Git-Mirrors/xmr-btc-swap
1
0
Fork 0
mirror of https://github.com/comit-network/xmr-btc-swap.git synced 2024-10-01 01:45:40 -04:00
Code Issues Packages Projects Releases Wiki Activity
14c5a4f025
xmr-btc-swap/swap/src/protocol/alice/state.rs

498 lines
16 KiB
Rust
Raw Normal View History

Change `imports_granularity` to module This reduces the overall amount of LoC that imports take up in our codebase by almost 100. It also makes merge-conflicts less likely because there is less grouping together of imports that may lead to layout changes which in turn can cause merge conflicts.
2021-03-03 19:28:58 -05:00
use crate::bitcoin::{
Greatly reduce load onto the Electrum backend We achieve our optimizations in three ways: 1. Batching calls instead of making them individually. To get access to the batch calls, we replace all our calls to the HTTP interface with RPC calls. 2. Never directly make network calls based on function calls on the wallet. Instead, inquiring about the status of a script always just returns information based on local data. With every call, we check when we last refreshed the local data and do so if the data is considered to be too old. This interval is configurable. 3. Use electrum's notification feature to get updated with the latest blockheight. Co-authored-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Rishab Sharma <rishflab@hotmail.com>
2021-03-11 02:16:00 -05:00
current_epoch, CancelTimelock, ExpiredTimelocks, PunishTimelock, TxCancel, TxPunish, TxRefund,
Rename weight constants.
2021-04-30 20:16:16 -04:00
TX_PUNISH_ESTIMATED_WEIGHT, TX_REDEEM_ESTIMATED_WEIGHT,
Merge xmr_btc crate Created network, storage and protocol modules. Organised files into the modules where the belong. xmr_btc crate moved into isolated modulein swap crate. Remove the xmr_btc module and integrate into swap crate. Consolidate message related code Reorganise imports Remove unused parent Message enum Remove unused parent State enum Remove unused dependencies from Cargo.toml
2021-01-04 22:08:36 -05:00
};
Rename ExecutionParams to EnvironmentConfig
2021-03-16 23:55:42 -04:00
use crate::env::Config;
Alice sweeps refunded funds into default wallet Since Alice's refund scenario starts with generating the temporary wallet from keys to claim the XMR which results in Alice' unloading the wallet. Alice then loads her original wallet to be able to handle more swaps. Since Alice is in the role of the long running daemon handling concurrent swaps, the operation to close, claim and re-open her default wallet must be atomic. This PR adds an additional step, that sweeps all the refunded XMR back into the default wallet. In order to ensure that this is possible, Alice has to ensure that the locked XMR got enough confirmations. These changes allow us to assert Alice's balance after refunding.
2021-03-16 04:24:41 -04:00
use crate::monero::wallet::{TransferRequest, WatchRequest};
use crate::monero::TransferProof;
Make as many fields of Alice's states private as possible To achieve this, we need to add some pure helpers to the state structs. This has the added benefit that we can reduce the amount of code within the swap function.
2021-03-24 01:48:05 -04:00
use crate::monero_ext::ScalarExt;
Move messages into `protocol` module This allows us to remove all visibility modifiers from the message fields because child modules (in this case {alice,bob}::state) can always access private fields of structs. It also moves the messages into a more natural place. Previously, they were defined within the network layer even though they are independent of the libp2p implementation.
2021-03-24 01:55:00 -04:00
use crate::protocol::{Message0, Message1, Message2, Message3, Message4, CROSS_CURVE_PROOF_SYSTEM};
Change `imports_granularity` to module This reduces the overall amount of LoC that imports take up in our codebase by almost 100. It also makes merge-conflicts less likely because there is less grouping together of imports that may lead to layout changes which in turn can cause merge conflicts.
2021-03-03 19:28:58 -05:00
use crate::{bitcoin, monero};
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
2021-02-17 21:33:50 -05:00
use anyhow::{anyhow, bail, Context, Result};
Remember monero wallet-height for Alice's refund scenario
2021-02-24 01:38:35 -05:00
use monero_rpc::wallet::BlockHeight;
Remove newlines from import statements to avoid problems Rust fmt automatically groups the imports (from top to bottom) as `pub use` `use crate` and `use`. There is no need to introduce sections which cause annoyance when auto importing using the IDE.
2021-01-20 19:20:57 -05:00
use rand::{CryptoRng, RngCore};
use serde::{Deserialize, Serialize};
Only construct proof system once The proof system is a static element and can be reused several times.
2021-02-18 20:22:55 -05:00
use sigma_fun::ext::dl_secp256k1_ed25519_eq::CrossCurveDLEQProof;
Remove newlines from import statements to avoid problems Rust fmt automatically groups the imports (from top to bottom) as `pub use` `use crate` and `use`. There is no need to introduce sections which cause annoyance when auto importing using the IDE.
2021-01-20 19:20:57 -05:00
use std::fmt;
Multiple swaps with the same peer - Swap-id is exchanged during execution setup. CLI (Bob) sends the swap-id to be used in his first message. - Transfer poof and encryption signature messages include the swap-id so it can be properly associated with the correct swap. - ASB: Encryption signatures are associated with swaps by swap-id, not peer-id. - ASB: Transfer proofs are still associated to peer-ids (because they have to be sent to the respective peer), but the ASB can buffer multiple - CLI: Incoming transfer proofs are checked for matching swap-id. If a transfer proof with a different swap-id than the current executing swap is received it will be ignored. We can change this to saving into the database. Includes concurrent swap tests with the same Bob. - One test that pauses and starts an additional swap after the transfer proof was received. Results in both swaps being redeemed after resuming the first swap. - One test that pauses and starts an additional swap before the transfer proof is sent (just after BTC locked). Results in the second swap redeeming and the first swap being refunded (because the transfer proof on Bob's side is lost). Once we store transfer proofs that we receive during executing a different swap into the database both swaps should redeem. Note that the monero harness was adapted to allow creating wallets with multiple outputs, which is needed for Alice.
