CoinSwap: Difference between revisions

From Bitcoin Wiki
Jump to navigation Jump to search
Belcher (talk | contribs)
m Add name "escrow address"
Belcher (talk | contribs)
m Give numbers to escrow addresses so its clear they're not connected
Line 3: Line 3:
CoinSwaps break the transaction graph between the sent and received bitcoins. On the [[block chain]] it looks like two sets of completely disconnected transactions:
CoinSwaps break the transaction graph between the sent and received bitcoins. On the [[block chain]] it looks like two sets of completely disconnected transactions:


  Alice's Address ---> 2of2 multisig escrow address ---> Bob's Address
  Alice's Address ---> 2of2 multisig escrow address 1 ---> Bob's Address
  Bob's Address  ---> 2of2 multisig escrow address ---> Alice's Address
  Bob's Address  ---> 2of2 multisig escrow address 2 ---> Alice's Address


Obviously Alice and Bob generate new [[address]]es each to avoid the privacy loss due to [[address reuse]].
Obviously Alice and Bob generate new [[address]]es each to avoid the privacy loss due to [[address reuse]].

Revision as of 17:08, 12 May 2019

CoinSwap is a non-custodial privacy technique for bitcoin based on the idea of atomic swaps. If Alice and Bob want to do a coinswap; then it can be understood as Alice exchanging her bitcoin for the same amount (minus fees) of Bob's bitcoins, but done with bitcoin smart contracts to eliminate the possiblity of cheating by either side. The closely-related idea of atomic swaps has the important property of atomicity, where an exchange of blockchain tokens happens eitherly or not at all, there is no possibility of one side cheating the other.

CoinSwaps break the transaction graph between the sent and received bitcoins. On the block chain it looks like two sets of completely disconnected transactions:

Alice's Address ---> 2of2 multisig escrow address 1 ---> Bob's Address
Bob's Address   ---> 2of2 multisig escrow address 2 ---> Alice's Address

Obviously Alice and Bob generate new addresses each to avoid the privacy loss due to address reuse.

In this example the only distinguishing mark of CoinSwap transactions is that they involve a 2-of-2 multisignature address. As 2-of-3 multisig is far more common as of 2018, CoinSwaps could be done with a 2-of-3 multisig using one fake public key, so it is really a 2-of-2 multisig between Alice and Bob. With script techniques like ECDSA-2P or Schnorr signatures it would become possible to have coinswaps that are completely indistinguishable from any other transaction on the blockchain. CoinSwap could be said to allow bitcoins to teleport undetectably to anywhere else on the blockchain. Non-CoinSwap transactions would benefit because a blockchain analyst could never be sure that ordinary transactions are not actually CoinSwaps. They also do not require much block space compared to the amount of privacy they provide.

CoinSwaps require a lot of interaction between the involved parties, which can make this kind of system tricky to design while avoiding denial-of-service. They also have a liveness requirement and non-censorship requirement, meaning that the entities taking part must always be able to freely access the bitcoin network; If the internet was down for days or weeks then half-completed CoinSwaps could end with one side having their money stolen[1].

External link

See these links for detailed explanations of how the coinswap protocol works.

See also

References