This document summarizes a presentation on atomic swaps given to the Tucson Blockchain Developers group. Atomic swaps allow direct exchange of cryptocurrencies without a third party by using timelocks and hashlocks. The presentation covered how timelocks and hashlocks work, and how combining them enables atomic swaps between parties that have different cryptocurrencies, like one party with BTC and another with ETH. Important dates in the development of atomic swaps were also mentioned.
4. Cross-Chain Atomic Swaps
“A atomic swap protocol guarantees:
1: if all parties conform to the protocol, then all swaps take place,
2: if some parties deviate from the protocol, then no conforming party ends up
worse o ff,
3: no coalition has an incentive to deviate from the protocol.” [2]
So it requires a number of steps to be executed in the correct order by multiple
(possibly adversarial) parties.
It’s not as simple as ‘all valid or all invalid’.
5. TimeLocks
TimeLocks are easy: “True after block X, False until then”
So you can say:
“Ben can spend this $ until Block 500, after which Destry can spend this $”
You’ll see in a minute why this is important.
6. Hashlocks
Remember a hash is a one-way function:
s (secret) -> hash function -> h (hash of the secret)
You can’t get s even if you have h and the hash function.
Hashlock:
Transaction is only true if you can provide s.
To hashlock, you write h into the encumbering script.
7. Let’s combine a hashlock and a timelock.
Ben gives me h, says he has s, but isn’t going to tell me unless I pay him some
BTC.
I could create a script that says:
“Provide Ben’s Address’s Signature and s for this h”
But then Ben could disappear and I’ve lost my BTC. So instead:
“Before Block 500: Provide Ben’s Address’ Signature and s for this h,
After Block 500: Provide Destry’s Address’ Signature”
(Ben wants the TimeLock so he knows I can’t grab the BTC while his transaction
is pending.)
8. So how do Time and Hash Locks enable swaps?
I have BTC, Ben has ETH.
1. I create a secret s and hash(s), h.
2. I send my BTC to Ben’s address with hashlock h, and 2 day timelock.
3. Once Ben sees my transaction, he sends his ETH to a contract with:
hashlock h, and 1 day timelock.
4. I want those ETH, so within 1 day, I move the ETH to my wallet, exposing s.
5. Ben is watching and sees my transaction with s, he has 1 day to move the
BTC to his wallet.
12. HTLCs are what enable the Lightning Network...
We’ll save that for another day.
13. Interesting Dates
● 2014 - Komodo founder completes first BTC/NXT swap[3]
● Sept 19, 2017 - First Decred/Litcoin Atomic Swap
https://blog.decred.org/2017/09/20/On-Chain-Atomic-Swaps/
● Nov 17, 2017 - Lighting network does Bitcoin testnet-Litcoin testnet off-chain
atomic swap.
https://blog.lightning.engineering/announcement/2017/11/16/ln-swap.html
14. References
1. M. Herlihy, Atomic Cross-Chain Swaps. https://arxiv.org/abs/1801.09515
2. S. Bowe and D. Hopwood. Hashed time-locked contract transactions. htt
ps://github.com/bitcoin/bips/blob/master/bip-0199.mediawiki. As of 2 August 2018
3. https://blog.komodoplatform.com/everything-you-need-to-know-about-atomic-swaps-and-how-komo
do-is-advancing-the-technology-cadaec50da7c