Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add high level description #13

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Add high level description #13

Changes from 2 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
6d1d261
Add high level description
MaxHillebrand Nov 5, 2019
bbc7050
Change `server` to `tumbler`
MaxHillebrand Nov 5, 2019
cee59b5
typo fix
MaxHillebrand Dec 19, 2019
85118fb
typo fix
MaxHillebrand Dec 19, 2019
0795bcb
typo fix
MaxHillebrand Dec 19, 2019
86597a5
typo fix
MaxHillebrand Dec 19, 2019
b1d260a
typo fix
MaxHillebrand Dec 19, 2019
a7d89f0
typo fix
MaxHillebrand Dec 19, 2019
b77ffbd
add clarification
MaxHillebrand Dec 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions md/partially-blind-swap.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,34 @@ signature](https://blog.cryptographyengineering.com/a-note-on-blind-signature-sc
of Alice over a transaction spending the funding transaction without knowing `t`
(similar to [Discreet Log Contracts](https://adiabat.github.io/dlc.pdf)).

High level description
---
There is Alice as a central tumbler server who has many utxos, and many users
(Bob and Charlie) with their individual utxos. The two parties can swap coins,
so that the user knows the coins of the tumbler, but the tumbler cannot link
the pre to post swap coins of the users, with the anonymity set of all users
between the time of funding and retreaval. An outside observer only sees
MaxHillebrand marked this conversation as resolved.
Show resolved Hide resolved
regular public key and signatures and no onchain scripts, all is "hidden"
MaxHillebrand marked this conversation as resolved.
Show resolved Hide resolved
within these scriptless scripts public keys and signatures, so it is unclear
that these transactions are actually a swap.

* User and tumbler communicate to generate a musig public key with the
individual keys of tumbler and user, and the users asks the tumbler to
MaxHillebrand marked this conversation as resolved.
Show resolved Hide resolved
fund this output O1.
* They generates another musig and the user funds this output O2.
MaxHillebrand marked this conversation as resolved.
Show resolved Hide resolved
* They pre-sign timelocked refund transactions before funding the musigs, in
the case either party goes offline.
* User has nonce commitment R and public key P of the tumbler coin O1, and
with this he can calculates the sum [(blinded spending signature O1) * G],
MaxHillebrand marked this conversation as resolved.
Show resolved Hide resolved
MaxHillebrand marked this conversation as resolved.
Show resolved Hide resolved
with this he can set up an adaptor signature so that the tumbler needs to
reveal the blinded spending signature (the adaptor secret).
MaxHillebrand marked this conversation as resolved.
Show resolved Hide resolved
* Now the user gives his contribution to spending O2, and the tumbler can
claim O2 only when providing his full real signature and publishing this
on-chain which reveals the adaptor secret (the blinded spending signature).
* The user can now unblinding the adaptor secret spending signature (revealed
MaxHillebrand marked this conversation as resolved.
Show resolved Hide resolved
by the tumbler claiming O2) and he can combine this with his own signature
to spend O1.

Protocol description
---
Assume Alice has a permanent public key `A = a*G`, ephemeral pubkey `A1 = A +
Expand Down