2021-04-08 04:56:26 -04:00
use uuid::Uuid;
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
Move protocol parent states into appropriate module
2021-01-07 18:52:07 -05:00
#[derive(Debug)]
pub enum AliceState {
Started {
state3: Box<State3>,
},
BtcLocked {
state3: Box<State3>,
},
Wait for lock tx and send transfer proof in separate state Sending the transfer transaction in a distinct state helps ensuring that we do not send the Monero lock transaction twice in a restart scenario. Waiting for the first transaction confirmation in a separate state helps ensuring that we send the transfer proof in a restart scenario.
2021-03-25 04:55:54 -04:00
XmrLockTransactionSent {
monero_wallet_restore_blockheight: BlockHeight,
transfer_proof: TransferProof,
state3: Box<State3>,
},
Move protocol parent states into appropriate module
2021-01-07 18:52:07 -05:00
XmrLocked {
Wait for lock tx and send transfer proof in separate state Sending the transfer transaction in a distinct state helps ensuring that we do not send the Monero lock transaction twice in a restart scenario. Waiting for the first transaction confirmation in a separate state helps ensuring that we send the transfer proof in a restart scenario.
2021-03-25 04:55:54 -04:00
monero_wallet_restore_blockheight: BlockHeight,
transfer_proof: TransferProof,
state3: Box<State3>,
},
XmrLockTransferProofSent {
Remember monero wallet-height for Alice's refund scenario
2021-02-24 01:38:35 -05:00
monero_wallet_restore_blockheight: BlockHeight,
Await 10 confirmations of lock tx in refund Awaiting the confirmations in an earlier state can cause trouble with resuming swaps with short cancel expiries (test scenarios). Since it is the responsibility of the refund state to ensure that the XMR can be sweeped, we now ensure that the lock transaction has 10 confirmations before refunding the XMR using generate_from_keys.
2021-03-29 20:53:21 -04:00
transfer_proof: TransferProof,
Move protocol parent states into appropriate module
2021-01-07 18:52:07 -05:00
state3: Box<State3>,
},
EncSigLearned {
Remember monero wallet-height for Alice's refund scenario
2021-02-24 01:38:35 -05:00
monero_wallet_restore_blockheight: BlockHeight,
Await 10 confirmations of lock tx in refund Awaiting the confirmations in an earlier state can cause trouble with resuming swaps with short cancel expiries (test scenarios). Since it is the responsibility of the refund state to ensure that the XMR can be sweeped, we now ensure that the lock transaction has 10 confirmations before refunding the XMR using generate_from_keys.
2021-03-29 20:53:21 -04:00
transfer_proof: TransferProof,
Preemptively box encrypted signature to avoid size difference in enum
2021-02-04 01:10:18 -05:00
encrypted_signature: Box<bitcoin::EncryptedSignature>,
Move protocol parent states into appropriate module
2021-01-07 18:52:07 -05:00
state3: Box<State3>,
},
BtcRedeemed,
BtcCancelled {
Remember monero wallet-height for Alice's refund scenario
2021-02-24 01:38:35 -05:00
monero_wallet_restore_blockheight: BlockHeight,
Await 10 confirmations of lock tx in refund Awaiting the confirmations in an earlier state can cause trouble with resuming swaps with short cancel expiries (test scenarios). Since it is the responsibility of the refund state to ensure that the XMR can be sweeped, we now ensure that the lock transaction has 10 confirmations before refunding the XMR using generate_from_keys.
2021-03-29 20:53:21 -04:00
transfer_proof: TransferProof,
Move protocol parent states into appropriate module
2021-01-07 18:52:07 -05:00
state3: Box<State3>,
},
BtcRefunded {
Remember monero wallet-height for Alice's refund scenario
2021-02-24 01:38:35 -05:00
monero_wallet_restore_blockheight: BlockHeight,
Await 10 confirmations of lock tx in refund Awaiting the confirmations in an earlier state can cause trouble with resuming swaps with short cancel expiries (test scenarios). Since it is the responsibility of the refund state to ensure that the XMR can be sweeped, we now ensure that the lock transaction has 10 confirmations before refunding the XMR using generate_from_keys.
2021-03-29 20:53:21 -04:00
transfer_proof: TransferProof,
Move protocol parent states into appropriate module
2021-01-07 18:52:07 -05:00
spend_key: monero::PrivateKey,
state3: Box<State3>,
},
BtcPunishable {
Remember monero wallet-height for Alice's refund scenario
2021-02-24 01:38:35 -05:00
monero_wallet_restore_blockheight: BlockHeight,
Await 10 confirmations of lock tx in refund Awaiting the confirmations in an earlier state can cause trouble with resuming swaps with short cancel expiries (test scenarios). Since it is the responsibility of the refund state to ensure that the XMR can be sweeped, we now ensure that the lock transaction has 10 confirmations before refunding the XMR using generate_from_keys.
2021-03-29 20:53:21 -04:00
transfer_proof: TransferProof,
Move protocol parent states into appropriate module
2021-01-07 18:52:07 -05:00
state3: Box<State3>,
},
XmrRefunded,
CancelTimelockExpired {
Remember monero wallet-height for Alice's refund scenario
2021-02-24 01:38:35 -05:00
monero_wallet_restore_blockheight: BlockHeight,
Await 10 confirmations of lock tx in refund Awaiting the confirmations in an earlier state can cause trouble with resuming swaps with short cancel expiries (test scenarios). Since it is the responsibility of the refund state to ensure that the XMR can be sweeped, we now ensure that the lock transaction has 10 confirmations before refunding the XMR using generate_from_keys.
2021-03-29 20:53:21 -04:00
transfer_proof: TransferProof,
Move protocol parent states into appropriate module
2021-01-07 18:52:07 -05:00
state3: Box<State3>,
},
BtcPunished,
SafelyAborted,
}
impl fmt::Display for AliceState {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match self {
AliceState::Started { .. } => write!(f, "started"),
AliceState::BtcLocked { .. } => write!(f, "btc is locked"),
Wait for lock tx and send transfer proof in separate state Sending the transfer transaction in a distinct state helps ensuring that we do not send the Monero lock transaction twice in a restart scenario. Waiting for the first transaction confirmation in a separate state helps ensuring that we send the transfer proof in a restart scenario.
2021-03-25 04:55:54 -04:00
AliceState::XmrLockTransactionSent { .. } => write!(f, "xmr lock transaction sent"),
Move protocol parent states into appropriate module
2021-01-07 18:52:07 -05:00
AliceState::XmrLocked { .. } => write!(f, "xmr is locked"),
Wait for lock tx and send transfer proof in separate state Sending the transfer transaction in a distinct state helps ensuring that we do not send the Monero lock transaction twice in a restart scenario. Waiting for the first transaction confirmation in a separate state helps ensuring that we send the transfer proof in a restart scenario.
2021-03-25 04:55:54 -04:00
AliceState::XmrLockTransferProofSent { .. } => {
write!(f, "xmr lock transfer proof sent")
}
Move protocol parent states into appropriate module
2021-01-07 18:52:07 -05:00
AliceState::EncSigLearned { .. } => write!(f, "encrypted signature is learned"),
AliceState::BtcRedeemed => write!(f, "btc is redeemed"),
AliceState::BtcCancelled { .. } => write!(f, "btc is cancelled"),
AliceState::BtcRefunded { .. } => write!(f, "btc is refunded"),
AliceState::BtcPunished => write!(f, "btc is punished"),
AliceState::SafelyAborted => write!(f, "safely aborted"),
AliceState::BtcPunishable { .. } => write!(f, "btc is punishable"),
AliceState::XmrRefunded => write!(f, "xmr is refunded"),
AliceState::CancelTimelockExpired { .. } => write!(f, "cancel timelock is expired"),
}
}
}
Remove unnecessary serde implementations
2021-03-24 01:31:49 -04:00
#[derive(Clone, Debug, PartialEq)]
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
pub struct State0 {
Make as many fields of Alice's states private as possible To achieve this, we need to add some pure helpers to the state structs. This has the added benefit that we can reduce the amount of code within the swap function.
2021-03-24 01:48:05 -04:00
a: bitcoin::SecretKey,
s_a: monero::Scalar,
v_a: monero::PrivateViewKey,
S_a_monero: monero::PublicKey,
S_a_bitcoin: bitcoin::PublicKey,
dleq_proof_s_a: CrossCurveDLEQProof,
btc: bitcoin::Amount,
xmr: monero::Amount,
cancel_timelock: CancelTimelock,
punish_timelock: PunishTimelock,
redeem_address: bitcoin::Address,
punish_address: bitcoin::Address,
Dynamically chose fee for TxRedeem. Alice chooses the fee for TxRedeem because she is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 03:08:00 -04:00
tx_redeem_fee: bitcoin::Amount,
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
tx_punish_fee: bitcoin::Amount,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
}
impl State0 {
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
2021-02-04 01:01:08 -05:00
pub async fn new<R>(
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
btc: bitcoin::Amount,
xmr: monero::Amount,
Rename ExecutionParams to EnvironmentConfig
2021-03-16 23:55:42 -04:00
env_config: Config,
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
2021-02-04 01:01:08 -05:00
bitcoin_wallet: &bitcoin::Wallet,
Avoid carrying rng
2021-02-02 23:25:05 -05:00
rng: &mut R,
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
2021-02-04 01:01:08 -05:00
) -> Result<Self>
Avoid carrying rng
2021-02-02 23:25:05 -05:00
where
R: RngCore + CryptoRng,
{
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
2021-02-04 01:01:08 -05:00
let a = bitcoin::SecretKey::new_random(rng);
let v_a = monero::PrivateViewKey::new_random(rng);
let redeem_address = bitcoin_wallet.new_address().await?;
Use different address for redeem and punish Having the same address could potentially cause issues when subscribing to transactions by script
2021-03-17 00:26:44 -04:00
let punish_address = bitcoin_wallet.new_address().await?;
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
2021-02-17 21:33:50 -05:00
let s_a = monero::Scalar::random(rng);
Only construct proof system once The proof system is a static element and can be reused several times.
2021-02-18 20:22:55 -05:00
let (dleq_proof_s_a, (S_a_bitcoin, S_a_monero)) = CROSS_CURVE_PROOF_SYSTEM.prove(&s_a, rng);
Avoid carrying rng
2021-02-02 23:25:05 -05:00
Dynamically calculate fees using electrum's estimate_fee. Electrum has an estimate-fee feature which takes as input the block you want a tx to be included. The result is a recommendation of BTC/vbyte. Using this recommendation and the knowledge about the size of our transactions we compute an appropriate fee. The size of the transactions were taken from real transactions as published on bitcoin testnet. Note: in reality these sizes might fluctuate a bit but not for much.
2021-04-30 20:08:54 -04:00
let tx_redeem_fee = bitcoin_wallet
Rename weight constants.
2021-04-30 20:16:16 -04:00
.estimate_fee(TX_REDEEM_ESTIMATED_WEIGHT)
Dynamically calculate fees using electrum's estimate_fee. Electrum has an estimate-fee feature which takes as input the block you want a tx to be included. The result is a recommendation of BTC/vbyte. Using this recommendation and the knowledge about the size of our transactions we compute an appropriate fee. The size of the transactions were taken from real transactions as published on bitcoin testnet. Note: in reality these sizes might fluctuate a bit but not for much.
2021-04-30 20:08:54 -04:00
.await?;
let tx_punish_fee = bitcoin_wallet
Rename weight constants.
2021-04-30 20:16:16 -04:00
.estimate_fee(TX_PUNISH_ESTIMATED_WEIGHT)
Dynamically calculate fees using electrum's estimate_fee. Electrum has an estimate-fee feature which takes as input the block you want a tx to be included. The result is a recommendation of BTC/vbyte. Using this recommendation and the knowledge about the size of our transactions we compute an appropriate fee. The size of the transactions were taken from real transactions as published on bitcoin testnet. Note: in reality these sizes might fluctuate a bit but not for much.
2021-04-30 20:08:54 -04:00
.await?;
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
2021-02-04 01:01:08 -05:00
Ok(Self {
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
a,
s_a,
v_a,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
2021-02-17 21:33:50 -05:00
S_a_bitcoin: S_a_bitcoin.into(),
S_a_monero: monero::PublicKey {
point: S_a_monero.compress(),
},
Avoid carrying rng
2021-02-02 23:25:05 -05:00
dleq_proof_s_a,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
redeem_address,
punish_address,
btc,
xmr,
Rename ExecutionParams to EnvironmentConfig
2021-03-16 23:55:42 -04:00
cancel_timelock: env_config.bitcoin_cancel_timelock,
punish_timelock: env_config.bitcoin_punish_timelock,
Dynamically calculate fees using electrum's estimate_fee. Electrum has an estimate-fee feature which takes as input the block you want a tx to be included. The result is a recommendation of BTC/vbyte. Using this recommendation and the knowledge about the size of our transactions we compute an appropriate fee. The size of the transactions were taken from real transactions as published on bitcoin testnet. Note: in reality these sizes might fluctuate a bit but not for much.
2021-04-30 20:08:54 -04:00
tx_redeem_fee,
tx_punish_fee,
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
2021-02-04 01:01:08 -05:00
})
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
}
Multiple swaps with the same peer - Swap-id is exchanged during execution setup. CLI (Bob) sends the swap-id to be used in his first message. - Transfer poof and encryption signature messages include the swap-id so it can be properly associated with the correct swap. - ASB: Encryption signatures are associated with swaps by swap-id, not peer-id. - ASB: Transfer proofs are still associated to peer-ids (because they have to be sent to the respective peer), but the ASB can buffer multiple - CLI: Incoming transfer proofs are checked for matching swap-id. If a transfer proof with a different swap-id than the current executing swap is received it will be ignored. We can change this to saving into the database. Includes concurrent swap tests with the same Bob. - One test that pauses and starts an additional swap after the transfer proof was received. Results in both swaps being redeemed after resuming the first swap. - One test that pauses and starts an additional swap before the transfer proof is sent (just after BTC locked). Results in the second swap redeeming and the first swap being refunded (because the transfer proof on Bob's side is lost). Once we store transfer proofs that we receive during executing a different swap into the database both swaps should redeem. Note that the monero harness was adapted to allow creating wallets with multiple outputs, which is needed for Alice.
2021-04-08 04:56:26 -04:00
pub fn receive(self, msg: Message0) -> Result<(Uuid, State1)> {
Only construct proof system once The proof system is a static element and can be reused several times.
2021-02-18 20:22:55 -05:00
let valid = CROSS_CURVE_PROOF_SYSTEM.verify(
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
2021-02-17 21:33:50 -05:00
&msg.dleq_proof_s_b,
(
msg.S_b_bitcoin.into(),
msg.S_b_monero
.point
.decompress()
.ok_or_else(|| anyhow!("S_b is not a monero curve point"))?,
),
);
if !valid {
bail!("Bob's dleq proof doesn't verify")
}
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
let v = self.v_a + msg.v_b;
Multiple swaps with the same peer - Swap-id is exchanged during execution setup. CLI (Bob) sends the swap-id to be used in his first message. - Transfer poof and encryption signature messages include the swap-id so it can be properly associated with the correct swap. - ASB: Encryption signatures are associated with swaps by swap-id, not peer-id. - ASB: Transfer proofs are still associated to peer-ids (because they have to be sent to the respective peer), but the ASB can buffer multiple - CLI: Incoming transfer proofs are checked for matching swap-id. If a transfer proof with a different swap-id than the current executing swap is received it will be ignored. We can change this to saving into the database. Includes concurrent swap tests with the same Bob. - One test that pauses and starts an additional swap after the transfer proof was received. Results in both swaps being redeemed after resuming the first swap. - One test that pauses and starts an additional swap before the transfer proof is sent (just after BTC locked). Results in the second swap redeeming and the first swap being refunded (because the transfer proof on Bob's side is lost). Once we store transfer proofs that we receive during executing a different swap into the database both swaps should redeem. Note that the monero harness was adapted to allow creating wallets with multiple outputs, which is needed for Alice.
2021-04-08 04:56:26 -04:00
Ok((msg.swap_id, State1 {
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
a: self.a,
B: msg.B,
s_a: self.s_a,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
2021-02-17 21:33:50 -05:00
S_a_monero: self.S_a_monero,
S_a_bitcoin: self.S_a_bitcoin,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
S_b_monero: msg.S_b_monero,
S_b_bitcoin: msg.S_b_bitcoin,
v,
Re-organise Alice state to be more coherent with the msg sequence
2021-02-05 00:40:11 -05:00
v_a: self.v_a,
dleq_proof_s_a: self.dleq_proof_s_a,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
btc: self.btc,
xmr: self.xmr,
Remove Refund timelock and T0/T1/T2 There are no refund timelock, only a cancellation timelock and punish timelock. Refund can be done as soon as the cancellation transaction is published.
2020-12-21 23:47:09 -05:00
cancel_timelock: self.cancel_timelock,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
punish_timelock: self.punish_timelock,
refund_address: msg.refund_address,
redeem_address: self.redeem_address,
punish_address: self.punish_address,
Dynamically chose fee for TxRedeem. Alice chooses the fee for TxRedeem because she is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 03:08:00 -04:00
tx_redeem_fee: self.tx_redeem_fee,
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
tx_punish_fee: self.tx_punish_fee,
tx_refund_fee: msg.tx_refund_fee,
Dynamically chose fee for TxCancel. Bob chooses the fee for TxCancel because he is the one that cares.
2021-04-28 20:59:40 -04:00
tx_cancel_fee: msg.tx_cancel_fee,
Multiple swaps with the same peer - Swap-id is exchanged during execution setup. CLI (Bob) sends the swap-id to be used in his first message. - Transfer poof and encryption signature messages include the swap-id so it can be properly associated with the correct swap. - ASB: Encryption signatures are associated with swaps by swap-id, not peer-id. - ASB: Transfer proofs are still associated to peer-ids (because they have to be sent to the respective peer), but the ASB can buffer multiple - CLI: Incoming transfer proofs are checked for matching swap-id. If a transfer proof with a different swap-id than the current executing swap is received it will be ignored. We can change this to saving into the database. Includes concurrent swap tests with the same Bob. - One test that pauses and starts an additional swap after the transfer proof was received. Results in both swaps being redeemed after resuming the first swap. - One test that pauses and starts an additional swap before the transfer proof is sent (just after BTC locked). Results in the second swap redeeming and the first swap being refunded (because the transfer proof on Bob's side is lost). Once we store transfer proofs that we receive during executing a different swap into the database both swaps should redeem. Note that the monero harness was adapted to allow creating wallets with multiple outputs, which is needed for Alice.
2021-04-08 04:56:26 -04:00
}))
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
}
}
Remove unnecessary serde implementations
2021-03-24 01:31:49 -04:00
#[derive(Clone, Debug)]
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
pub struct State1 {
a: bitcoin::SecretKey,
B: bitcoin::PublicKey,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
2021-02-17 21:33:50 -05:00
s_a: monero::Scalar,
S_a_monero: monero::PublicKey,
S_a_bitcoin: bitcoin::PublicKey,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
S_b_monero: monero::PublicKey,
S_b_bitcoin: bitcoin::PublicKey,
v: monero::PrivateViewKey,
Re-organise Alice state to be more coherent with the msg sequence
2021-02-05 00:40:11 -05:00
v_a: monero::PrivateViewKey,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
2021-02-17 21:33:50 -05:00
dleq_proof_s_a: CrossCurveDLEQProof,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
btc: bitcoin::Amount,
xmr: monero::Amount,
Avoid possible mix up between timelocks Introduce new type to ensure no mix up happens when ordering the fields in function calls.
2021-02-14 20:19:43 -05:00
cancel_timelock: CancelTimelock,
punish_timelock: PunishTimelock,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
refund_address: bitcoin::Address,
redeem_address: bitcoin::Address,
punish_address: bitcoin::Address,
Dynamically chose fee for TxRedeem. Alice chooses the fee for TxRedeem because she is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 03:08:00 -04:00
tx_redeem_fee: bitcoin::Amount,
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
tx_punish_fee: bitcoin::Amount,
tx_refund_fee: bitcoin::Amount,
Dynamically chose fee for TxCancel. Bob chooses the fee for TxCancel because he is the one that cares.
2021-04-28 20:59:40 -04:00
tx_cancel_fee: bitcoin::Amount,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
}
impl State1 {
Re-organise Alice state to be more coherent with the msg sequence
2021-02-05 00:40:11 -05:00
pub fn next_message(&self) -> Message1 {
Message1 {
A: self.a.public(),
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
2021-02-17 21:33:50 -05:00
S_a_monero: self.S_a_monero,
S_a_bitcoin: self.S_a_bitcoin,
Re-organise Alice state to be more coherent with the msg sequence
2021-02-05 00:40:11 -05:00
dleq_proof_s_a: self.dleq_proof_s_a.clone(),
v_a: self.v_a,
redeem_address: self.redeem_address.clone(),
punish_address: self.punish_address.clone(),
Dynamically chose fee for TxRedeem. Alice chooses the fee for TxRedeem because she is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 03:08:00 -04:00
tx_redeem_fee: self.tx_redeem_fee,
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
tx_punish_fee: self.tx_punish_fee,
Re-organise Alice state to be more coherent with the msg sequence
2021-02-05 00:40:11 -05:00
}
}
Alice to validate Bob's PSBT for correctness In order for the re-construction of TxLock to be meaningful, we limit `Message2` to the PSBT instead of the full struct. This is a breaking change in the network layer. The PSBT is valid if: - It has at most two outputs (we allow a change output) - One of the outputs pays the agreed upon amount to a shared output script Resolves #260.
2021-03-24 03:30:55 -04:00
pub fn receive(self, msg: Message2) -> Result<State2> {
let tx_lock = bitcoin::TxLock::from_psbt(msg.psbt, self.a.public(), self.B, self.btc)
.context("Failed to re-construct TxLock from received PSBT")?;
Ok(State2 {
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
a: self.a,
B: self.B,
s_a: self.s_a,
S_b_monero: self.S_b_monero,
S_b_bitcoin: self.S_b_bitcoin,
v: self.v,
btc: self.btc,
xmr: self.xmr,
Remove Refund timelock and T0/T1/T2 There are no refund timelock, only a cancellation timelock and punish timelock. Refund can be done as soon as the cancellation transaction is published.
2020-12-21 23:47:09 -05:00
cancel_timelock: self.cancel_timelock,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
punish_timelock: self.punish_timelock,
refund_address: self.refund_address,
redeem_address: self.redeem_address,
punish_address: self.punish_address,
Alice to validate Bob's PSBT for correctness In order for the re-construction of TxLock to be meaningful, we limit `Message2` to the PSBT instead of the full struct. This is a breaking change in the network layer. The PSBT is valid if: - It has at most two outputs (we allow a change output) - One of the outputs pays the agreed upon amount to a shared output script Resolves #260.
2021-03-24 03:30:55 -04:00
tx_lock,
Dynamically chose fee for TxRedeem. Alice chooses the fee for TxRedeem because she is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 03:08:00 -04:00
tx_redeem_fee: self.tx_redeem_fee,
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
tx_punish_fee: self.tx_punish_fee,
tx_refund_fee: self.tx_refund_fee,
Dynamically chose fee for TxCancel. Bob chooses the fee for TxCancel because he is the one that cares.
2021-04-28 20:59:40 -04:00
tx_cancel_fee: self.tx_cancel_fee,
Alice to validate Bob's PSBT for correctness In order for the re-construction of TxLock to be meaningful, we limit `Message2` to the PSBT instead of the full struct. This is a breaking change in the network layer. The PSBT is valid if: - It has at most two outputs (we allow a change output) - One of the outputs pays the agreed upon amount to a shared output script Resolves #260.
2021-03-24 03:30:55 -04:00
})
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
}
}
Remove unnecessary serde implementations
2021-03-24 01:31:49 -04:00
#[derive(Clone, Debug)]
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
pub struct State2 {
a: bitcoin::SecretKey,
B: bitcoin::PublicKey,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
2021-02-17 21:33:50 -05:00
s_a: monero::Scalar,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
S_b_monero: monero::PublicKey,
S_b_bitcoin: bitcoin::PublicKey,
v: monero::PrivateViewKey,
btc: bitcoin::Amount,
xmr: monero::Amount,
Avoid possible mix up between timelocks Introduce new type to ensure no mix up happens when ordering the fields in function calls.
2021-02-14 20:19:43 -05:00
cancel_timelock: CancelTimelock,
punish_timelock: PunishTimelock,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
refund_address: bitcoin::Address,
redeem_address: bitcoin::Address,
punish_address: bitcoin::Address,
tx_lock: bitcoin::TxLock,
Dynamically chose fee for TxRedeem. Alice chooses the fee for TxRedeem because she is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 03:08:00 -04:00
tx_redeem_fee: bitcoin::Amount,
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
tx_punish_fee: bitcoin::Amount,
tx_refund_fee: bitcoin::Amount,
Dynamically chose fee for TxCancel. Bob chooses the fee for TxCancel because he is the one that cares.
2021-04-28 20:59:40 -04:00
tx_cancel_fee: bitcoin::Amount,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
}
impl State2 {
Rename alice::Message1 to Message3 As per sequence diagram.
2021-02-03 19:45:54 -05:00
pub fn next_message(&self) -> Message3 {
Dynamically chose fee for TxCancel. Bob chooses the fee for TxCancel because he is the one that cares.
2021-04-28 20:59:40 -04:00
let tx_cancel = bitcoin::TxCancel::new(
&self.tx_lock,
self.cancel_timelock,
self.a.public(),
self.B,
self.tx_cancel_fee,
);
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
let tx_refund =
bitcoin::TxRefund::new(&tx_cancel, &self.refund_address, self.tx_refund_fee);
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
// Alice encsigns the refund transaction(bitcoin) digest with Bob's monero
// pubkey(S_b). The refund transaction spends the output of
// tx_lock_bitcoin to Bob's refund address.
// recover(encsign(a, S_b, d), sign(a, d), S_b) = s_b where d is a digest, (a,
// A) is alice's keypair and (s_b, S_b) is bob's keypair.
Upgrade rust-bitcoin to 0.25
2020-12-03 01:28:23 -05:00
let tx_refund_encsig = self.a.encsign(self.S_b_bitcoin, tx_refund.digest());
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
let tx_cancel_sig = self.a.sign(tx_cancel.digest());
Rename alice::Message1 to Message3 As per sequence diagram.
2021-02-03 19:45:54 -05:00
Message3 {
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
tx_refund_encsig,
tx_cancel_sig,
}
}
Rename bob::Message2 to Message4 As per sequence diagram.
2021-02-03 19:43:07 -05:00
pub fn receive(self, msg: Message4) -> Result<State3> {
Dynamically chose fee for TxCancel. Bob chooses the fee for TxCancel because he is the one that cares.
2021-04-28 20:59:40 -04:00
let tx_cancel = bitcoin::TxCancel::new(
&self.tx_lock,
self.cancel_timelock,
self.a.public(),
self.B,
self.tx_cancel_fee,
);
Improve error reporting on signature verification
2021-01-06 22:44:31 -05:00
bitcoin::verify_sig(&self.B, &tx_cancel.digest(), &msg.tx_cancel_sig)
.context("Failed to verify cancel transaction")?;
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
let tx_punish = bitcoin::TxPunish::new(
&tx_cancel,
&self.punish_address,
self.punish_timelock,
self.tx_punish_fee,
);
Improve error reporting on signature verification
2021-01-06 22:44:31 -05:00
bitcoin::verify_sig(&self.B, &tx_punish.digest(), &msg.tx_punish_sig)
Typo Co-authored-by: Daniel Karzel <daniel.karzel@coblox.tech>
2021-01-07 19:31:21 -05:00
.context("Failed to verify punish transaction")?;
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
Ok(State3 {
a: self.a,
B: self.B,
s_a: self.s_a,
S_b_monero: self.S_b_monero,
S_b_bitcoin: self.S_b_bitcoin,
v: self.v,
btc: self.btc,
xmr: self.xmr,
Remove Refund timelock and T0/T1/T2 There are no refund timelock, only a cancellation timelock and punish timelock. Refund can be done as soon as the cancellation transaction is published.
2020-12-21 23:47:09 -05:00
cancel_timelock: self.cancel_timelock,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
punish_timelock: self.punish_timelock,
refund_address: self.refund_address,
redeem_address: self.redeem_address,
punish_address: self.punish_address,
tx_lock: self.tx_lock,
tx_punish_sig_bob: msg.tx_punish_sig,
tx_cancel_sig_bob: msg.tx_cancel_sig,
Dynamically chose fee for TxRedeem. Alice chooses the fee for TxRedeem because she is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 03:08:00 -04:00
tx_redeem_fee: self.tx_redeem_fee,
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
tx_punish_fee: self.tx_punish_fee,
tx_refund_fee: self.tx_refund_fee,
Dynamically chose fee for TxCancel. Bob chooses the fee for TxCancel because he is the one that cares.
2021-04-28 20:59:40 -04:00
tx_cancel_fee: self.tx_cancel_fee,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
})
}
}
Remove generics from Database
2020-11-02 23:26:47 -05:00
#[derive(Clone, Debug, Deserialize, Serialize, PartialEq)]
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
pub struct State3 {
Make as many fields of Alice's states private as possible To achieve this, we need to add some pure helpers to the state structs. This has the added benefit that we can reduce the amount of code within the swap function.
2021-03-24 01:48:05 -04:00
a: bitcoin::SecretKey,
B: bitcoin::PublicKey,
s_a: monero::Scalar,
S_b_monero: monero::PublicKey,
S_b_bitcoin: bitcoin::PublicKey,
Write action_generator_alice
2020-10-16 02:04:03 -04:00
pub v: monero::PrivateViewKey,
Remove custom implementation of bitcoin amount serde This is unnecessary as rust-bitcoin provides it.
2020-10-22 00:06:05 -04:00
#[serde(with = "::bitcoin::util::amount::serde::as_sat")]
Make as many fields of Alice's states private as possible To achieve this, we need to add some pure helpers to the state structs. This has the added benefit that we can reduce the amount of code within the swap function.
