MWixnet

This is an implementation of @tromp's CoinSwap Proposal with some slight modifications.

A set of n CoinSwap servers (node_i with i=1...n) are agreed upon in advance. They each have a known public key.

SWAP API

The first CoinSwap server (n₁) provides the swap API, publicly available for use by GRIN wallets.

jsonrpc: 2.0 method: swap params:

[{
    "comsig": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f",
    "msg": "00010203",
    "onion": {
        "commit": "0967593792bc958cd73848c0b948ecab2c6e996ab3c550d462fe41359e447b651f",
        "data": ["3719e5fba260c71a5a4bcf9d9caa58cd5dc49531388782fae7699c6fa6b30b09fe42"],
        "pubkey": "020dd38a220280f14515f6901a3a366cb7b87630814e4b68b3189a32df964961e5"
    }
}]

Data Provisioning

Inputs

• C_in: UTXO commitment to swap
• x_in: Blinding factor of C_in
• K_1...n: The public keys of all n servers

Procedure

1. Choose random x_i for each node n_i and create a Payload (P_i) for each containing x_i
2. Build a rangeproof for C_n=C_in+(Σx_1...n)*G and include it in payload P_n
3. Choose random initial ephemeral keypair (r₁, R₁)
4. Derive remaining ephemeral keypairs such that r_i+1=r_i*Sha256(R_i||s_i) where s_i=ECDH(R_i, K_i)
5. For each node n_i, use ChaCha20 stream cipher with key=HmacSha256("MWIXNET"||s_i) and nonce "NONCE1234567" to encrypt payloads P_i...n

Input Validation

• Node n₁ verifies that C_in is in the current UTXO set
• Node n₁ verifies the commitment signature is valid for C_in, proving ownership of the input

---

Output derivation, Output validation, Kernel derivation, and Aggregation steps remain unchanged from the original design