Monero-BCH Atomic Swaps

BTC-XMR atomic swaps are now live on their mainnets. I have been talking with some Monero developers about how BCH-XMR atomic swaps could be implemented. They say they do not think it is possible without SegWit.

Is this true? If it isn’t true, then it could be good to demonstrate that BCH can do XMR-BCH atomic swaps without SegWit. However, I am not in a position to implement an atomic swap capability nor even really understand the technical details of how it might be done. I can provide the Monero developer’s discussion contact upon request if there is interest in this.

1 Like

I’m not sure why there’s any fundamental reason it cannot be done without segwit, my best guess is that they might have built their swap implementation for segwit and are unwilling to adapt it for BCH.

A multisig spend is used in the middle of a TX chain, after which a pre-signed TX must be used to recover funds. If the counterparty malleates the multisig spend using an alternative signature, the pre-signed TX will be rendered invalid, making one party unable to claim their funds. After they don’t claim their funds for a long enough period of time, the counterparty is allowed to. This means any attempt at the atomic swap protocol when signatures contribute to the TX ID allows one party to unilaterally steal funds.

I just reread the intended use of Schnorr signatures in regards to BCH and have to say I initially misunderstood it. That is on me. While I have to double check the specifics of Schnorr-usage from Script, a modified set of scripts should theoretically exist enabling this.

Then yes, all third party vectors should no longer exist. I also reviewed PMv3 (relevant thread immediately available), whose detached signatures do still contribute to the TX ID, and noted that despite a brief moment otherwise, they are not intending to introduce further malleability. I also noted the following thread discussing malleability as a whole Transaction malleability: MalFix, SegWit, SIGHASH_NOINPUT, SIGHASH_SPENDANYOUTPUT, etc. It was created a while after the relevant fixes, and is generally ignorable, but I do want to mention it to emphasize why a lack of malleability is so important.

Sorry for initially saying otherwise, and I’ll try to review the exact details of Schnorr-utilizing Scripts later.