2021-03-24 01:48:05 -04:00
btc: bitcoin::Amount,
xmr: monero::Amount,
Avoid possible mix up between timelocks Introduce new type to ensure no mix up happens when ordering the fields in function calls.
2021-02-14 20:19:43 -05:00
pub cancel_timelock: CancelTimelock,
pub punish_timelock: PunishTimelock,
Make as many fields of Alice's states private as possible To achieve this, we need to add some pure helpers to the state structs. This has the added benefit that we can reduce the amount of code within the swap function.
2021-03-24 01:48:05 -04:00
refund_address: bitcoin::Address,
redeem_address: bitcoin::Address,
punish_address: bitcoin::Address,
Fix rebase conflicts
2020-10-22 04:25:54 -04:00
pub tx_lock: bitcoin::TxLock,
Make as many fields of Alice's states private as possible To achieve this, we need to add some pure helpers to the state structs. This has the added benefit that we can reduce the amount of code within the swap function.
2021-03-24 01:48:05 -04:00
tx_punish_sig_bob: bitcoin::Signature,
tx_cancel_sig_bob: bitcoin::Signature,
Dynamically chose fee for TxRedeem. Alice chooses the fee for TxRedeem because she is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 03:08:00 -04:00
#[serde(with = "::bitcoin::util::amount::serde::as_sat")]
tx_redeem_fee: bitcoin::Amount,
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
#[serde(with = "::bitcoin::util::amount::serde::as_sat")]
tx_punish_fee: bitcoin::Amount,
#[serde(with = "::bitcoin::util::amount::serde::as_sat")]
tx_refund_fee: bitcoin::Amount,
Dynamically chose fee for TxCancel. Bob chooses the fee for TxCancel because he is the one that cares.
2021-04-28 20:59:40 -04:00
#[serde(with = "::bitcoin::util::amount::serde::as_sat")]
tx_cancel_fee: bitcoin::Amount,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
}
impl State3 {
Remove traits in favor of using the wallet struct directly Abstracting over the individual bits of functionality of the wallet does have its place, especially if one wants to keep a separation of an abstract protocol library that other people can use with their own wallets. However, at the moment, the traits only cause unnecessary friction. We can always add such abstraction layers again once we need them.
2021-03-01 20:22:23 -05:00
pub async fn expired_timelocks(
&self,
bitcoin_wallet: &bitcoin::Wallet,
) -> Result<ExpiredTimelocks> {
Remove unnecessary state variables by constructing TXs on demand
2021-03-16 03:31:13 -04:00
let tx_cancel = self.tx_cancel();
Greatly reduce load onto the Electrum backend We achieve our optimizations in three ways: 1. Batching calls instead of making them individually. To get access to the batch calls, we replace all our calls to the HTTP interface with RPC calls. 2. Never directly make network calls based on function calls on the wallet. Instead, inquiring about the status of a script always just returns information based on local data. With every call, we check when we last refreshed the local data and do so if the data is considered to be too old. This interval is configurable. 3. Use electrum's notification feature to get updated with the latest blockheight. Co-authored-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Rishab Sharma <rishflab@hotmail.com>
2021-03-11 02:16:00 -05:00
Introduce `Watchable` abstraction for Bitcoin wallet We have a repeated pattern where we construct one of our Tx{Cancel,Redeem,Punish,Refund,Lock} transactions and wait until the status of this transaction changes. We can make this more ergonomic by creating and implementing a `Watchable` trait that gives access to the TxId and relevant script for this transaction. This allows us to remove a parameter from the `watch_until_status` function. Additionally, there is a 2nd pattern: "Completing" one of these transaction and waiting until they are confirmed with the configured number of blocks for finality. We can make this more ergonomic by returning a future from `broadcast` that callers can await in case they want to wait for the broadcasted transaction to reach finality.
2021-03-16 04:11:14 -04:00
let tx_lock_status = bitcoin_wallet.status_of_script(&self.tx_lock).await?;
let tx_cancel_status = bitcoin_wallet.status_of_script(&tx_cancel).await?;
Greatly reduce load onto the Electrum backend We achieve our optimizations in three ways: 1. Batching calls instead of making them individually. To get access to the batch calls, we replace all our calls to the HTTP interface with RPC calls. 2. Never directly make network calls based on function calls on the wallet. Instead, inquiring about the status of a script always just returns information based on local data. With every call, we check when we last refreshed the local data and do so if the data is considered to be too old. This interval is configurable. 3. Use electrum's notification feature to get updated with the latest blockheight. Co-authored-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Rishab Sharma <rishflab@hotmail.com>
2021-03-11 02:16:00 -05:00
Ok(current_epoch(
Remove Refund timelock and T0/T1/T2 There are no refund timelock, only a cancellation timelock and punish timelock. Refund can be done as soon as the cancellation transaction is published.
2020-12-21 23:47:09 -05:00
self.cancel_timelock,
Ensure that Bob can cancel correctly if T1 expired and Alice did not move Bob has to check for the possibility to cancel in every state after he locked the BTC. Otherwise Bob will try to perform actions that don't have any point.
2020-12-21 01:33:18 -05:00
self.punish_timelock,
Greatly reduce load onto the Electrum backend We achieve our optimizations in three ways: 1. Batching calls instead of making them individually. To get access to the batch calls, we replace all our calls to the HTTP interface with RPC calls. 2. Never directly make network calls based on function calls on the wallet. Instead, inquiring about the status of a script always just returns information based on local data. With every call, we check when we last refreshed the local data and do so if the data is considered to be too old. This interval is configurable. 3. Use electrum's notification feature to get updated with the latest blockheight. Co-authored-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Rishab Sharma <rishflab@hotmail.com>
2021-03-11 02:16:00 -05:00
tx_lock_status,
tx_cancel_status,
))
Test Alice refunds after Bob refund Reworked Alice XmrLocked state transition handler to handle the scenario when Alice received the encsig but Bob refunds. Previously Alice was trying to redeem after receiving the encsig without checking if t1 had elapsed.
