Skip to content

Instantly share code, notes, and snippets.

@AdamISZ

AdamISZ/Hybrid-swap-min-interac.md

Last active April 3, 2023 20:12
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save AdamISZ/3e996d0599a162a1a2d360ab1db2e145 to your computer and use it in GitHub Desktop.
Save AdamISZ/3e996d0599a162a1a2d360ab1db2e145 to your computer and use it in GitHub Desktop.
Download ZIP
Hybrid swap design, minimising interactivity
Raw
Hybrid-swap-min-interac.md

Alice has 1 Alice-coin UA on Alice-chain. Bob has 1 BTC UB on Bitcoin. X-rate = 1/1. M() is multisig.

  1. CONNECT
  2. Negotiate keys: A1,A2, A3, B1. Create M(2,2,A1,B1). Alice create txid from UA to M(2,2,A1,B1), give to Bob. Bob pre-sign backout to A2 with nlocktime L1.
  3. Alice gives key A3 as ephem key for BTC side of swap.
  4. A and B do C&C ending with Bob receiving H(k) and E_k(sig on M(2,2,A1,B1)->B2_m) for m distinct cases, and note Alice doesn't know the B2 keys.
  5. DISCONNECT

(everything else does not require communication)

  1. A broadcasts TX1: UA->M(2,2,A1,B1). Bob must wait for this to confirm.
  2. B broadcasts TX2: UB->script:(H(x), A3 OR CLTV L2, B3). Alice must check H(x) and A3 wait for this to confirm.
  3. Minimal interativity version: A broadcasts from TX2 using H(x) branch using a destination of her choice.
  4. Bob then broadcasts TX1->B2_1 using retrieved x from Bitcoin blockchain.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment