Atomic Swaps
Atomic swap is a simple technique to exchange/swap the ownership of assets present in 2 completely different blockchains.
Let’s consider an example where Alice, who owns 1 BTC, wants to exchange it for 1 DOGE owned by Bob.
If Alice and Bob trust each other, then Alice could just authorise (using her signature) of 1 BTC to Bob’s address in Bitcoin network, followed by Bob signing a transfer of 1 DOGE to Alice in the Doge network.
But if Alice doesn’t trust Bob, then how could they exchange the assets in a safe way?
The Swap Protocol
Alice first generates a secret key, doesn’t share it with anyone yet!
Alice then signs a transfer of 1 BTC to Bob’s address, but locks it with hash of the secret she generated.
Alice publishes this transaction to the bitcoin network, So technically Bob is the owner of the 1 BTC (UTXO) but cannot really use/claim it without knowing the secret key.
Alice also generates a “time locked multisig refund transaction” and requests bob to sign it, the input UTXO for this transaction is the UTXO generated in the previous step, so if Alice publishes this transaction, then she could get her 1BTC back!
But she can’t publish it until a particular time period has passed. even if she does,the nodes in the network will not add it to the block until the time period set on the transaction has expired.
The refund transaction acts like an escrow for Alice, she can publish it and get her 1BTC back if she changes her mind or if Bob doesn’t transfer her the 1 DOGE
Bob also follows a very similar protocol, he creates a transaction in the DOGE network to transfer the ownership of 1 DOGE to Alice, but locks it with the same hash that Alice generated using her secret key!
Note that Bob doesn’t know the secret, he only needs the hash of the secret in order to create and lock the transaction!
But before publishing this transaction, he also generates a time locked multisig refund transaction and requests Alice to sign it, this is again to make sure he could get the 1DOGE back just in case Alice doesn’t complete the swap on time.
Now it’s time for Alice to claim ownership of the UTXO with 1DOGE, She can only claim/use the UTXO by providing the secret key!
The moment she publishes this transaction, the secret key is not secret anymore! it’s visible in the blockchain for everyone to see including Bob!
But that’s not a problem, nobody else can use this secret to claim ownership of the UTXO generated by Alice, because the target address of that UTXO is assigned to Bob, so only Bob can claim the UTXO using the key.
Now, Bob will use the same key and move the UTXO that has 1 BTC to any of his other wallet.
This completes the swap, and they both walk away! the refund transactions become invalid and will not be accepted by the network even if it’s published.
But this is the happy scenario, where both Alice and Bob follow the protocol correctly — but what if Alice never claims the UTXO that Bob generated in step 4?
Bob will wait for the time lock on his refund UTXO to expire and he will publish it to the network which will get his 1 DOGE back.
Same way, if Bob doesn’t generate his deposit transaction of 1DOGE to Alice, then Alice will wait for the time lock to expire on her refund transaction that she generated, after which she can publish it to the network and get her 1 BTC back.
The time period set on both the refund transactions should be carefully chosen to allow sufficient interval between the two
The expiry time of Alice’s refund transaction should be well past the expiry time of Bob’s refund transaction!
This makes sure that Alice doesn’t claim the 1 DOGE at the very last moment and also publish her refund transaction and walk away with both 1 BTC and 1 DOGE.
She has to claim the 1 DOGE before the refund of 1 DOGE expires, which will give bob enough time ( ∆T) to use the now publicly available secret and claim his 1 BTC making the refund UTXO of 1 BTC unusable for Alice!
