Skip to content

Instantly share code, notes, and snippets.

@sfter

sfter/Ark_Diagram_1.svg

Forked from RubenSomsen/Ark_Diagram_1.svg
Created June 2, 2023 04:02
Show Gist options
  • Save sfter/2a4c054bdda28c808cd9bde6c8b0d97b to your computer and use it in GitHub Desktop.
Save sfter/2a4c054bdda28c808cd9bde6c8b0d97b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
_Simplest_Ark.md

Simplest Ark Explanation

A footprint-minimal coinswap protocol. Alice gives a coin to the Server, provided the Server gives a coin to Bob. Because all swaps go through the Server, multiple swaps can be aggregated in a single UTXO that is efficiently on-chain redeemable by the Server.

Explanation

All transactions that are involved with A sending to B

Holding coins

Alice (A) holds coins with Server (S) that she can trustlessly redeem

On-chain UTXO_1 looks as follows:
A+S || S in 1 month

A has an off-chain REDEEM_TX (signed by S) that spends from UTXO_1 with the following output:
A+S || A in 1 month

Preparing to send coins

Now A wants to send her coins to Bob (B)

S promises to fund and create new on-chain UTXO_2 that will look as follows:
B+S || S in 1 month

B receives an off-chain REDEEM_TX (signed by S) that spends from UTXO_2 with the following output:
B+S || B in 1 month

If UTXO_2 appears on-chain, B will be paid.

The swap (the important part)

A wants to forfeit her claim on UTXO_1 (i.e. A to S) provided UTXO_2 appears on-chain (i.e. S to B)

In order to achieve this, A signs the following FORFEIT_TX that spends her REDEEM_TX:
S if UTXO_2 exists* || A in 1 month

*This kind of script is not possible today but is easier to explain, actual non-softfork version explained later

The effect is that S can claim the funds from UTXO_1 if UTXO_2 is published.

Possible outcomes

Ideal/expected outcome:

  • S publishes UTXO_2, meaning B got paid
  • A won't publish her REDEEM_TX
  • The timelock on UTXO_1 expires and S claims the funds (timelock could be circumvented if A releases her privkey)

Outcome adversarial A:

  • S publishes UTXO_2, meaning B got paid
  • A publishes her REDEEM_TX
  • S publishes the corresponding FORFEIT_TX and claims the funds

Outcome adversarial S:

  • S never publishes UTXO_2
  • A publishes her REDEEM_TX
  • S publishes the corresponding FORFEIT_TX
  • The FORFEIT_TX timelock expires and A claims the funds

On-chain efficiency

UTXO_1 is being shared here by two users

The protocol that was described thus far isn't any more efficient than A simply sending an on-chain payment to B. The final trick is that a single UTXO can contain coins for multiple users.

For instance, let's say A and B both had coins in the same pool. UTXO 1 would then be A+B+S || S in 1 month and this would branch off in a tree to two off-chain UTXOs with A+S || S in 1 month and B+S || S in 1 month. If both A and B forfeit their claim as expected, the off-chain UTXOs will never go on-chain. This is what makes the protocol efficient.

Creating this transaction structure currently requires A+B+S to pre-sign, meaning all recipients have to interact with each other whenever a new UTXO is being created. OP_CTV would remove that requirement.

Worst case redemption

A single user might publish a REDEEM_TX. That single user will have to pay the fees to expand the tree of off-chain transactions and reach their specific output. This is costly to that user and thus puts a economic limit on what the smallest viable denomination inside Ark could be.

Also, since the tree got expanded, S now has to spend log(n) outputs instead of 1 in order to claim the funds.

"if UTXO_2 exists" without soft fork

The transaction that contains UTXO_2 could contain another small ANCHOR_OUTPUT that can only be spent by S. A can then include it as an input to her FORFEIT_TX to S. Now the FORFEIT_TX can't be sent on-chain unless the transaction containing UTXO_2 as well as the ANCHOR_OUTPUT go on-chain first, thus fulfilling the "if UTXO_2 exists" condition.

The ANCHOR_OUTPUT can be kept off-chain by placing it inside an off-chain tree of transactions, though this does mean S has to expand the tree if it ever needed the anchor.

Payment pool comparison

The main upside is the simplified interaction and no messy issues with eviction - spending coins doesn't require you to interact with all the people in the pool, just the server.

The main downside is reduced liquidity - the coins the server receives back won't be available to them immediately, so the faster coins move hands, the more of the server's liquidity becomes locked up.

Confirmation times

A transfer isn't complete until the relevant UTXO confirms on-chain. However, if the recipient is willing to trust S never to change transactions that are waiting to be confirmed, transfers could be subjectively viewed as instant.

The aim of this write-up was to concisely explain the core concepts behind Ark, as the original documentation has been difficult for many (myself included) to comprehend. Full accuracy was not the goal - and a lot of it was educated guess work / reverse engineering - so the actual Ark design will perhaps differ somewhat (though hopefully not massively) from what is written here.

Display the source blob
Display the rendered blob
Raw
Ark_Diagram_1.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Display the source blob
Display the rendered blob
Raw
Ark_Diagram_2.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment