Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add high level description #13

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Add high level description #13

Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
6d1d261
Add high level description
MaxHillebrand Nov 5, 2019
bbc7050
Change `server` to `tumbler`
MaxHillebrand Nov 5, 2019
cee59b5
typo fix
MaxHillebrand Dec 19, 2019
85118fb
typo fix
MaxHillebrand Dec 19, 2019
0795bcb
typo fix
MaxHillebrand Dec 19, 2019
86597a5
typo fix
MaxHillebrand Dec 19, 2019
b1d260a
typo fix
MaxHillebrand Dec 19, 2019
a7d89f0
typo fix
MaxHillebrand Dec 19, 2019
b77ffbd
add clarification
MaxHillebrand Dec 19, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions md/partially-blind-swap.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,35 @@ signature](https://blog.cryptographyengineering.com/a-note-on-blind-signature-sc
of Alice over a transaction spending the funding transaction without knowing `t`
(similar to [Discreet Log Contracts](https://adiabat.github.io/dlc.pdf)).

High level description
---
There is Alice as a central tumbler server who has many utxos, and many users
(Bob and Charlie) with their individual utxos. The two parties can swap coins,
so that the user knows the coins of the tumbler, but the tumbler cannot link
the pre to post swap coins of the users, with the anonymity set of all users
between the time of funding and retrieval. An outside observer only sees
regular public key and signatures and no on-chain scripts, all is "hidden"
within these scriptless scripts public keys and signatures, so it is unclear
that these transactions are actually a swap.

* User and tumbler communicate to generate a musig public key with the
individual keys of tumbler and user, and the user asks the tumbler to
fund this output O1.
* They generate another musig and the user funds this output O2.
* They pre-sign timelocked refund transactions before funding the musigs, in
the case either party goes offline.
* User has nonce commitment R and public key P of the tumbler coin O1, and
with this the user can calculate the commitment s*G where s is a blinded
signature of the tumbler over a transaction sending coins from O1 to the user.
With this he can set up an adaptor signature so that the tumbler needs to
reveal the blinded spending signature when spending O2 (the adaptor secret).
* Now the user gives his contribution to spending O2, and the tumbler can
claim O2 only when providing his full real signature and publishing this
on-chain which reveals the adaptor secret (the blinded spending signature).
* The user can now unblind the adaptor secret spending signature (revealed
by the tumbler claiming O2) and he can combine this with his own signature
to spend O1.

Protocol description
---
Assume Alice has a permanent public key `A = a*G`, ephemeral pubkey `A1 = A +
Expand Down