Alice has 1 Alice-coin UA on Alice-chain. Bob has 1 BTC UB on Bitcoin. X-rate = 1/1. M() is multisig.
- CONNECT
- Negotiate keys: A1,A2, A3, B1. Create M(2,2,A1,B1). Alice create txid from UA to M(2,2,A1,B1), give to Bob. Bob pre-sign backout to A2 with nlocktime L1.
- Alice gives key A3 as ephem key for BTC side of swap.
- A and B do C&C ending with Bob receiving H(k) and E_k(sig on M(2,2,A1,B1)->B2_m) for m distinct cases, and note Alice doesn't know the B2 keys.
- DISCONNECT
(everything else does not require communication)
- A broadcasts TX1: UA->M(2,2,A1,B1). Bob must wait for this to confirm.
- B broadcasts TX2: UB->script:(H(x), A3 OR CLTV L2, B3). Alice must check H(x) and A3 wait for this to confirm.
- Minimal interativity version: A broadcasts from TX2 using H(x) branch using a destination of her choice.
- Bob then broadcasts TX1->B2_1 using retrieved x from Bitcoin blockchain.