mirror of
https://github.com/basicswap/basicswap.git
synced 2024-11-16 15:58:17 +00:00
7.8 KiB
7.8 KiB
Adaptor Signature Swap protocol
WIP
Relies on a One-Time Verifiably Encrypted Signature (OtVES) to function An OtVES:
-
Is a valid signature for key (a) encrypted with a public key (B)
-
Can be decrypted into a valid signature for key (a) with the private key (b) to the encrypting public key (B)
-
The encrypting private key (b) can be recovered using both the encrypted and decrypted signatures.
Offerer - Sends the offer Bidder - Sends the bid Leader - Sends the first lock tx (ITX) Follower - Sends the second lock tx (PTX)
NOSCRIPT_COIN lock tx:
- Sent second.
- Is sent to a combined key using a private key from each participant.
SCRIPT_COIN lock tx:
- Sent first
- Requires two signatures to spend from.
- Refund to sender txn is presigned for and can only be mined in the future.
- Spending the refund tx reveals the leader's NOSCRIPT_COIN split private key.
- Sender withholds signature until NOSCRIPT_COIN lock tx is confirmed.
- spending the spend txn reveals the follower's NOSCRIPT_COIN split private key.
Offerer (Leader) | Bidder (Follower) |
------------------------------------------------------------------------|-------------------------------------------------------------------------------|
o1. Sends offer | |
- x SCRIPT_COIN for y NOSCRIPT_COIN | |
- Sends smsg OfferMessage | |
| b1. Receives offer |
| - Validates offer |
| b2. Sends bid |
| - Sends smsgs XmrBidMessage + 2x XmrSplitMessage |
| |
o2. Receives bid | |
- Validates bid | |
o3. Accepts bid | |
- Sends smsgs XmrBidAcceptMessage + 2x XmrSplitMessage | |
| |
| b3. Receives bid accept |
| - Validates |
| - Signs for lock tx refund |
| - Sends smsg XmrBidLockTxSigsMessage |
| |
o4. Receives bidder lock refund tx signatures | |
- Sends smsg XmrBidLockSpendTxMessage | |
- Full SCRIPT_COIN lock tx | |
- Signature to prove leader can sign for split key | |
- Submits SCRIPT_COIN lock tx to network | |
| |
| b4. Receives XmrBidLockSpendTxMessage |
| - Validates SCRIPT_COIN lock tx and signature |
| - Waits for SCRIPT_COIN lock tx to confirm in chain |
| b5. Sends NOSCRIPT_COIN lock tx |
| |
o5. Waits for NOSCRIPT_COIN lock tx to confirm in chain | |
o6. Sends SCRIPT_COIN lock release. | |
- Sends smsg XmrBidLockReleaseMessage | |
- Includes OtVES ciphertext signature for the SCRIPT_COIN lock | |
spend tx. | |
| |
| b6. Receives offerer OtVES for SCRIPT_COIN lock spend tx. |
| - Submits SCRIPT_COIN lock spend tx to network. |
| |
o7. Waits for SCRIPT_COIN lock spend tx. | |
- Extracts the NOSCRIPT_COIN bidders key using the signature | |
o8. Combines the keys to spend from the NOSCRIPT_COIN lock tx | |
- Submits NOSCRIPT_COIN lock spend tx to network | |
Per swap (including the offer smsg):
- Offerer sent 6 smsgs (2 extra from split messages)
- Bidder sent 4 smsgs (2 extra from split messages)