CoinSwap: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Furunodo (talk | contribs)
→‎External link: * [https://bitcointalk.org/index.php?topic=321228.0 CoinSwap: Transaction graph disjoint trustless trading], gmaxwell's original proposal, October 30, 2013
Cryptal (talk | contribs)
Add HRF funding
Line 12: Line 12:
CoinSwaps require a lot of interaction between the involved parties, which can make this kind of system tricky to design while avoiding denial-of-service. They also have a liveness requirement and non-censorship requirement, meaning that the entities taking part must always be able to freely access the bitcoin network; If the internet was down for days or weeks then half-completed CoinSwaps could end with one side having their money stolen<ref>https://joinmarket.me/blog/blog/the-half-scriptless-swap/</ref>.
CoinSwaps require a lot of interaction between the involved parties, which can make this kind of system tricky to design while avoiding denial-of-service. They also have a liveness requirement and non-censorship requirement, meaning that the entities taking part must always be able to freely access the bitcoin network; If the internet was down for days or weeks then half-completed CoinSwaps could end with one side having their money stolen<ref>https://joinmarket.me/blog/blog/the-half-scriptless-swap/</ref>.


== External link ==
== History ==
See these links for detailed explanations of how the coinswap protocol works.


* https://joinmarket.me/blog/blog/coinswaps/
CoinSwap was first proposed by Greg Maxwell in October 2013.<ref>[https://bitcointalk.org/index.php?topic=321228.0  CoinSwap: Transaction graph disjoint trustless trading]</ref>. As of May 2020, no CoinSwap implementation has been deployed<ref>[https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2020-May/017898.html Design for a CoinSwap implementation for massively improving Bitcoin privacy and fungibility]</ref><ref>[https://gist.github.com/chris-belcher/9144bd57a91c194e332fb5ca371d0964 Coinswap design document]</ref>, but in June 2020, the [https://en.wikipedia.org/wiki/Human_Rights_Foundation Human Rights Foundation] (a New York-based nonprofit that promotes and protects human rights globally) granted $50,000 to [https://en.bitcoin.it/wiki/User:Belcher Chris Belcher] (one of the main contributors to the [[Privacy]] page) to work on the project.<ref>[https://bitcoinmagazine.com/articles/the-human-rights-foundation-is-now-funding-bitcoin-privacy-development-starting-with-coinswap The Human Rights Foundation Is Now Funding Bitcoin Privacy Development, Starting With CoinSwap]</ref>
* [https://bitcointalk.org/index.php?topic=321228.0  CoinSwap: Transaction graph disjoint trustless trading], gmaxwell's original proposal, October 30, 2013
 
* https://github.com/AdamISZ/CoinSwapCS
== External links ==
* [https://gist.github.com/chris-belcher/9144bd57a91c194e332fb5ca371d0964 CoinSwap implementation design document] by Chris Belcher, May 2020
* [https://joinmarket.me/blog/blog/coinswaps/ Technical explanation], July 2017
* [https://github.com/AdamISZ/CoinSwapCS Implementation in Python], abandoned since 2017


== See also ==
== See also ==

Revision as of 08:01, 19 August 2020

CoinSwap is a non-custodial privacy technique for bitcoin based on the idea of atomic swaps. If Alice and Bob want to do a coinswap; then it can be understood as Alice exchanging her bitcoin for the same amount (minus fees) of Bob's bitcoins, but done with bitcoin smart contracts to eliminate the possibility of cheating by either side. The closely-related idea of atomic swaps has the important property of atomicity, where an exchange of blockchain tokens either happens or not at all, there is no possibility of one side cheating the other.

CoinSwaps break the transaction graph between the sent and received bitcoins. On the block chain it looks like two sets of completely disconnected transactions:

Alice's Address ---> 2of2 multisig escrow address 1 ---> Bob's Address
Bob's Address   ---> 2of2 multisig escrow address 2 ---> Alice's Address

Obviously Alice and Bob generate new addresses each to avoid the privacy loss due to address reuse.

In this example the only distinguishing mark of CoinSwap transactions is that they involve a 2-of-2 multisignature address. As 2-of-3 multisig is far more common as of 2018, CoinSwaps could be done with a 2-of-3 multisig using one fake public key, so it is really a 2-of-2 multisig between Alice and Bob. With script techniques like ECDSA-2P or Schnorr signatures it would become possible to have coinswaps that are completely indistinguishable from any other transaction on the blockchain. CoinSwap could be said to allow bitcoins to teleport undetectably to anywhere else on the blockchain. Non-CoinSwap transactions would benefit because a blockchain analyst could never be sure that ordinary transactions are not actually CoinSwaps. They also do not require much block space compared to the amount of privacy they provide.

CoinSwaps require a lot of interaction between the involved parties, which can make this kind of system tricky to design while avoiding denial-of-service. They also have a liveness requirement and non-censorship requirement, meaning that the entities taking part must always be able to freely access the bitcoin network; If the internet was down for days or weeks then half-completed CoinSwaps could end with one side having their money stolen[1].

History

CoinSwap was first proposed by Greg Maxwell in October 2013.[2]. As of May 2020, no CoinSwap implementation has been deployed[3][4], but in June 2020, the Human Rights Foundation (a New York-based nonprofit that promotes and protects human rights globally) granted $50,000 to Chris Belcher (one of the main contributors to the Privacy page) to work on the project.[5]

External links

See also

References