Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private Atomic Swaps #130

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

martonp
Copy link

@martonp martonp commented Nov 25, 2023

This PR adds the ability to do private atomic swap transactions between BTC and DCR using adaptor signatures. When doing atomic swaps with the original technique of unlocking coins by revealing the pre-image of a hash, the same values would appear on both blockchains, allowing anyone to link the transactions. By using adaptor signatures, this privacy vulnerability is fixed. However, some additional off-chain communication is required between the parties.

Here is some background information on Decred’s Schnorr signature implementation:
https://github.com/decred/dcrd/blob/master/dcrec/secp256k1/schnorr/README.md

Reading this article will help you get familiar with adaptor signatures (specifically read section 3–1. Single signer schnorr Adaptor signature)
https://medium.com/crypto-garage/adaptor-signature-schnorr-signature-and-ecdsa-da0663c2adc4

Decred’s Schnorr signature algorithm is currently not secure for multi-signer adaptor signatures, so the spending condition for the atomic swap contract is a 2-of-2 multisig for which one party knows one of the private keys to spend the contract on each chain. It may be possible to combine a more private MuSig contract on bitcoin with a 2-of-2 multisig on Decred, but this is left for future work. If that is done, it will not only not be possible to link the two transactions, but on Bitcoin, the atomic swap will be indistinguishable from a P2PK transaction.

The sequence of actions to perform a private atomic swap is the following

  • Both parties lock their coins in an atomic swap contract
  • Party A picks a hidden tweak value, and sends a private key tweaked adaptor signature to party B for the signature party B requires to unlock the coins locks by party A
  • Based on this, party B constructs a public key tweaked adaptor sig for the signature required by party A
  • Since party A knows the hidden tweak, they are able to decrypt party B’s adaptor signature, and redeem their coins
  • After seeing the redemption transaction on chain, party B can recover the tweak, decrypt the original adaptor signature party A sent, and redeem their coins

A contract output on Decred is a P2SH output with the following script:

	OP_IF // Normal redeem path
        OP_DUP
		OP_HASH160
	    <counterparty pub key hash>
		OP_EQUALVERIFY
		OP_2
		OP_CHECKSIGALTVERIFY
	OP_ELSE
		<locktime>
		OP_CHECKLOCKTIMEVERIFY
		OP_DROP
	OP_ENDIF
	OP_DUP
	OP_HASH160
	<creator pub key hash>
	OP_EQUALVERIFY
	OP_2
	OP_CHECKSIGALT

On Bitcoin, the contract output is a P2TR output with two possible script paths, and a provably unspendable internal key. One of the script paths is a normal redeem script, and the other is a refund script. Since when spending a taproot output, only one of the scripts are revealed, third parties can only see that a 2-of-2 multisig was spent. If in future work this is improved to use a MuSig internal key, it will seem as if just a P2PK transaction was done. Decred will need an upgrade to its Schnorr signature scheme and to implement taproot before this is possible.

The following is Bitcoin's redeem script:

<creator pub key>
OP_CHECKSIGVERIFY
<counterparty pub key>
OP_CHECKSIG

And the refund script:

<locktime>
OP_CHECKLOCKTIMEVERIFY
OP_DROP
<creator pub key>
OP_CHECKSIG

Below are the steps required to perform a private atomic swap. Party A is trading their 2 DCR for Party B's 1 BTC.

First, party B gets a fresh address from their dcrwallet and sends it to Party A. Party A then uses the lockfunds command
to create a private atomic swap contract on Decred:

% dcratomicswap lockfunds SspPDxwg9wfMwxLvQ79EfwWsW49rtBpAyaB 2 true
Passphrase: 

Contract fee: 0.0000251 DCR (0.00010080 DCR/kB)
Refund fee:   0.000273 DCR (0.00100000 DCR/kB)

Contract (SchZKSF6AoxriKsyfAdRn6wgEHN7fv5EySj):
6376a914dbc112eaae46fd0af651f672398be60a147487b48852bf6704462e6465b1756876a91471d5f7433ef0303d1228a7a3df06afcedff62b188852be

Your pub key: 022833ace8bcc0ba5a05af105a4f8cc8eba53b30fc1d55b948c4cf3b976be203e6

Lock transaction (d0c85826f0e86ad1a117942dbf7b369da1dd5dc1e7257b2490b23dc8b287808e):
010000000189e64c2b196546576d682d8aa90f61762d7033ae7b7c3b7f1f068845d3eb30ca0200000001ffffffff02576bf48d0c00000000001976a9144e8d896f73fa2897af8a9be7c1c12012e243a86f88ac00c2eb0b00000000000017a91449a37ce3516d6a5d3e3c32052753d7db8f73fc04870000000000000000012537e0990c00000000000000ffffffff6a47304402203fa1a7c0f2d05c79b6410afabcbaa286236f88733a36c3138f1e05a6bfc81d3e02202284fe7b71df0a21918d1f4cfa04ae1e27550cbf8936f2b6c1c4d45c25c5f7ab0121032d25686d3cf182d9c730d31d1d51df0eba3523a162f01ea2087f2def8155cec8

Refund transaction (a869f8d7ba60190a2ebf235cfbb610624c7e46fb11c7fb2a4898f3e68a43bd4a):
01000000018e8087b2c83db290247b25e7c15ddda19d367bbf2d9417a1d16ae8f02658c8d0010000000000000000015c57eb0b0000000000001976a91465ec3807bbed33f695795e3c00bb7142faee168488ac462e64650000000001000000000000000000000000ffffffffa441bea523ef816feb3a8124cc7c5c963ea52a04c75a5af9c9ee38702d3acf71b8e86fff2c3ae734b011122a753d73c3aabab19c0dfb75b408152e896517f08589500121022833ace8bcc0ba5a05af105a4f8cc8eba53b30fc1d55b948c4cf3b976be203e6003e6376a914dbc112eaae46fd0af651f672398be60a147487b48852bf6704462e6465b1756876a91471d5f7433ef0303d1228a7a3df06afcedff62b188852be

Publish contract transaction? [y/N] y
Published contract transaction (d0c85826f0e86ad1a117942dbf7b369da1dd5dc1e7257b2490b23dc8b287808e)

Party A sends the contract and the lock trasaction to party B. Also Party A uses the getpubkey command in btcatomicswap to get a valid public key, and sends it to party A. Schnorr signatures require that a public key with an even Y is used. This is why there is a special command to get a public key.

% btcatomicswap getpubkey
02ec94690892d20b170bdf55ee6a00d4cedb1dd3083c4a4e19e90a1950406786cc

Party B then does lockfunds with btcatomicswap:

% btcatomicswap lockfunds 02ec94690892d20b170bdf55ee6a00d4cedb1dd3083c4a4e19e90a1950406786cc 1 false
warning: falling back to mempool relay fee policy
warning: falling back to mempool relay fee policy

Contract fee: 0.0000022 BTC (0.00000576 BTC/kB)
Refund fee:   0.0000013 BTC (0.00000504 BTC/kB)

Redeem swap contract:
208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ad20ec94690892d20b170bdf55ee6a00d4cedb1dd3083c4a4e19e90a1950406786ccac

Refund swap contract:
04dedc6265b175208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ac

Internal key nonce:
bb8c111c3cb53e3fa0852b4fde18213d7545cdfc36f604e87586622c5e1a1e97

Lock tx (fd45c169929016162b580c68d22944c4fdf3aa489eed481827828b497b84047d):
02000000000102abf53e57aa1c372b5d8910b7fe6e12891121de353a3f582c484bac83653540410000000000feffffff64ac7065f3790b53298d5ebdc3755a91de4fc88966f0358a883a426f9752664c0000000000feffffff0200e1f5050000000022512040e5e05b520cb1d25df21e41cf28301deb3707bb49389ef422262c514b8a59e8f2d7f50500000000160014f5ae2a02dce7a6c2df3904513c415957390c346502473044022032b97c2d2980de67cb25cb7ece4bdfcd64975eafbef523f7328698443652f22202200c2a7056bafacd1639dc5fd6a574cdfb0f586a170d769cfa5cacf3930b8381990121024b37478b5ae9d849932b68d7d7cc44e1bc8ad209397984e0b42350a2bed16b630247304402202bac8206f615c70c6983280aad339e2f344f4f99fa64b8c977cbe492eb658f5d022037c4d8e68c0f93543183da8b63875646a76d907f238de65136d38cd1abe99e670121024e709919da9ca6092dc916fb541a15047ae81036a244b1fcb5618a95a7dcd86900000000

