In other words, the `revocationbase_priv` can only be derived (and used to sign for the `revocationpubkey`) by the party that knows _both_ the `revocationbase_priv` _and_ the `per_commitment_secret`. This little trick is what makes the public-key-based revocation system used in the Lightning Network secure.
In other words, the `revocation_priv` can only be derived (and used to sign for the `revocationpubkey`) by the party that knows _both_ the `revocationbase_priv` _and_ the `per_commitment_secret`. This little trick is what makes the public-key-based revocation system used in the Lightning Network secure.