Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • plowsofff-master-patch-80ee
  • plowsofff-master-patch-9312
  • plowsofff-master-patch-05734
  • 56-essaypro
  • revert-5a636149
  • example
7 results
Blame Permalink
h4sh3d-atomic-swap-implementation.md 33.06 KiB 
layout: wip
title: Monero Atomic Swaps implementation funding
author: h4sh3d et al.
date: September, 2020
amount: 2727
milestones:
  - name: M1.A.1 User-facing
    funds: 7% (190.89 XMR)
    done:
    status: unfinished
  - name: M1.A.2 Service internals
    funds: 3.25% (88.6275 XMR)
    done:
    status: unfinished
  - name: M1.B.1 External specification of swap-lib
    funds: 3.25% (88.6275 XMR)
    done:
    status: unfinished
  - name: M1.B.2 Internal specification of swap-lib
    funds: 3.25% (88.6275 XMR)
    done:
    status: unfinished
  - name: M1.C Specification of chain-syncer
    funds: 3.25% (88.6275 XMR)
    done:
    status: unfinished
  - name: M2.A. Cryptographic libraries
    funds: 3.375% (92.03625 XMR)
    done:
    status: unfinished
  - name: M2.B. swap-lib
    funds: 11.25% (306.7875 XMR)
    done:
    status: unfinished
  - name: M2.C. swap-client
    funds: 5.625% (153.39375 XMR)
    done:
    status: unfinished
  - name: M2.D. swap-daemon
    funds: 13.5% (368.145 XMR)
    done:
    status: unfinished
  - name: M2.E. chain-syncers
    funds: 11.25% (306.7875 XMR)
    done:
    status: unfinished
  - name: M3.A.1 xgroup-dleq-lib
    funds: 8.75% (238.6125 XMR)
    done:
    status: unfinished
  - name: M3.A.2 ecdsa-adaptor-sig
    funds: 8.75% (238.6125 XMR)
    done:
    status: unfinished
  - name: M3.B. chain-syncer
    funds: 5.25% (143.1675 XMR)
    done:
    status: unfinished
  - name: M3.C.1 swap-cli
    funds: 3.5% (95.445 XMR)
    done:
    status: unfinished
  - name: M3.C.2 swap-gui
    funds: 5.25% (143.1675 XMR)
    done:
    status: unfinished
  - name: M3.D. swap-daemon
    funds: 3.5% (95.445 XMR)
    done:
    status: unfinished
payouts:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:
  - date:
    amount:

:warning: DIFFERENT CCS RULES ARE IN PLACE FOR THIS PROPOSAL! PLEASE READ THE FOLLOWING! :warning:

As a trial, this CCS proposal is going to operate on slightly different rules
given the unprecedented scope and duration of this proposal. For this proposal
ONLY, refunds will be issued in the event that the funding is not satisfactory
or the milestones are not completed. This differs from the standard of excess or
unused funds going to the general fund.

To qualify for a refund, the donator must send their tx ID, amount, and return
XMR address to luigi1111@getmonero.org (PGP fingerprint:
FE6D D72A 19CD C5FC 6CB9  1696 BA18 1389 4EDD 58B9, full PGP key at
github.com/monero-project/monero/blob/master/utils/gpg_keys/luigi1111.asc) NO
LATER than ONE WEEK after their donation is made. Any remaining unclaimed funds
(in the event that the proposal is not completed) will be sent to the general
fund as usual. If refunds are to be issued, the funds will be returned via the
provided XMR address.

In summary, the funds can be either:

Unclaimed, leading to the general fund receiving them in the case of a failed
proposal.

Claimed within one week of the donation, leading to a refund in the case of a
failed proposal.

Note: The hope is that the refunds will not be needed, and the proposal will get
funded and completed. In the event of proposal completion, refunds will NOT be
issued. It is only if the proposal is not completed or funded to satisfaction,
and ONLY for this proposal.

Monero Atomic Swap implementation funding

Previous CCS: Monero Atomic Swaps research funding

Hi everyone,

Three months ago, I posted a CCS for continuing my research on Monero Atomic Swaps. That research is now complete and the results can be found here. The resulting protocol is implementable today; no more missing crypto! So much so that a PoC was implemented in no time; thank you, kayabaNerve and PlasmaPower! Thus I am reaching out to propose getting a team to work on implementing this protocol, with the end goal of creating a production-ready client/daemon for swapping Bitcoin and Monero. Our design enables to seamlessly extend support for more cryptocurrencies to swap with Monero. It would be very exciting to build that.

You can find the whitepaper that describes the full protocol here.

A ready-to-use implementation requires a lot of engineering work. Here, my colleagues and I attempt to break down the project into manageable parts, describing the dependencies that have to be fulfilled, and the general roadmap of the project.

Motivation

Trustless technologies are now emerging, creating the option of refusing to accept counter-party risk. You can make trades with your enemy, as they can't cheat on you. If you don't have to trust, you don't have to know who they are, either.

It is very unlikely that Monero will get banned by all centralized exchanges, but by having an open source atomic swap implementation, such banning mechanism is inefective, as Monero would still be available to anyone who could acquire Bitcoin, which is ubiquitous, and swap the coins online anonymously, trustlessly, with a random peer. Monero will be more robust than ever.

Bitcoin is traceable. This is used to recognize dirty coins, but also for untargeted surveillance and censorship. Bitcoiners, in need of strong privacy, might recognize the utility of a trustless path with low resistance to convert their bitcoin into monero, and become Monero users.

However, with power comes responsibility, atomic swaps enable users to exchange coins directly with each other. At the same time, if transacted value is significant, honest users MUST carry out their due diligence regarding the origin of the counterparty funds and possibly other anti-money laundering countermeasures, in order to comply with regulations. Trustlessness and no counter-party risk are narrowly defined terms of the atomic-swap literature, that ignores the context whereby the technology is deployed. Bitcoins accumulate dirt in their lifetimes, so swap your monero responsibly, because trustlessly receiving tainted bitcoins is a real counterparty-risk. The counterparties of a swap generate private and blockchain notarized cryptographic proofs of their private agreement, but the court of your jurisdiction might not like that explanation so much.

The crypto-ecosystem is rapidly moving towards interoperability. Atomic swaps unleash interoperability between Monero and other blockchains. Whether a user needs to open a lighting channel from the monero-bitcoin swap or wants to fund an arbitrary bitcoin contract, the swap protocol exposes the interop socket.

This project will also, as a beneficial side-effect, extend the Monero ecosystem in Rust. Multiple libraries are needed to support the full protocol. Most of them are related to cryptography, for example the "Discrete logarithm equality across groups" algorithm described in the MRL-0010 technical note by Sarang Noether (originally proposed by Andrew Poelstra), or directly at the Monero protocol level in the Monero Rust Library.

Our motivation to build this software is to empower individuals and businesses, who want to or need to exchange within a strong security and privacy context using P2P, trustless technologies.

This project has the potential of increasing Monero's liquidity and enabling Monero to get into the hands of more people.

We deem it critical to build this in a manner that fully aligns with the interests of the community. Thus we're reaching out to raise community money, to build this with the community, for the community, enabling the community to preserve its own interests.

What are we building?

We aim to build a collection of programs---similar to programs you are familiar with, such as the Monero daemon, wallet CLI, or wallet GUI---that have limited functionality individually but as a collection, serve the functions an end-user requires. One can launch these swap programs to exchange coins with a counterparty. We call those programs: swap clients (CLI or GUI), the swap daemon (like the Monero daemon), and chain-syncers (connected to full nodes). In the default configuration, this will mean opening the swap client and letting it launch and manage all other programs involved.

For example, if you, as an end-user, want to acquire monero and have bitcoin, you'll launch a swap client that connects to a swap daemon, and connects to a counterparty that has monero and is looking to trade them for bitcoin at an agreed upon price. The swap client will give you an address where to move your bitcoin and, at the end of the swap, the swap client will display the monero key-pair to import into your wallet. You now own monero. If at some point the swap is canceled for any reason, your bitcoin will be refunded at the address you chose, making this exchange trustless.

Connecting to a counterparty will require knowledge of their daemon's address, and the amounts traded (i.e. the price and quantity). Creating a platform such as a DEX, allowing people to find each other and "auto" connect with the correct arguments or negotiate the price, is out-of-scope for this project. Industry standards for such interfaces are yet to emerge.

Overview

R&D Institution: Cryp GmbH

Funding: Monero CCS

Duration: 7 months

Job completion: by Q2 2021

Contributors:

  • h4sh3d
  • kayabaNerve
  • lederstrumpf
  • the charlatan
  • zkao

Licenses: The license for the code will be decided based on community feedback. Our current preference is LGPL-3.0. The specification will be released under CC-BY-4.0.

Expiration date: Funding will remain open until 31.12.2020. If materially underfunded until 31.12.2020, we'll either (1) agree with the community to deliver a subset of the deliverables and collect the funds, or (2) discuss how to re-allocate the funds with the community.

Architecture

The core project will be built in Rust. Rust's good coverage of cryptographic libraries and blockchain protocols, type safety, and language design makes it a very good candidate for such applications (and the prototype is also written in Rust, for the same reasons).

Here we present an overview of the project's architecture. More details of the individual components will be described in a forthcoming section under Deliverables.

The figure represents the general architecture of the swap components and their interactions.

The following table summarizes different aspects of each component.

swap-client swap-daemon chain-syncer
definition a program that controls the daemon and display the current state a program that executes the core protocol in a state machine a program that talks with a specific blockchain
cryptographic keys & secrets private & public public only public only
client/user end-user swap-client, counterparty swap-daemon swap-daemon
availability present at the start and to sign mostly online, channel of communication between parties always online
communicates with swap-daemon swap-client, chain-syncer, counterparty swap-daemon swap-daemon, blockchain
transactions signs creates all transactions, verifies signatures listens for and publishes transactions
protocol-state doesn't understand protocol, but can represent its state understands the protocol, but can't sign doesn't understand protocol

Client/daemon segregation rationale

The rationale behind segregating the client and the daemon is not for security reasons at the moment (the client signs the transactions received from the daemon blindly, implying full trust), but for the flexibility and extensibility added.

Other clients can be created: mobile applications (that also run the daemon in background), heavy or light desktop GUIs, or even scripted/automated backends (e.g. in a business environment).

Future extensibility

The atomic swap protocol is just the first instantiation of a more generic interface to other systems---we aim to build this construction abstractly enough to allow clean extension 1 to future protocols.

Deliverables

Below is a complete list of our deliverables.

Specifications

  • Specification of swap-lib: Specify the interface and the requirements for adding support for a new chain, for one or both templates (Bitcoin-like and Monero-like).
  • Specification of swap-daemon: Specify messages passed between swap-daemon and: swap-client and swap-daemon. These include protocol messages exchanged between swap participants, but also specify the medium of communication of swap-daemon and those components.
  • Specification of chain-syncer: Specify the functionality and interface chain-syncer has to expose in order to permit the swap-daemon to carry out swaps. Specify the type of jobs a chain-syncer has to implement in order to support executing both templates.

Libraries and Components

  • swap-lib: includes stateless libraries that implement the core protocol, without runtime, disk, nor network implementation. Knows how to create and verify all the transactions involved in the protocol: it understands and handles the crypto verification, including adaptor signatures and DLEQ proofs across groups, and contains two templates for the pair of exchanging chains (Bitcoin-like and Monero-like). The goal of swap-lib is to facilitate integration of the base protocol logic of all pairs of chains that implement the two templates, such that adding a new pair, e.g., Litecoin/Monero, only requires implementing Litecoin for the Bitcoin-like template and an ltc-chain-syncer (see below).

    • btc-swap-lib: an implementation for Bitcoin-like template exchanging bitcoin for monero.
    • xmr-swap-lib: an implementation for Monero-like template exchanging monero for bitcoin.

  • swap-daemon: implements a daemon, based on swap-lib, uses chain-syncer as interface to the blockchain world, has the full picture of the state of the cross-chain-swap, as it's aware of the events on both chains and of exchange counterparty protocol messages, it fully understands the protocol, and contains the state machine to execute its respective role in the protocol.

  • swap-client: used by the end-user to enter into the protocol, has access to secret keys, uses the swap-daemon to execute the protocol, and signs transactions when needed. swap-client trusts the daemon completely to execute the protocol on its behalf and to exchange protocol messages with the swap counterparty.

    • swap-cli: end-user CLI client that binds to the daemon for executing swaps and reporting the state of an ongoing swap.
    • swap-gui: minimal end-user GUI client that binds to the daemon for executing swaps and reporting the state of an ongoing swap.

  • chain-syncer: connects and synchronizes the protocol universe to the blockchain universe by following its client's commands (swap-daemon). chain-syncer knows the transactions of interest based on what its client subscribes to and informs the client in case one of its transactions gets reorged away from the main chain. chain-syncer must guarantee to be online during the entire execution of the protocol, and carry out actions on behalf of its clients. It has the ability to play a job and respond with events.

    • btc-chain-syncer: a chain-syncer connected to a Bitcoin full node, it takes jobs such as listening for transaction confirmation or event-driven transaction broadcast.
    • xmr-chain-syncer: a chain-syncer connected to a Monero full node, it takes jobs such as listening for transaction confirmation.

  • xgroup-dleq-lib: a cryptographic library implementing the MRL-0010 technical note. This library must support at least secp256k1 and ed25519 curves. secp256kfun will be used at first to speed-up the development and will later be replaced by a fork of libsecp256k1 and rust-secp256k1. dalek-cryptography will be used for ed25519 cryptography.

  • ecdsa-adaptor-sig: a cryptographic library implementing ECDSA One-time VES over secp256k1. We are looking forward to how "Add ecdsa_adaptor module" evolves and wait on this to add support in rust-secp256k1.