-
-
Save dgpv/7818a4009f4e90868c0920cc1e238653 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Two scripts that could be used for atomic swaps via disclosure of certain privkey | |
The one with CODESEPARATOR could be used on Bitcoin (with segwit) | |
The one with CHECKSIGFROMSTACK could be used on Elements | |
Note: Using this (https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-December/016594.html): | |
Input: <S> Script: <known R> SWAP CAT <key> CHECKSIG | |
The script would be even shorter on Elements | |
Swap contract that <was incorrectly thought to> force R reuse via OP_CODESEPARATOR: | |
# EDIT: this does not actually force R reuse ! It needs something else for this. | |
# The signer can use different nonces for the two signatures, and there are no checks for this | |
# I am not aware how to achieve this without the size-trick with known-small R or without opcodes | |
# like OP_CAT, OP_LEFT, OP_AND that are diabled on bitcoin. | |
OP_IF, | |
# At the start (after TRUE was consumed by IF): | |
# sig1 sig2 buyer_sig | |
reveal_key_pubkey, | |
# rpub sig1 sig2 buyer_sig | |
OP_TUCK, # rpub sig1 rpub sig2 buyer_sig | |
OP_CHECKSIGVERIFY, | |
# rpub sig2 buyer_sig | |
OP_CODESEPARATOR, | |
# NOTE: second sighash will be calculated with script truncated at this point | |
# it will include only opcodes below this point | |
OP_CHECKSIGVERIFY, | |
# buyer_sig | |
buyer_pubkey, | |
# buyer_pubkey buyer_sig | |
OP_ELSE, | |
elements_contract_timeout, OP_CHECKSEQUENCEVERIFY, | |
OP_DROP, | |
seller_pubkey, | |
OP_ENDIF, | |
OP_CHECKSIG | |
Swap contract that forces R reuse via CHECKSIGFROMSTACK: | |
OP_IF, | |
# At the start (after TRUE was consumed by IF): | |
# sig_prefix sig_suffix buyer_sig | |
r, # sig_r sig_prefix sig_suffix buyer_sig | |
OP_CAT, # sig_prefix+sig_r sig_suffix buyer_sig | |
OP_SWAP, # sig_suffix sig_prefix+sig_r buyer_sig | |
OP_CAT, # sig buyer_sig | |
1, # msg sig buyer_sig | |
reveal_key_pubkey, | |
# rpub msg sig buyer_sig | |
OP_CHECKSIGFROMSTACKVERIFY, | |
# buyer_sig | |
buyer_pubkey, | |
# buyer_pubkey buyer_sig | |
OP_ELSE, | |
elements_contract_timeout, OP_CHECKSEQUENCEVERIFY, | |
OP_DROP, | |
seller_pubkey, | |
OP_ENDIF, | |
OP_CHECKSIG |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment