# MWixnet This is an implementation of @tromp's [CoinSwap Proposal](https://forum.grin.mw/t/mimblewimble-coinswap-proposal/8322) with some slight modifications. A set of n CoinSwap servers (node_i with i=1...n) are agreed upon in advance. They each have a known public key. ### SWAP API The first CoinSwap server (n₁) provides the `swap` API, publicly available for use by GRIN wallets. **jsonrpc:** `2.0` **method:** `swap` **params:** ``` [{ "comsig": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f", "msg": "00010203", "onion": { "commit": "0967593792bc958cd73848c0b948ecab2c6e996ab3c550d462fe41359e447b651f", "data": ["3719e5fba260c71a5a4bcf9d9caa58cd5dc49531388782fae7699c6fa6b30b09fe42"], "pubkey": "020dd38a220280f14515f6901a3a366cb7b87630814e4b68b3189a32df964961e5" } }] ``` ### Data Provisioning #### Inputs * C_in: UTXO commitment to swap * x_in: Blinding factor of C_in * K_1...n: The public keys of all n servers #### Procedure

Choose random x_i for each node n_i and create a Payload (P_i) for each containing x_i
Build a rangeproof for C_n=C_in+(Σx_1...n)*G and include it in payload P_n
Choose random initial ephemeral keypair (r₁, R₁)
Derive remaining ephemeral keypairs such that r_i+1=r_i*Sha256(R_i||s_i) where s_i=ECDH(R_i, K_i)
For each node n_i, use ChaCha20 stream cipher with key=HmacSha256("MWIXNET"||s_i) and nonce "NONCE1234567" to encrypt payloads P_i...n

### Input Validation * Node n₁ verifies that C_in is in the current UTXO set * Node n₁ verifies the commitment signature is valid for C_in, proving ownership of the input ---- `Output derivation`, `Output validation`, `Kernel derivation`, and `Aggregation` steps remain unchanged from the [original design](https://forum.grin.mw/t/mimblewimble-coinswap-proposal/8322)