# Adaptor Signature Swap protocol


## WIP

Relies on a One-Time Verifiably Encrypted Signature (OtVES) to function
An OtVES:
 - Is a valid signature for key (a) encrypted with a public key (B)
 - Can be decrypted into a valid signature for key (a) with the private key (b) to the encrypting public key (B)
 - The encrypting private key (b) can be recovered using both the encrypted and decrypted signatures.


Offerer     - Sends the offer
Bidder      - Sends the bid
Leader      - Sends the first lock tx (ITX)
Follower    - Sends the second lock tx (PTX)


NOSCRIPT_COIN lock tx:
 - Sent second.
 - Is sent to a combined key using a private key from each participant.


SCRIPT_COIN lock tx:
 - Sent first
 - Requires two signatures to spend from.
 - Refund to sender txn is presigned for and can only be mined in the future.
   - Spending the refund tx reveals the leader's NOSCRIPT_COIN split private key.
 - Sender withholds signature until NOSCRIPT_COIN lock tx is confirmed.
 - spending the spend txn reveals the follower's NOSCRIPT_COIN split private key.


```
Offerer (Leader)                                                        | Bidder (Follower)                                                             |
------------------------------------------------------------------------|-------------------------------------------------------------------------------|
o1. Sends offer                                                         |                                                                               |
    - x SCRIPT_COIN for y NOSCRIPT_COIN                                 |                                                                               |
    - Sends smsg OfferMessage                                           |                                                                               |
                                                                        | b1. Receives offer                                                            |
                                                                        |     - Validates offer                                                         |
                                                                        | b2. Sends bid                                                                 |
                                                                        |     - Sends smsgs XmrBidMessage + 2x XmrSplitMessage                          |
                                                                        |                                                                               |
o2. Receives bid                                                        |                                                                               |
    - Validates bid                                                     |                                                                               |
o3. Accepts bid                                                         |                                                                               |
    - Sends smsgs XmrBidAcceptMessage + 2x XmrSplitMessage              |                                                                               |
                                                                        |                                                                               |
                                                                        | b3. Receives bid accept                                                       |
                                                                        |     - Validates                                                               |
                                                                        |     - Signs for lock tx refund                                                |
                                                                        |     - Sends smsg XmrBidLockTxSigsMessage                                      |
                                                                        |                                                                               |
o4. Receives bidder lock refund tx signatures                           |                                                                               |
    - Sends smsg XmrBidLockSpendTxMessage                               |                                                                               |
      - Full SCRIPT_COIN lock tx                                        |                                                                               |
      - Signature to prove leader can sign for split key                |                                                                               |
    - Submits SCRIPT_COIN lock tx to network                            |                                                                               |
                                                                        |                                                                               |
                                                                        | b4. Receives XmrBidLockSpendTxMessage                                         |
                                                                        |     - Validates SCRIPT_COIN lock tx and signature                             |
                                                                        |     - Waits for SCRIPT_COIN lock tx to confirm in chain                       |
                                                                        | b5. Sends NOSCRIPT_COIN lock tx                                               |
                                                                        |                                                                               |
o5. Waits for NOSCRIPT_COIN lock tx to confirm in chain                 |                                                                               |
o6. Sends SCRIPT_COIN lock release.                                     |                                                                               |
    - Sends smsg XmrBidLockReleaseMessage                               |                                                                               |
      - Includes OtVES ciphertext signature for the SCRIPT_COIN lock    |                                                                               |
        spend tx.                                                       |                                                                               |
                                                                        |                                                                               |
                                                                        | b6. Receives offerer OtVES for SCRIPT_COIN lock spend tx.                     |
                                                                        |     - Submits SCRIPT_COIN lock spend tx to network.                           |
                                                                        |                                                                               |
o7. Waits for SCRIPT_COIN lock spend tx.                                |                                                                               |
    - Extracts the NOSCRIPT_COIN bidders key using the signature        |                                                                               |
o8. Combines the keys to spend from the NOSCRIPT_COIN lock tx           |                                                                               |
    - Submits NOSCRIPT_COIN lock spend tx to network                    |                                                                               |
```

Per swap (including the offer smsg):
Offerer sent 6 smsgs (2 extra from split messages)
Bidder sent 4 smsgs (2 extra from split messages)