An idea for
@FIPS , to allow more (transitive) signing within ancestries, while retaining the obfuscation/privacy benefit of hiding the 'real' npub:
TL/DR: the node_addr should be a tweaked public key, not just an arbitrary hash of the pubkey key.
Your node has a keypair: the secret s and the corresponding public key p. We usually see the p in it bech32 representation (npub...)
Currently, the node_addr is the (first 16 bytes of the) sha256sum of the pubkey. I propose to change that
First, define a tweak:
t = sha256("FIPS_node_addr" || pubkey)
Then we have a tweaked pubkey
p' = p + tG
and the corresponding tweaked secret (don't forget BIP-340), which will allow your node to sign for p' just as easily as it can sign for p.
Now, let's define the node_id as p', and the node_addr as the first 16 bytes of that.
With this scheme, if my node tells you that my ancestry is
[node_id(me), node_id(A), node_id(B), node_id(Root)],
then the ancestry will include multiple relevant signatures. You won't directly see the pubkey B, but you'll B'=node_id(B). And you will see a signature by B' that it's parent is node_id(Root).
Of course, signatures don't prove that all the data is genuine. But over time, we can see which node_ids are reliable and which are not. For example, the signature will stop a hacker from pretending that you (a reliable) node has selected the hacker as its parent
