can be combined with other keys and signatures needed to authorize any spend, allowing point locks to use zero bytes of distinct block space.

• Each point lock can use different keys and signatures, so there is nothing about the point lock that correlates different payments either onchain or when routed offchain through surveillance nodes.