mirror of
https://github.com/comit-network/xmr-btc-swap.git
synced 2024-12-30 09:56:19 -05:00
Bitcoin–Monero Cross-chain Atomic Swap
485220929e
127: Deterministic peer id for alice and bob r=da-kami a=da-kami The first commit introduces a seed file similar to Nectar. Note, that the parameter --database was changed to --data-dir where the database is stored in the sub-folder database inside that data directory. This is breaking change, run commands will have to be adapted. I opted for keeping the structure of generating an overall seed and then deriving the network seed from it (as in Nectar, where we use the seed for wallet creation as well). I feel this is cleaner than just using the seed for the network only. The second commit applies the deterministic peer id to Bob as well. We don't have to do this because in the current setup Bob can have a new identity every time. I would still harmonize this to avoid confusion in the future. I don't see a reason why Bob's setup should be different from Alice here. Co-authored-by: Daniel Karzel <daniel@comit.network> |
||
---|---|---|
.github/workflows | ||
docs/research/user-experience | ||
monero-harness | ||
swap | ||
.gitignore | ||
.mergify.yml | ||
bors.toml | ||
BTC_XMR_atomic_swap_protocol.svg | ||
Cargo.lock | ||
Cargo.toml | ||
LICENSE | ||
README.md | ||
rust-toolchain | ||
rustfmt.toml |
XMR to BTC Atomic Swap
This repository is a proof of concept for atomically swapping XMR for BTC.
We define:
- Alice to be the actor that initially holds XMR.
- Bob to be the actor that initially holds BTC.
In the best-case scenario the protocol looks like this:
- Alice and Bob exchange a set of addresses, keys, zero-knowledge proofs and signatures.
- Bob publishes
Tx_lock
, locking up his bitcoin in a 2-of-2 multisig output owned by Alice and Bob. Given the information exchanged in step 1, Bob can refund his bitcoin if he waits until timet_1
by usingTx_cancel
andTx_refund
. If Bob doesn't refund after timet_1
, Alice can punish Bob for being inactive by first publishingTx_cancel
and, aftert_2
, spending the output usingTx_punish
. - Alice sees that Bob has locked up the bitcoin, so she publishes
Tx_lock
on the Monero blockchain, locking up her monero in an output which can only be spent with a secret key owned by Alice (s_a
) and a secret key owned by Bob (s_b
). This means that neither of them can actually spend this output unless they learn the secret key of the other party. - Bob sees that Alice has locked up the monero, so he now sends Alice a missing key bit of information which will allow Alice to redeem the bitcoin using
Tx_redeem
. - Alice uses this information to spend the bitcoin to an address owned by her.
When doing so she leaks her Monero secret key
s_a
to Bob through the magic of adaptor signatures. - Bob sees Alice's
Tx_redeem
on Bitcoin, extracts Alice's secret key from it and combines it with his own to spend the monero to an address of his own.
The repository is structured as a library and a single test function that executes the swap. The library has the following modules:
alice
: Defines the state machine that describes the swap for Alice. This includes the messages sent to/from Alice.bob
: Defines the state machine that describes the swap for Bob. This includes the messages sent to/from Bob.bitcoin
: Keys, signing functions, transactions etc. for Bitcoin. Also includes a test wallet (see below).monero
: Keys, signing functions, transactions etc. for Monero. Also includes a test wallet (see below).
Currently we have a single test function that proves the following:
- Interaction with both block chains and their respective wallets works.
- The messages required are correct and can manually drive the state transitions to execute a swap.
- It is possible to interact with, and watch, the monero blockchain using
monero-wallet-rpc
. - It is possible to watch a bitcoind instance using
bitcoin-harness
(we already knew this :)
Currently we do not do:
- Actual network communication.
- Verification that the UI is acceptable. Since we do everything in a single test function there is no user interaction, this is unrealistic for a real product.
Testing
We wrote a few additional libraries to facilitate testing:
Wallets
bitcoin
module contains a test wallet by way ofbitcoind
.monero
: module contains a test wallet by way ofmonero-wallet-rpc
.
Blockchain harnesses
We have written two harnesses for interacting with bitcoin and monero.
These harnesses wrap interaction with bitcoind
and monerod
/monero-wallet-rpc
.
We use testcontainers-rs to spin up bitcoind
, monerod
, and monero-wallet-rpc
in docker containers during unit/integration testing.