Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Merits 2 from 2 users
Re: Trying to get a deeper understanding of atomic swaps
by
Kallisteiros
on 21/07/2018, 21:21:47 UTC
⭐ Merited by danda (1) ,ETFbitcoin (1)
Quote from: noobWithAComputer on July 16, 2018, 12:43:59 PM
  • Why are there so many different types? Is it compatibility with other chains? Or what?
Different implementations of the same idea

Quote
  • What are the differences between these types (besides length and hashing algorithm)?
Type 1 stands out by its first instructions, ensuring the supplied secret preimage to the puzzle hash is 32 (0x20) bytes in length. It's there to mitigate the attack described here: https://gist.github.com/markblundeberg

Type 2a appears to be broken, couldn't figure this one out. It tries to compare hash160(puzzle_hash) == pubkey_hash1, with both values in the same script, which doesn't make sense.

Type 2b is the most straightforward. If sha256 of preimage matches the hash and signed by Bob, or timelock is unlocked and signed by Alice, allow to spend the output.

Type 3 is equivalent to 2b, except it uses ripemd160 puzzle instead of sha256.

Type 4a just swaps the conditions, which doesn't affect anything (except the switch value you put that will decide which branch of OP_IF will be executed). Plus, as in Type 1, it puts constraints on the secret preimage's size. You got the labels here wrong, by the way, and should be swapped.

Type 4b is the same as 4a, minus the size check.

Type 5a uses CHECKSEQUENCEVERIFY instead of CHECKLOCKTIMEVERIFY, which is a minor difference. If you're at block 500, and you want to lock the coins until block 530, you can either say "530 CHECKLOCKTIMEVERIFY" or "30 CHECKSEQUENCEVERIFY" (I might have made an off-by-one error here though, check the BIP for the exact usage).

Type 5b: the only difference with 5a is timelock value size (instead of 4 byte integer, you can have it in a more compact form with only 1 byte integer, which will give you a lock period of up to 256 blocks).

Type 6: is exactly like Type 4b, only it uses a shorthand for pushing the timelock value. You also got the labels backwards here, swap with .

Type 7 and 8: as you correctly noticed, they use several puzzles at once. Got no idea why. Maybe it has something to do with the puzzle datatype size constraints on the altcoin side of the exchange.


Quote
  • What are the advantages and disadvantages of these types?
They appear to be slight modifications of each other, primarily on the order of conditions, sometimes with additional verifications to avoid certain types of attacks.

Quote
  • Why are there so many HTLCs on LTC and so few on BTC?
LTC block time is much less than BTC's. Since atomic swaps is still an experimental technology, it makes sense to test them on a faster chain, paired with some other altcoin having the comparatively fast block time.

Quote
  • Do you know other such HTLC scripts?
Well, you scanned the whole blockchain, have you found any other type yet?  Smiley

Quote
  • Can you provide interesting resources on this topic?
My advice would be to learn how to read Bitcoin scripts, that way you will be able to understand what they do and how they compare to each other. You can start here: https://en.bitcoin.it/wiki/Script, or you can go deep into the guts of interpreter.cpp, where the actual magic happens.