Skip to content

Instantly share code, notes, and snippets.

@RobinLinus
Last active November 27, 2022 02:25
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save RobinLinus/6babcdbc3b44dd491b94dba2599a90ba to your computer and use it in GitHub Desktop.

Offchain Contract Data for CSV Protocols

Alice and Bob want to put a token in an offchain contract that expresses:

  • Alice can take the token if she reveals the sha3 preimage of a hash within a week
  • Otherwise, Bob can take the token

The problem is that Alice does not want to use any onchain data to reveal the preimage. This is possible with the following setup upfront:

  • Alice creates a random key K and encrypts her preimage with that key
  • In the contract she commits to the resulting ciphertext and also to K
  • She sends the contract and the ciphertext to Bob
  • Bob creates an adaptor signature for Alice to spend the token, such that she reveals the secret key of K by completing the signature. Bob can detect that signature onchain.
  • If the decrypted preimage was incorrect, then Alice simply burned her UTXO and cannot prove a valid transition. In contrast, Bob can prove that the preimage was incorrect an receive the token to his fallback UTXO.

See also

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment