mirror of
https://github.com/mimblewimble/mwixnet.git
synced 2025-01-20 19:11:09 +03:00
2.3 KiB
2.3 KiB
MWixnet
This is an implementation of @tromp's CoinSwap Proposal with some slight modifications.
A set of n CoinSwap servers (nodei with i=1...n) are agreed upon in advance. They each have a known public key.
SWAP API
The first CoinSwap server (n1) provides the swap
API, publicly available for use by GRIN wallets.
jsonrpc: 2.0
method: swap
params:
[{
"comsig": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f",
"msg": "00010203",
"onion": {
"commit": "0967593792bc958cd73848c0b948ecab2c6e996ab3c550d462fe41359e447b651f",
"data": ["3719e5fba260c71a5a4bcf9d9caa58cd5dc49531388782fae7699c6fa6b30b09fe42"],
"pubkey": "020dd38a220280f14515f6901a3a366cb7b87630814e4b68b3189a32df964961e5"
}
}]
Data Provisioning
Inputs
- Cin: UTXO commitment to swap
- xin: Blinding factor of Cin
- K1...n: The public keys of all n servers
Procedure
- Choose random xi for each node ni and create a Payload (Pi) for each containing xi
- Build a rangeproof for Cn=Cin+(Σx1...n)*G and include it in payload Pn
- Choose random initial ephemeral keypair (r1, R1)
- Derive remaining ephemeral keypairs such that ri+1=ri*Sha256(Ri||si) where si=ECDH(Ri, Ki)
- For each node ni, use ChaCha20 stream cipher with key=HmacSha256("MWIXNET"||si) and nonce "NONCE1234567" to encrypt payloads Pi...n
Input Validation
- Node n1 verifies that Cin is in the current UTXO set
- Node n1 verifies the commitment signature is valid for Cin, proving ownership of the input
Output derivation
, Output validation
, Kernel derivation
, and Aggregation
steps remain unchanged from the original design