Options contracts can be implemented as trust-minimized smart contracts using Bitcoin script. These contracts don't require oracles feeding the price into the blockchain or any other trusted third party. Recipients will only trust miners to mine (and not reverse) transactions paying a reasonable feerate, securing their payouts.
The underlier of these derivatives can be any digital asset available on a blockchain that can do HLTCs.
The buyer of an American-style call binary option pays a premium (eg: 0.1 BTC) for <seller secret> wich gives the right to buy Q units (quantity) of the underlying asset (100 LTC) at a specified strike price (0.016 BTC per LTC) at any time until the expiration date.
In order to build trust-minimized options, both parties need to collateralize the full amount of the swap. This differs from traditional exchanges, where the buyer doesn't need to deposit collateral for his part of the swap and seller's collateral usually covers only a fraction of the total risk, which is adjusted periodically according to exchange's risk policy.
Requiring full collateralization to the seller of the option doesn't represent a change in the contract, as partial collateralization offered by exchanges is a complementary credit service.
On the other hand, buyer's collateral is an additional capital requirement in this scheme of trust-minimized options.
Both parties will setup an atomic swap of two different assets, contingent to the payment of a premium by the buyer. That premium accounts for the risk incurred by the seller allowing the buyer to perform the swap at any time until the option expires.
-
Buyer and seller exchange public keys.
-
The buyer prepares a random secret (
<buyer secret>) and a hash digest (<buyer secret digest>=SHA256(<buyer secret>)). Then he funds the Buyer Commit Transaction with a valueQ*strike(1.6 BTC) and makes it available to the seller. The destination P2SH address is derived from the scriptPubKey of this HTLC:
OP_IF
OP_SIZE 32 OP_EQUALVERIFY OP_SHA256 <buyer secret digest> OP_EQUALVERIFY
<seller pubkey>
OP_ELSE
<swap locktime> OP_CHECKLOCKTIMEVERIFY OP_DROP
<buyer pubkey>
OP_ENDIF
OP_CHECKSIG
If the buyer executes the option, the seller will be able to spend this transaction using <buyer secret> in the following scriptSig:
<seller signature> <buyer secret> OP_TRUE
Otherwise the buyer can recover its value with a Refund Transaction after the swap_locktime threshold:
<buyer signature> OP_FALSE
- The seller prepares another random secret (
<seller secret>) and a digest (<seller secret digest>=SHA256(<seller secret>)). Then he funds the Seller Commit Transaction for the altcoin chain with a valueQ(100 LTC) and makes it available to the buyer:
OP_IF
OP_SIZE 32 OP_EQUALVERIFY OP_SHA256 <seller secret digest> OP_EQUALVERIFY
OP_SIZE 32 OP_EQUALVERIFY OP_SHA256 <buyer secret digest> OP_EQUALVERIFY
<buyer pubkey>
OP_ELSE
<expiry> OP_CHECKLOCKTIMEVERIFY OP_DROP
<seller pubkey>
OP_ENDIF
OP_CHECKSIG
Once the seller spends the premium payment, the buyer will be able to exercise the option using the following scriptSig:
<buyer signature> <buyer secret> <seller secret> OP_TRUE
Otherwise the seller can recover it with a Refund Transaction after the expiry threshold:
<seller signature> OP_FALSE
- The buyer pays the option premium (0.1 BTC) conditioned to
<seller secret>being revealed:
OP_IF
OP_SIZE 32 OP_EQUALVERIFY OP_SHA256 <seller secret digest> OP_EQUALVERIFY
<seller pubkey>
OP_ELSE
<premium locktime> OP_CHECKLOCKTIMEVERIFY OP_DROP
<buyer pubkey>
OP_ENDIF
OP_CHECKSIG
- The seller spends previous transaction and reveals
<seller secret>.
<seller signature> <seller secret> OP_TRUE
<premium locktime> will be shorter than <expiry>, and <expiry> shorter than <swap locktime>.
- Known
<seller secret>, the buyer can execute seller's leg of the swap (spend Seller Commit Transaction), trading his 1.6 BTC for 100 LTC. He reveals<buyer secret>.
<buyer signature> <buyer secret> <seller secret> OP_TRUE
- Known
<buyer secret>, the seller can execute buyer's leg of the swap (spend Buyer Commit Transaction).
<seller signature> <buyer secret> OP_TRUE
The buyer of a put option pays a premium (eg: 10 LTC) for <seller secret> wich gives the right to sell Q units (quantity) of the underlying asset (100 LTC) at a specified strike price (0.016 BTC per LTC) before <expiry>.
-
Buyer and seller exchange public keys.
-
The buyer prepares a random secret (
<buyer secret>) and a hash digest (<buyer secret digest>=SHA256(<buyer secret>)). Then he funds the Buyer Commit Transaction for the altcoin chain with a valueQ(100 LTC) and makes it available to the seller:
OP_IF
OP_SIZE 32 OP_EQUALVERIFY OP_SHA256 <buyer secret digest> OP_EQUALVERIFY
<seller pubkey>
OP_ELSE
<swap locktime> OP_CHECKLOCKTIMEVERIFY OP_DROP
<buyer pubkey>
OP_ENDIF
OP_CHECKSIG
- The seller prepares another random secret (
<seller secret>) and a digest (<seller secret digest>=SHA256(<seller secret>)). Then he funds the Seller Commit Transaction with a valueQ*strike(1.6 BTC) and makes it available to the buyer:
OP_IF
OP_SIZE 32 OP_EQUALVERIFY OP_SHA256 <seller secret digest> OP_EQUALVERIFY
OP_SIZE 32 OP_EQUALVERIFY OP_SHA256 <buyer secret digest> OP_EQUALVERIFY
<buyer pubkey>
OP_ELSE
<expiry> OP_CHECKLOCKTIMEVERIFY OP_DROP
<seller pubkey>
OP_ENDIF
OP_CHECKSIG
- The buyer pays the option premium (10 LTC) conditioned to
<seller secret>being revealed:
OP_IF
OP_SIZE 32 OP_EQUALVERIFY OP_SHA256 <seller secret digest> OP_EQUALVERIFY
<seller pubkey>
OP_ELSE
<premium locktime> OP_CHECKLOCKTIMEVERIFY OP_DROP
<buyer pubkey>
OP_ENDIF
OP_CHECKSIG
Known <seller secret>, the buyer can execute seller's leg of the swap (spend Seller Commit Transaction), trading his 100 LTC for 1.6 BTC and enabling the seller to execute his part of the swap.
You may be thinking these contracts look very similar to Lightning Network ones. You're right, and you should be able to do all this using Lightning channels!