Difference between revisions of "CoinSwap"
m (→External link: [dot] => .)
(→External link: * [https://bitcointalk.org/index.php?topic=321228.0 CoinSwap: Transaction graph disjoint trustless trading], gmaxwell's original proposal, October 30, 2013)
|Line 16:||Line 16:|
* https://bitcointalk.org/index.php?topic=321228.0 original proposal
Revision as of 21:39, 17 June 2020
CoinSwap is a non-custodial privacy technique for bitcoin based on the idea of atomic swaps. If Alice and Bob want to do a coinswap; then it can be understood as Alice exchanging her bitcoin for the same amount (minus fees) of Bob's bitcoins, but done with bitcoin smart contracts to eliminate the possibility of cheating by either side. The closely-related idea of atomic swaps has the important property of atomicity, where an exchange of blockchain tokens either happens or not at all, there is no possibility of one side cheating the other.
CoinSwaps break the transaction graph between the sent and received bitcoins. On the block chain it looks like two sets of completely disconnected transactions:
Alice's Address ---> 2of2 multisig escrow address 1 ---> Bob's Address Bob's Address ---> 2of2 multisig escrow address 2 ---> Alice's Address
In this example the only distinguishing mark of CoinSwap transactions is that they involve a 2-of-2 multisignature address. As 2-of-3 multisig is far more common as of 2018, CoinSwaps could be done with a 2-of-3 multisig using one fake public key, so it is really a 2-of-2 multisig between Alice and Bob. With script techniques like ECDSA-2P or Schnorr signatures it would become possible to have coinswaps that are completely indistinguishable from any other transaction on the blockchain. CoinSwap could be said to allow bitcoins to teleport undetectably to anywhere else on the blockchain. Non-CoinSwap transactions would benefit because a blockchain analyst could never be sure that ordinary transactions are not actually CoinSwaps. They also do not require much block space compared to the amount of privacy they provide.
CoinSwaps require a lot of interaction between the involved parties, which can make this kind of system tricky to design while avoiding denial-of-service. They also have a liveness requirement and non-censorship requirement, meaning that the entities taking part must always be able to freely access the bitcoin network; If the internet was down for days or weeks then half-completed CoinSwaps could end with one side having their money stolen.
See these links for detailed explanations of how the coinswap protocol works.
- CoinSwap: Transaction graph disjoint trustless trading, gmaxwell's original proposal, October 30, 2013