mwixnet/README.md
2021-11-12 23:23:22 -05:00

2.3 KiB

MWixnet

This is an implementation of @tromp's CoinSwap Proposal with some slight modifications.

A set of n CoinSwap servers (nodei with i=1...n) are agreed upon in advance. They each have a known public key.

SWAP API

The first CoinSwap server (n1) provides the swap API, publicly available for use by GRIN wallets.

jsonrpc: 2.0 method: swap params:

[{
    "comsig": "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f",
    "msg": "00010203",
    "onion": {
        "commit": "0967593792bc958cd73848c0b948ecab2c6e996ab3c550d462fe41359e447b651f",
        "data": ["3719e5fba260c71a5a4bcf9d9caa58cd5dc49531388782fae7699c6fa6b30b09fe42"],
        "pubkey": "020dd38a220280f14515f6901a3a366cb7b87630814e4b68b3189a32df964961e5"
    }
}]

Data Provisioning

Inputs

  • Cin: UTXO commitment to swap
  • xin: Blinding factor of Cin
  • K1...n: The public keys of all n servers

Procedure

  1. Choose random xi for each node ni and create a Payload (Pi) for each containing xi
  2. Build a rangeproof for Cn=Cin+(Σx1...n)*G and include it in payload Pn
  3. Choose random initial ephemeral keypair (r1, R1)
  4. Derive remaining ephemeral keypairs such that ri+1=ri*Sha256(Ri||si) where si=ECDH(Ri, Ki)
  5. For each node ni, use ChaCha20 stream cipher with key=HmacSha256("MWIXNET"||si) and nonce "NONCE1234567" to encrypt payloads Pi...n

Input Validation

  • Node n1 verifies that Cin is in the current UTXO set
  • Node n1 verifies the commitment signature is valid for Cin, proving ownership of the input

Output derivation, Output validation, Kernel derivation, and Aggregation steps remain unchanged from the original design