Redeem tx (cdcf4ebf5bdf25a937f4cd654057a238cb0d17ba4e26335ae4904b6f8aed35e8):
020000000001017d04847b498b82271848ed9e48aaf3fdc44429d2680c582b1616909269c145fd000000000000000000017ee0f5050000000016001476fadcb22f27bfbbe2a70b55f5ee743b55a1920f03409175519b742743005f6d895278bda1b5c7126db4f6fc31d328d12edc4c12d6c2c28a9987cc19d8a4430b770614b1f9698d9451fda74c77bd04f463531584d9ff2904dedc6265b175208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ac41c0aa7c884d205be4af50a9eb7b666bf923b69c6cc046be5ce919f27556ce0563dc30af9dc0531016bf9951e0341559da1f217dda149efddf2f9698f651f53597fddedc6265

Publish contract transaction? [y/N] y
Published contract transaction (fd45c169929016162b580c68d22944c4fdf3aa489eed481827828b497b84047d)

After recieving all the information about each other's lock transactions, both parties run auditprivatecontract to confirm that
the other party created the contract that was agreed, and then run unsignedredemption to create an unsigned redemption transcation
that the other party can use to create an adaptor signature.

Party A:

% btcatomicswap auditprivatecontract 208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ad20ec94690892d20b170bdf55ee6a00d4cedb1dd3083c4a4e19e90a1950406786ccac 04dedc6265b175208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ac bb8c111c3cb53e3fa0852b4fde18213d7545cdfc36f604e87586622c5e1a1e97 02000000000102abf53e57aa1c372b5d8910b7fe6e12891121de353a3f582c484bac83653540410000000000feffffff64ac7065f3790b53298d5ebdc3755a91de4fc88966f0358a883a426f9752664c0000000000feffffff0200e1f5050000000022512040e5e05b520cb1d25df21e41cf28301deb3707bb49389ef422262c514b8a59e8f2d7f50500000000160014f5ae2a02dce7a6c2df3904513c415957390c346502473044022032b97c2d2980de67cb25cb7ece4bdfcd64975eafbef523f7328698443652f22202200c2a7056bafacd1639dc5fd6a574cdfb0f586a170d769cfa5cacf3930b8381990121024b37478b5ae9d849932b68d7d7cc44e1bc8ad209397984e0b42350a2bed16b630247304402202bac8206f615c70c6983280aad339e2f344f4f99fa64b8c977cbe492eb658f5d022037c4d8e68c0f93543183da8b63875646a76d907f238de65136d38cd1abe99e670121024e709919da9ca6092dc916fb541a15047ae81036a244b1fcb5618a95a7dcd86900000000

Contract value: 1 BTC
Creator PK: 028a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733
Participant PK: 02ec94690892d20b170bdf55ee6a00d4cedb1dd3083c4a4e19e90a1950406786cc
Locktime: 2023-11-26 05:51:26 +0000 UTC
Locktime reached in 23h59m17s
% btcatomicswap unsignedredemption 208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ad20ec94690892d20b170bdf55ee6a00d4cedb1dd3083c4a4e19e90a1950406786ccac 04dedc6265b175208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ac bb8c111c3cb53e3fa0852b4fde18213d7545cdfc36f604e87586622c5e1a1e97 02000000000102abf53e57aa1c372b5d8910b7fe6e12891121de353a3f582c484bac83653540410000000000feffffff64ac7065f3790b53298d5ebdc3755a91de4fc88966f0358a883a426f9752664c0000000000feffffff0200e1f5050000000022512040e5e05b520cb1d25df21e41cf28301deb3707bb49389ef422262c514b8a59e8f2d7f50500000000160014f5ae2a02dce7a6c2df3904513c415957390c346502473044022032b97c2d2980de67cb25cb7ece4bdfcd64975eafbef523f7328698443652f22202200c2a7056bafacd1639dc5fd6a574cdfb0f586a170d769cfa5cacf3930b8381990121024b37478b5ae9d849932b68d7d7cc44e1bc8ad209397984e0b42350a2bed16b630247304402202bac8206f615c70c6983280aad339e2f344f4f99fa64b8c977cbe492eb658f5d022037c4d8e68c0f93543183da8b63875646a76d907f238de65136d38cd1abe99e670121024e709919da9ca6092dc916fb541a15047ae81036a244b1fcb5618a95a7dcd86900000000 

Redeem fee: 0.00000153 BTC (0.00001866 BTC/kB)

Unsigned redemption:
02000000017d04847b498b82271848ed9e48aaf3fdc44429d2680c582b1616909269c145fd0000000000ffffffff0167e0f50500000000160014afcba2357512ba071417945119d96a815dc699a000000000

Party B:

% dcratomicswap auditprivatecontract 6376a914dbc112eaae46fd0af651f672398be60a147487b48852bf6704462e6465b1756876a91471d5f7433ef0303d1228a7a3df06afcedff62b188852be 010000000189e64c2b196546576d682d8aa90f61762d7033ae7b7c3b7f1f068845d3eb30ca0200000001ffffffff02576bf48d0c00000000001976a9144e8d896f73fa2897af8a9be7c1c12012e243a86f88ac00c2eb0b00000000000017a91449a37ce3516d6a5d3e3c32052753d7db8f73fc04870000000000000000012537e0990c00000000000000ffffffff6a47304402203fa1a7c0f2d05c79b6410afabcbaa286236f88733a36c3138f1e05a6bfc81d3e02202284fe7b71df0a21918d1f4cfa04ae1e27550cbf8936f2b6c1c4d45c25c5f7ab0121032d25686d3cf182d9c730d31d1d51df0eba3523a162f01ea2087f2def8155cec8

Contract address: SchZKSF6AoxriKsyfAdRn6wgEHN7fv5EySj
Contract value: 2 DCR
Creator address: SsejBND6nmBwXnTPtwPsGGdJUUMGXA1MxBN
Participant address: SspPDxwg9wfMwxLvQ79EfwWsW49rtBpAyaB
Locktime: 2023-11-27 05:51:02 +0000 UTC
Locktime reached in 47h59m17s
% dcratomicswap unsignedredemption 6376a914dbc112eaae46fd0af651f672398be60a147487b48852bf6704462e6465b1756876a91471d5f7433ef0303d1228a7a3df06afcedff62b188852be 010000000189e64c2b196546576d682d8aa90f61762d7033ae7b7c3b7f1f068845d3eb30ca0200000001ffffffff02576bf48d0c00000000001976a9144e8d896f73fa2897af8a9be7c1c12012e243a86f88ac00c2eb0b00000000000017a91449a37ce3516d6a5d3e3c32052753d7db8f73fc04870000000000000000012537e0990c00000000000000ffffffff6a47304402203fa1a7c0f2d05c79b6410afabcbaa286236f88733a36c3138f1e05a6bfc81d3e02202284fe7b71df0a21918d1f4cfa04ae1e27550cbf8936f2b6c1c4d45c25c5f7ab0121032d25686d3cf182d9c730d31d1d51df0eba3523a162f01ea2087f2def8155cec8

Redeem Fee: 0.000375 DCR (0.00100000 DCR/kB)
Unsigned redemption tx bytes:
01000000018e8087b2c83db290247b25e7c15ddda19d367bbf2d9417a1d16ae8f02658c8d00100000000ffffffff01842feb0b0000000000001976a9147a1b7d541ca7805c92b7a2274d008b9280da0fe088ac000000000000000001000000000000000000000000ffffffff00

Now, Party A is ready to create an adaptor signature with initiatadaptor. Only the Adaptor Sig is sent to Party B, if the tweak is sent to party B they can take all the funds.

% dcratomicswap initiateadaptor 6376a914dbc112eaae46fd0af651f672398be60a147487b48852bf6704462e6465b1756876a91471d5f7433ef0303d1228a7a3df06afcedff62b188852be 010000000189e64c2b196546576d682d8aa90f61762d7033ae7b7c3b7f1f068845d3eb30ca0200000001ffffffff02576bf48d0c00000000001976a9144e8d896f73fa2897af8a9be7c1c12012e243a86f88ac00c2eb0b00000000000017a91449a37ce3516d6a5d3e3c32052753d7db8f73fc04870000000000000000012537e0990c00000000000000ffffffff6a47304402203fa1a7c0f2d05c79b6410afabcbaa286236f88733a36c3138f1e05a6bfc81d3e02202284fe7b71df0a21918d1f4cfa04ae1e27550cbf8936f2b6c1c4d45c25c5f7ab0121032d25686d3cf182d9c730d31d1d51df0eba3523a162f01ea2087f2def8155cec8 01000000018e8087b2c83db290247b25e7c15ddda19d367bbf2d9417a1d16ae8f02658c8d00100000000ffffffff01842feb0b0000000000001976a9147a1b7d541ca7805c92b7a2274d008b9280da0fe088ac000000000000000001000000000000000000000000ffffffff00

Adaptor Sig:
e7d4dba1d6f3bb191d834a8ad1a32a97be6db59259954401d15be887ad4f4c0fe726cf4a0b819053e1928403498da5ff0d8a8ef244e642dce5f6a76591012e8e95000ab94a0d2fb50abd2618175c55d16cc5a3336cd06a91debff07148e7dfbf8a02aebcb905797123be610796eeb5f435a033c80cc57c8f99b72f9d06c131cd00

Tweak:
6b0440650a81638e3359e61b8062148b0f9550e7ebedda68a38fd8a73c255c50

Party B then verifies the adaptor sig using verifyadaptor, and if it is valid, creates their own adaptor sig using participateadaptor and sends it to Party A.

% dcratomicswap verifyadaptor 6376a914dbc112eaae46fd0af651f672398be60a147487b48852bf6704462e6465b1756876a91471d5f7433ef0303d1228a7a3df06afcedff62b188852be e7d4dba1d6f3bb191d834a8ad1a32a97be6db59259954401d15be887ad4f4c0fe726cf4a0b819053e1928403498da5ff0d8a8ef244e642dce5f6a76591012e8e95000ab94a0d2fb50abd2618175c55d16cc5a3336cd06a91debff07148e7dfbf8a02aebcb905797123be610796eeb5f435a033c80cc57c8f99b72f9d06c131cd00 022833ace8bcc0ba5a05af105a4f8cc8eba53b30fc1d55b948c4cf3b976be203e6 01000000018e8087b2c83db290247b25e7c15ddda19d367bbf2d9417a1d16ae8f02658c8d00100000000ffffffff01842feb0b0000000000001976a9147a1b7d541ca7805c92b7a2274d008b9280da0fe088ac000000000000000001000000000000000000000000ffffffff00

Adaptor sig is valid!
% btcatomicswap participateadaptor 208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ad20ec94690892d20b170bdf55ee6a00d4cedb1dd3083c4a4e19e90a1950406786ccac 04dedc6265b175208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ac bb8c111c3cb53e3fa0852b4fde18213d7545cdfc36f604e87586622c5e1a1e97 02000000000102abf53e57aa1c372b5d8910b7fe6e12891121de353a3f582c484bac83653540410000000000feffffff64ac7065f3790b53298d5ebdc3755a91de4fc88966f0358a883a426f9752664c0000000000feffffff0200e1f5050000000022512040e5e05b520cb1d25df21e41cf28301deb3707bb49389ef422262c514b8a59e8f2d7f50500000000160014f5ae2a02dce7a6c2df3904513c415957390c346502473044022032b97c2d2980de67cb25cb7ece4bdfcd64975eafbef523f7328698443652f22202200c2a7056bafacd1639dc5fd6a574cdfb0f586a170d769cfa5cacf3930b8381990121024b37478b5ae9d849932b68d7d7cc44e1bc8ad209397984e0b42350a2bed16b630247304402202bac8206f615c70c6983280aad339e2f344f4f99fa64b8c977cbe492eb658f5d022037c4d8e68c0f93543183da8b63875646a76d907f238de65136d38cd1abe99e670121024e709919da9ca6092dc916fb541a15047ae81036a244b1fcb5618a95a7dcd86900000000 02000000017d04847b498b82271848ed9e48aaf3fdc44429d2680c582b1616909269c145fd0000000000ffffffff0167e0f50500000000160014afcba2357512ba071417945119d96a815dc699a000000000 e7d4dba1d6f3bb191d834a8ad1a32a97be6db59259954401d15be887ad4f4c0fe726cf4a0b819053e1928403498da5ff0d8a8ef244e642dce5f6a76591012e8e95000ab94a0d2fb50abd2618175c55d16cc5a3336cd06a91debff07148e7dfbf8a02aebcb905797123be610796eeb5f435a033c80cc57c8f99b72f9d06c131cd00

Adaptor signature: 38df09c58cb6fe0a37525fdf82a05cb1fe81d9d228dcf08eae5bd57cf34eda7a0cec5418dd2bbc35db24191b4b8e83c3b0fcd5abfbb2dbbf21fef83fe5645ccb95000ab94a0d2fb50abd2618175c55d16cc5a3336cd06a91debff07148e7dfbf8a02aebcb905797123be610796eeb5f435a033c80cc57c8f99b72f9d06c131cd01

Now, Party A, with their tweak is able to decrypt Party B's adaptor signature and redeem the atomic swap using privateredeem:

% btcatomicswap privateredeem 208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ad20ec94690892d20b170bdf55ee6a00d4cedb1dd3083c4a4e19e90a1950406786ccac 04dedc6265b175208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ac bb8c111c3cb53e3fa0852b4fde18213d7545cdfc36f604e87586622c5e1a1e97 02000000000102abf53e57aa1c372b5d8910b7fe6e12891121de353a3f582c484bac83653540410000000000feffffff64ac7065f3790b53298d5ebdc3755a91de4fc88966f0358a883a426f9752664c0000000000feffffff0200e1f5050000000022512040e5e05b520cb1d25df21e41cf28301deb3707bb49389ef422262c514b8a59e8f2d7f50500000000160014f5ae2a02dce7a6c2df3904513c415957390c346502473044022032b97c2d2980de67cb25cb7ece4bdfcd64975eafbef523f7328698443652f22202200c2a7056bafacd1639dc5fd6a574cdfb0f586a170d769cfa5cacf3930b8381990121024b37478b5ae9d849932b68d7d7cc44e1bc8ad209397984e0b42350a2bed16b630247304402202bac8206f615c70c6983280aad339e2f344f4f99fa64b8c977cbe492eb658f5d022037c4d8e68c0f93543183da8b63875646a76d907f238de65136d38cd1abe99e670121024e709919da9ca6092dc916fb541a15047ae81036a244b1fcb5618a95a7dcd86900000000 38df09c58cb6fe0a37525fdf82a05cb1fe81d9d228dcf08eae5bd57cf34eda7a0cec5418dd2bbc35db24191b4b8e83c3b0fcd5abfbb2dbbf21fef83fe5645ccb95000ab94a0d2fb50abd2618175c55d16cc5a3336cd06a91debff07148e7dfbf8a02aebcb905797123be610796eeb5f435a033c80cc57c8f99b72f9d06c131cd01 02000000017d04847b498b82271848ed9e48aaf3fdc44429d2680c582b1616909269c145fd0000000000ffffffff0167e0f50500000000160014afcba2357512ba071417945119d96a815dc699a000000000 6b0440650a81638e3359e61b8062148b0f9550e7ebedda68a38fd8a73c255c50
Publish redeem transaction? [y/N] y
Published redeem transaction (d0388cb031f1497afc09ceb0cb3d5d010aeb09a21535144bb9fe18c4ce043ecf)

Party B, checks the block explorer, and when they see that Party A has done their redemption, Party B uses Party A's redemption
transaction and the adaptor signature they created to extract the tweak. This is done with the extracttweak command. Then with
knowledge of the tweak, they can redeem the atomic swap.

% btcatomicswap extractextracttweak 020000000001017d04847b498b82271848ed9e48aaf3fdc44429d2680c582b1616909269c145fd0000000000ffffffff0167e0f50500000000160014afcba2357512ba071417945119d96a815dc699a00440d34a2bb097f7613383daaa781a4c047050faaa3261471ea65739a1677750af987a4f6470f7caf3f70cda323d208ecacf0059e5e3cd022aaa6697bfae7ee3269a4038df09c58cb6fe0a37525fdf82a05cb1fe81d9d228dcf08eae5bd57cf34eda7a77f0947de7ad1fc40e7dff36cbf0984ec0922693e7a0b627c58ed0e72189b91b44208a52c8d8513bc7bf46af22a334325a5748761488dc19716f94afdd17ffd80733ad20ec94690892d20b170bdf55ee6a00d4cedb1dd3083c4a4e19e90a1950406786ccac41c0aa7c884d205be4af50a9eb7b666bf923b69c6cc046be5ce919f27556ce0563dc891d19793000c4cd15ebd9dab06585f2cc42c333bc381c9dadd8e0c1f21b72b200000000 38df09c58cb6fe0a37525fdf82a05cb1fe81d9d228dcf08eae5bd57cf34eda7a0cec5418dd2bbc35db24191b4b8e83c3b0fcd5abfbb2dbbf21fef83fe5645ccb95000ab94a0d2fb50abd2618175c55d16cc5a3336cd06a91debff07148e7dfbf8a02aebcb905797123be610796eeb5f435a033c80cc57c8f99b72f9d06c131cd01

Tweak: 6b0440650a81638e3359e61b8062148b0f9550e7ebedda68a38fd8a73c255c50
% dcratomicswap privateredeem 6376a914dbc112eaae46fd0af651f672398be60a147487b48852bf6704462e6465b1756876a91471d5f7433ef0303d1228a7a3df06afcedff62b188852be 010000000189e64c2b196546576d682d8aa90f61762d7033ae7b7c3b7f1f068845d3eb30ca0200000001ffffffff02576bf48d0c00000000001976a9144e8d896f73fa2897af8a9be7c1c12012e243a86f88ac00c2eb0b00000000000017a91449a37ce3516d6a5d3e3c32052753d7db8f73fc04870000000000000000012537e0990c00000000000000ffffffff6a47304402203fa1a7c0f2d05c79b6410afabcbaa286236f88733a36c3138f1e05a6bfc81d3e02202284fe7b71df0a21918d1f4cfa04ae1e27550cbf8936f2b6c1c4d45c25c5f7ab0121032d25686d3cf182d9c730d31d1d51df0eba3523a162f01ea2087f2def8155cec8 e7d4dba1d6f3bb191d834a8ad1a32a97be6db59259954401d15be887ad4f4c0fe726cf4a0b819053e1928403498da5ff0d8a8ef244e642dce5f6a76591012e8e95000ab94a0d2fb50abd2618175c55d16cc5a3336cd06a91debff07148e7dfbf8a02aebcb905797123be610796eeb5f435a033c80cc57c8f99b72f9d06c131cd00 022833ace8bcc0ba5a05af105a4f8cc8eba53b30fc1d55b948c4cf3b976be203e6 01000000018e8087b2c83db290247b25e7c15ddda19d367bbf2d9417a1d16ae8f02658c8d00100000000ffffffff01842feb0b0000000000001976a9147a1b7d541ca7805c92b7a2274d008b9280da0fe088ac000000000000000001000000000000000000000000ffffffff00 6b0440650a81638e3359e61b8062148b0f9550e7ebedda68a38fd8a73c255c50 
Publish redeem transaction? [y/N] y
Published redeem transaction (8235fcb810ba3dc2c80923953b1d8175b94bec6b6036ee7914e95addaa270773)

Introduces private atomic swaps between DCR and BTC.
@dev-warrior777
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants