Author: Antoine Riard 2020-09-05 01:07:15
Published on: 2020-09-05T01:07:15+00:00
The email conversation between Antoine Riard and Chris Belcher focuses on potential vulnerabilities in the design of CoinSwap, a privacy-enhancing protocol for Bitcoin transactions. Riard identifies two possible attacks on the system, one involving fee malleability and the other involving transaction pinning, and proposes several solutions to address these issues. One solution involves using dual-anchor outputs like those used by Lightning to allow parties to unilaterally increase feerate with a Child Pays For Parent (CPFP) mechanism. Another solution is to restrict the contract transaction to only one version to prevent transaction pinning attacks.The conversation also includes a detailed design of the first protocol version of CoinSwap. The protocol involves multiple transactions to avoid amount correlation and routed CoinSwaps where Alice gives coins to Bob, who gives coins to Charlie, who then gives coins back to Alice. The design includes a market taker, two market makers, private key handover, and fidelity bonds. The conversation concludes with a recommendation to read a paper analyzing privacy holistically across Bitcoin layers.In another article, the technical details of CoinSwap are discussed, describing the protocol as a series of multisignature transactions that obfuscate the origin of funds and hide the identities of the parties involved. The article explains how miners' fees are handled, how funding and contract transactions work, and how staggered timelocks can be used to ensure all parties receive their coins back.Additionally, the article explains how EC tweaks can reduce the number of round trips needed to complete the transaction and provides a table of balances before and after a successful CoinSwap. The article ends by discussing possible attack scenarios and how to defend against them. Overall, the article provides a detailed technical overview of CoinSwap and its implementation.Finally, the document introduces a protocol for multi-transaction coinswap, routed coinswap, fidelity bonds, liquidity market, and private key handover. The protocol involves three parties: Alice, Bob, and Charlie. The document defines the terms used in the protocol, including fund, htlc, unsign htlc, p, and privA(A+B). The protocol consists of steps that set up funding and contract transactions, as well as reveal hash preimage and private keys. Additionally, the document analyzes possible aborts and deviations from the protocol by one or more parties. In case of an abort, the other parties may retaliate by dosing the previous maker in the route, which is the best way to resist DOS because it produces a concrete cost every time a DOS happens. The document concludes by describing the first version of the protocol and inviting feedback from the bitcoin-dev mailing list.
Updated on: 2023-06-14T03:20:11.620516+00:00