Oddbean new post about | logout
 I was looking at NUT-11 "paying to public key" and thought that there might be an easier way to do this, but maybe I'm wrong. 

When I'm creating a blindedMessage (B_) I add a random pk (Point R) to my hash_to_curve point (Point A). I can send B_ to the Mint and the Mint will produce the blindedsignature C_. I can unblind C_ because I know the sk of Point R. 

If I want to send money that is locked to your pk. Can't I just use your pk as the Point R to produce B_? Since I don't know the sk to your pk, I will not be able to unblind C_. Therefore you should be the only one to be able to unblind C_ . I could post the message/preimage to create point A together with the mint generated C_ somewhere in the public or send it to you and when your are coming online you can take that information and unblind C_ to get C and redeem the money from the mint.

Is there something wrong in my thinking?