2020-12-11 00:49:19 -05:00
}
Eliminate `build_bitcoin_punish_transaction` We reduce indirection by constructing TxPunish directly based off `State3` and make the type itself more powerful by moving the logic of completing it with a signature onto it.
2021-03-16 03:02:31 -04:00
Introduce monero::TransferRequest This allows us to move critical crypto logic onto `State3` which holds all the necessary data which consequently allows us to get rid of `lock_xmr` altogether by inlining it into the swap function. The reduced indirection improves readability.
2021-03-17 21:27:08 -04:00
pub fn lock_xmr_transfer_request(&self) -> TransferRequest {
let S_a = monero::PublicKey::from_private_key(&monero::PrivateKey { scalar: self.s_a });
let public_spend_key = S_a + self.S_b_monero;
let public_view_key = self.v.public();
TransferRequest {
public_spend_key,
public_view_key,
amount: self.xmr,
}
}
Alice sweeps refunded funds into default wallet Since Alice's refund scenario starts with generating the temporary wallet from keys to claim the XMR which results in Alice' unloading the wallet. Alice then loads her original wallet to be able to handle more swaps. Since Alice is in the role of the long running daemon handling concurrent swaps, the operation to close, claim and re-open her default wallet must be atomic. This PR adds an additional step, that sweeps all the refunded XMR back into the default wallet. In order to ensure that this is possible, Alice has to ensure that the locked XMR got enough confirmations. These changes allow us to assert Alice's balance after refunding.
2021-03-16 04:24:41 -04:00
pub fn lock_xmr_watch_request(
&self,
transfer_proof: TransferProof,
Monero confirmations are a u64 Trying to deserialize the number as a u32 caused deserialization errors.
2021-03-28 21:05:20 -04:00
conf_target: u64,
Alice sweeps refunded funds into default wallet Since Alice's refund scenario starts with generating the temporary wallet from keys to claim the XMR which results in Alice' unloading the wallet. Alice then loads her original wallet to be able to handle more swaps. Since Alice is in the role of the long running daemon handling concurrent swaps, the operation to close, claim and re-open her default wallet must be atomic. This PR adds an additional step, that sweeps all the refunded XMR back into the default wallet. In order to ensure that this is possible, Alice has to ensure that the locked XMR got enough confirmations. These changes allow us to assert Alice's balance after refunding.
2021-03-16 04:24:41 -04:00
) -> WatchRequest {
let S_a = monero::PublicKey::from_private_key(&monero::PrivateKey { scalar: self.s_a });
let public_spend_key = S_a + self.S_b_monero;
let public_view_key = self.v.public();
WatchRequest {
public_spend_key,
public_view_key,
transfer_proof,
conf_target,
expected: self.xmr,
}
}
Remove unnecessary state variables by constructing TXs on demand
2021-03-16 03:31:13 -04:00
pub fn tx_cancel(&self) -> TxCancel {
Dynamically chose fee for TxCancel. Bob chooses the fee for TxCancel because he is the one that cares.
2021-04-28 20:59:40 -04:00
TxCancel::new(
&self.tx_lock,
self.cancel_timelock,
self.a.public(),
self.B,
self.tx_cancel_fee,
)
Remove unnecessary state variables by constructing TXs on demand
2021-03-16 03:31:13 -04:00
}
Make as many fields of Alice's states private as possible To achieve this, we need to add some pure helpers to the state structs. This has the added benefit that we can reduce the amount of code within the swap function.
2021-03-24 01:48:05 -04:00
pub fn tx_refund(&self) -> TxRefund {
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
bitcoin::TxRefund::new(&self.tx_cancel(), &self.refund_address, self.tx_refund_fee)
Make as many fields of Alice's states private as possible To achieve this, we need to add some pure helpers to the state structs. This has the added benefit that we can reduce the amount of code within the swap function.
2021-03-24 01:48:05 -04:00
}
pub fn extract_monero_private_key(
&self,
published_refund_tx: bitcoin::Transaction,
) -> Result<monero::PrivateKey> {
self.tx_refund().extract_monero_private_key(
published_refund_tx,
self.s_a,
self.a.clone(),
self.S_b_bitcoin,
)
}
pub fn signed_redeem_transaction(
&self,
sig: bitcoin::EncryptedSignature,
) -> Result<bitcoin::Transaction> {
Dynamically chose fee for TxRedeem. Alice chooses the fee for TxRedeem because she is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 03:08:00 -04:00
bitcoin::TxRedeem::new(&self.tx_lock, &self.redeem_address, self.tx_redeem_fee)
Make as many fields of Alice's states private as possible To achieve this, we need to add some pure helpers to the state structs. This has the added benefit that we can reduce the amount of code within the swap function.
2021-03-24 01:48:05 -04:00
.complete(sig, self.a.clone(), self.s_a.to_secpfun_scalar(), self.B)
.context("Failed to complete Bitcoin redeem transaction")
}
pub fn signed_cancel_transaction(&self) -> Result<bitcoin::Transaction> {
self.tx_cancel()
.complete_as_alice(self.a.clone(), self.B, self.tx_cancel_sig_bob.clone())
.context("Failed to complete Bitcoin cancel transaction")
}
pub fn signed_punish_transaction(&self) -> Result<bitcoin::Transaction> {
self.tx_punish()
.complete(self.tx_punish_sig_bob.clone(), self.a.clone(), self.B)
.context("Failed to complete Bitcoin punish transaction")
}
fn tx_punish(&self) -> TxPunish {
Remove unnecessary state variables by constructing TXs on demand
2021-03-16 03:31:13 -04:00
bitcoin::TxPunish::new(
&self.tx_cancel(),
&self.punish_address,
self.punish_timelock,
Dynamically chose fee for TxRefund and TxPunish. Alice chooses the fee for TxPunish because she is the one that cares. Bob chooses the fee for TxRefund because he is the one that cares. Note must be taken here because if the fee is too low (e.g. < min tx fee) then she might not be able to publish TxRedeem at all.
2021-04-28 20:40:04 -04:00
self.tx_punish_fee,
Remove unnecessary state variables by constructing TXs on demand
2021-03-16 03:31:13 -04:00
)
}
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
2020-09-28 02:18:50 -04:00
}
Reference in New Issue Copy Permalink