BIP proposal, Pay to Contract BIP43 Application

A team has developed a basic trade finance application to conduct transactions using the Homomorphic Payment Addresses and the Pay-to-Contract Protocol paper. They have generalised it and made it BIP43 complaint. The team defines levels in BIP32 path as m / purpose' / coin_type' / contract_id' / *. Contract_id is an arbitrary number within the valid range of indices. Then, they define contract base as following prefix: m / purpose' / coin_type' / contract_id'. Contract commitment address is computed by hashing a document with a cryptographic hash function of your choice (e.g. Blake2), mapping the hash to partial derivation path and computing child public key by chaining the derivation path from step 2 with contract base. Payment address funds could be reclaimed only if the customer_contract_signature is provided by the customer. In terms of durability, their app is pretty simple at this point, they don't store anything, they let customer download and manage the files.The construction appears to be completely insecure, according to Gregory Maxwell. He believes that this is because the pubkey is easily manipulated. The team updated the BIP to explicitly specify the multiparty key derivation scheme, which they hope will address Maxwell's concerns. The BIP draft can be found on GitHub. Omar, from the team, thanks Gregory for his feedback and welcomes any further feedback.