From: Chris Belcher <belcher@riseup•net>
To: Ruben Somsen <rsomsen@gmail•com>,
Bitcoin Protocol Discussion
<bitcoin-dev@lists•linuxfoundation.org>,
ZmnSCPxj <ZmnSCPxj@protonmail•com>
Subject: Re: [bitcoin-dev] SAS: Succinct Atomic Swap
Date: Tue, 12 May 2020 23:50:10 +0100 [thread overview]
Message-ID: <7a56e058-e577-f6f5-91ee-4601be90358f@riseup.net> (raw)
In-Reply-To: <CAPv7TjYePyEt2YMg3J_KinK6Lv6SSLAF2nrOj79_oVt8qBXN0w@mail.gmail.com>
Hello list,
This proposal is very cool. It is very useful to have a coinswap scheme
requiring only two transactions.
As well as improving the scalability of the system by saving block
space, it also improves privacy because the coins could stay unspend for
a long time, potentially indefinitely. While in the original coinswap
proposal an analyst of the chain would always see a funding transaction
followed closely in time by a success transaction, and this could be
used as a fingerprint.
On 11/05/2020 18:50, Ruben Somsen via bitcoin-dev wrote:
> Hi ZmnSCPxj,
>
> Thanks for your feedback :)
>
>> CoinSwap for privacy is practically a "cross" chain atomic swap with the same chain and token for both sides of the swap, see also this set of ideas: https://github.com/AdamISZ/CoinSwapCS/issues/53
>>
>> "Instead, Bob simply hands secretBob to Alice" is basically the same as private key turnover
>
> Thanks for the link. I will add it to the links at the bottom of the
> write-up, as I agree it's related. Do note there are a few key
> differences:
>
> - The swap is set up in an "asymmetric" way with only timelocks on one
> side, so on the other side the swap *never* expires
> - The timelocks are set up in such a way that the swap does not expire
> unless Alice starts the relative timelock countdown (the revoke
> transaction)
> - This relative timelock setup comes practically for free, because the
> asymmetry naturally requires that kind of setup
You could create an old-style coinswap scheme using relative timelocks
(with OP_CSV). The original proposal uses absolute timelocks but there's
no reason relative timelocks can't be used instead, as long as the party
who starts with knowledge of the preimage has a timelock further away in
the future.
Using relative timelocks and private key handover for old-style
coinswaps would give us the same two-transaction effect and the
corresponding efficiency and privacy gains.
Of course we still don't get the effect that the swap on the other side
never expires.
A fun fact is that the idea of private key handover was mentioned as
early as 2016 in the original Lightning Network paper. The bottom of
page 27 says: "Instead of disclosing the BR1a/BR1b signatures, it’s
also possible to just disclose the private keys to the counterparty.
This is more effective as described later in the key storage section".
Although it looks like nobody thought to apply it to coinswap or
realized the benefits.
Regards
CB
next prev parent reply other threads:[~2020-05-12 22:51 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-11 15:29 Ruben Somsen
2020-05-11 16:45 ` ZmnSCPxj
2020-05-11 17:50 ` Ruben Somsen
2020-05-12 4:41 ` ZmnSCPxj
2020-06-03 9:04 ` Dmitry Petukhov
2020-06-03 14:36 ` ZmnSCPxj
2020-05-12 22:50 ` Chris Belcher [this message]
2020-05-12 6:10 ` Lloyd Fournier
2020-05-12 6:50 ` Lloyd Fournier
2020-05-12 11:30 ` Ruben Somsen
2020-05-12 11:34 ` Ruben Somsen
2020-05-12 15:05 ` ZmnSCPxj
2020-05-12 16:30 ` Ruben Somsen
2020-05-13 8:39 ` ZmnSCPxj
2020-05-13 9:57 ` Ruben Somsen
2020-05-13 9:58 ` Ruben Somsen
2020-05-13 11:39 ` ZmnSCPxj
2020-05-13 12:33 ` Ruben Somsen
2020-05-15 4:39 ` ZmnSCPxj
2020-05-15 19:47 ` Ruben Somsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7a56e058-e577-f6f5-91ee-4601be90358f@riseup.net \
--to=belcher@riseup$(echo .)net \
--cc=ZmnSCPxj@protonmail$(echo .)com \
--cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
--cc=rsomsen@gmail$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox