In tuxmain’s original post regarding integration with GNU Taler, (a system which doesnt interest me), it certainly piqued my interest in having the tools available in G1 (I suspect they do exist… however friendly UI/UX may not, yet) to be able to atomic-swap G1 for any other crypto-currency which shares transaction-verification primitives; then I carried on doing my best to explain my understanding of how this might be done (if i understand the well-known construction) in a beautiful language that I regularly destroy, without intent.
Suppose Alice wants to exchange X amount of G1 for Y amount of XYZ from Bob; Bob and Alice both agree to the terms and proceed to execute the swap on two separate blockchains in a trustless manner.
Alice creates and securely guards a secret like « a secret with high entropy » as sha256 input to create a shared hash-output like ‹ ffbf85d522ebf12fc5736ecfde2ed1c335693084b17aad2e8b9449aff87fe4ea ›
Alice publishes a non-standard transaction into the G1 network paying X amount of G1 to an output condition like
(
(SIG(Bob’sPubKey) && XHX(‹ ffbf85d522ebf12fc5736ecfde2ed1c335693084b17aad2e8b9449aff87fe4ea ›))
||
(SIG(Alice’sPubKey) && CSV(Now+48h))
)
…so Bob cannot do anything yet because he doesn’t have the sha256 input which outputs the XHX argument of his condition… however in 48h, Alice WILL be able to spend this transaction back to her G1 pubkey.
Alice informs Bob of the above G1 swap transaction, or better yet, Bob’s G1 wallet notifies him of a confirmed payment IF he can solve the XHX puzzle (and do so within 48hours otherwise it may no longer be unspent).
Bob confirms that the G1 swap transaction exists, and copies the same XHX puzzle so that he can create a complimentary transaction on the XYZ chain challenging Alice to reveal her secret. Bob then publishes his transaction into the XYZ network paying Y amount of XYZ with a similar condition (assuming that similar pseudo-code in XYZ does what happens in G1), it might look like:
(
(SIG(Alice’sXYZAccount) && XHX(‹ ffbf85d522ebf12fc5736ecfde2ed1c335693084b17aad2e8b9449aff87fe4ea ›))
||
(SIG(Bob’sXYZAccount) && CSV(Now+24h))
)
…unlike the first transaction on G1… Alice can immediately spend the XYZ transaction to her XYZ acount, because she can solve the sha256 puzzle… after all, she created the original secret… or, if through bad-faith she decides NOT to spend it immediately… then Bob can recuperate his XYZ tomorrow.
As soon as Alice spends the XYZ transaction, she reveals her solution to the XHX puzzle and Bob can learn this from the public XYZ blockchain, allowing him to use the same solution to spend the original G1 transaction to his G1 pubkey (before 48h), completing the trustless swap.
If the protocol fails to complete after Alice’s first step… she’s lost cash-flow for just 2 days. If the protocol fails to complete after Bob’s first step… same result for Alice and Bob will have lost cash-flow for just 1 day… but each can be made whole as long as they individually follow the protocol (which they both are capable to do) and without requiring trust between Alice and Bob.
Im sure there are much better english explanations of this online… I was just trying to give it a shot in french.
Thanks for reading this far.
Spencer971