Monero-BCH Atomic Swaps

BTC-XMR atomic swaps are now live on their mainnets. I have been talking with some Monero developers about how BCH-XMR atomic swaps could be implemented. They say they do not think it is possible without SegWit.

Is this true? If it isn’t true, then it could be good to demonstrate that BCH can do XMR-BCH atomic swaps without SegWit. However, I am not in a position to implement an atomic swap capability nor even really understand the technical details of how it might be done. I can provide the Monero developer’s discussion contact upon request if there is interest in this.

1 Like

I’m not sure why there’s any fundamental reason it cannot be done without segwit, my best guess is that they might have built their swap implementation for segwit and are unwilling to adapt it for BCH.

A multisig spend is used in the middle of a TX chain, after which a pre-signed TX must be used to recover funds. If the counterparty malleates the multisig spend using an alternative signature, the pre-signed TX will be rendered invalid, making one party unable to claim their funds. After they don’t claim their funds for a long enough period of time, the counterparty is allowed to. This means any attempt at the atomic swap protocol when signatures contribute to the TX ID allows one party to unilaterally steal funds.

I just reread the intended use of Schnorr signatures in regards to BCH and have to say I initially misunderstood it. That is on me. While I have to double check the specifics of Schnorr-usage from Script, a modified set of scripts should theoretically exist enabling this.

Then yes, all third party vectors should no longer exist. I also reviewed PMv3 (relevant thread immediately available), whose detached signatures do still contribute to the TX ID, and noted that despite a brief moment otherwise, they are not intending to introduce further malleability. I also noted the following thread discussing malleability as a whole Transaction malleability: MalFix, SegWit, SIGHASH_NOINPUT, SIGHASH_SPENDANYOUTPUT, etc. It was created a while after the relevant fixes, and is generally ignorable, but I do want to mention it to emphasize why a lack of malleability is so important.

Sorry for initially saying otherwise, and I’ll try to review the exact details of Schnorr-utilizing Scripts later.

I have created a bounty for BCH<>XMR atomic swaps. Right now the bounty is sitting at 1 XMR. You can contribute XMR to the bounty pot here:

2 Likes

Would be cool if it was possible to also contribute using BCH.

1 Like

We could have a parallel BCH bounties system, but there is no central hub for that now, I think. There are a few BCH-based Fiverr-like systems, I believe, although these types of bounties probably aren’t a good fit for it.

Copying from my comment on the bounty website:

I have established a BCH address for donations for this bounty. I will personally custody the funds and release them to whoever completes the bounty requirements. The address is:

bitcoincash:qrm0snx7l9kakt6lmzdpyupwryjktr47au6004uwyp

You can check the total donation amount in this BCH block explorer. The corresponding QR code is also available at this link:

https://blockchair.com/bitcoin-cash/address/qrm0snx7l9kakt6lmzdpyupwryjktr47au6004uwyp

A test transaction to the address is available here (check the OP_RETURN) : https://blockchair.com/bitcoin-cash/transaction/ec1598e29938836825477425dba43e654492adff8e8a6942f9febfa306f26ca5

Statement:

++++++++++++++++++

I, Rucknium, solemnly swear to release these funds to the person or persons who fulfills the requirements for the BCH<>XMR Atomic Swaps bounty at https://bounties.monero.social/posts/37/bch-xmr-atomic-swaps The Times 23/Nov/2021 Hong Kong student Tony Chung jailed for wanting independence

++++++++++++++++++

Signature of the above statement with the private key of bitcoincash:qrm0snx7l9kakt6lmzdpyupwryjktr47au6004uwyp

++++++++++++++++++

H9weHELZUa7rpGQFbUF8YYcU39ojN72GxJnGC3Hy5GqvAq1AcXEgGD4CZIIuLSKlwnX2WFHEliUKSTeu1710kcw=

++++++++++++++++++

1 Like