Author: Dmitry Petukhov 2020-06-03 09:04:25
Published on: 2020-06-03T09:04:25+00:00
The author has created a TLA+ specification for CoinSwap and uploaded it to the SASwap repository. However, there is a possible deadlock in the protocol if one party fails to publish their transaction in time, leading to an invalidation of the other party's transaction. To resolve this issue, ZmnSCPxj suggests an alternative setup for CoinSwap involving two future timelocks L1 and L2. The proposed counterproposal involves an adaptor that completes the signature with Bob[0], revealing Bob[1], and requires witness segregation support from at least one chain involved to allow signing a dependent transaction before what it spends. This setup avoids the possible deadlock which the author had encountered.The above counterproposal has transaction signatures completed by whoever gets the money so that they will rationally use the version with the best feerate. If relative locktimes are used as often as absolute locktimes for block-sniping-prevention and a decent Scriptless Script system, then all protocol aborts should be doable with no information leaks, at the cost of pre-signing a bunch of time-locked transactions. It is acceptable to leak information in cases of uncooperative abort, but there may be a solution where an uncooperative abort has no information leak.Alice should move the money into an HD pubkey if she wants to cold-store the LTC because UTXO on the LTC side would not be in that HD if Alice typically uses an HD wallet. The author provides a link to the Github repo where the variant_ZmnSCPxj can be found.
Updated on: 2023-05-20T23:22:44.681644+00:00