ef3dd40b2a
async/await and reorg protection |
||
---|---|---|
doc | ||
onion | ||
src | ||
tests | ||
.gitignore | ||
Cargo.lock | ||
Cargo.toml | ||
LICENSE | ||
README.md | ||
rustfmt.toml |
MWixnet
This is an implementation of @tromp's CoinSwap Proposal with some slight modifications.
A set of n CoinSwap servers (Ni with i=1...n) are agreed upon in advance. They each have a known public key.
We refer to the first server (N1) as the "Swap Server." This is the server that wallets can submit their coinswaps too.
We refer to the remaining servers (N2...Nn) as "Mixers."
Setup
init-config
To setup a new server, run mwixnet init-config
. Then enter a password for the server key when prompted.
This will generate a key for the server and then create a new config file named mwixnet-config.toml
in the current working directory.
The configuration file will contain the private key of the server encrypted with the server password you provided.
Back this config file up! It's the only copy of the server's private key!
Wallet
A grin-wallet account must be created for receiving extra mwixnet fees. The wallet's owner API should be available (run grin-wallet owner_api
).
Usage
With your wallet and fully synced node both online and listening at the addresses configured, the mwixnet server can be started by running mwixnet
and providing the server key password and wallet password when prompted.
SWAP API
The Swap Server (N1) provides the swap
API, which is publicly available for use by GRIN wallets.
jsonrpc: 2.0
method: swap
params:
[{
"comsig": "0835f4b8b9cd286c9e35475f575c3e4ae71ceb4ff36598504662627afd628a17d6ba7dedb1aa4c47f0fabad026b76fc86d06f3bef8d0621b8ac4601d4b1b98401586ca3374a401508f32049212478ae91cfa474dfaa5ef2c3dd559d5a292e02334",
"onion": {
"commit": "099a8922343f242dd3da29935ba5bbc7e38bf68eccfb8c96aec87aec0535199139",
"data":[
"758bc7339edfe8a1f117ef2ef02de58b33d99e820ffd2c21a3d108f4cbdadfbcbc061b705fc351ae2fb34a855bb64180fe8b4913ea13b3bf826773e4b293166cdad1fdf59cadd7d33f73a8f3fc0f339a849f9c505c573d8cc2f006082d8f5bf2c2c84c18d5873a821d9f60bcdd44cf0566d04d761a1eda005cd19ab0b1c593da4656dd2a09322fe1d725f61e8855c927844ec9e80b9260a58012f7c519c5ca3d9b192ab1104d30ac09fb844bd7f692214e5cf0f6cdf1477c20708c2f3ecb098dce6be661907593918840b0fe8eb5043996dace45f2fb66e8f1e2a732035b4e6447b8904f313badebcba99f75c003e297d8dd815915f534dfa7ed416af0c415b60d2a0186752af6af33b781f31fdd3016aeee3bd2e47743fe2ce391b3354b9036b56ec38ed7539adafbc96bef1dbaf354a805b03ac0df7a0d32cff91716926bce68c8ccebb607340f2ffe09c08a9c9fd282ea19b33c69107ed5c54d4872eb0ed83c38d7e07606722069d7709fb914e1e02ea23323f3ae9252902dbfa6f15bd83a3f64587c9ae23aaf96b2a95e1341da12a6e423cf95375184752e10c1dd1a599db74ac0c3d74ec270c589f6a3bdd0877eb986d9a58a8548b917e22bfb93a4a06c36d7cad8d4a8791a8d1e1dc683429b440b136c43ad2f664dafc5156b808050a3c4d28771877d3f1d3a9daa2585eae259aaa64745c6cd260f577e538e27be3c985db41b7c456b63c5b18d7d17420a277d4abc04ae892ceb26940b09fb322445846c14898f5f59305490b1338c56384cd0c7bf5950a0a403aec4d2c2f5e2378b5eb7b1e7fcdbd8d6cc547f3b5a372b22e50e37d858bb197392a10fb9e6e292d6ed6bd8eab1fef7f2d069b6250a0e3e597ccf9a062e04b68821f5c57328ddab775d141147b71c1764c911bad03d8b88e2e62034bc899395514ecab4dec8ab341ba114f0a4e5d1dcfa182396c0e4826ddee187b07bb524dfeaa5297f7a5465f99eaaaa37f082c787b94811feb15b57d68369e6a7e3761d"
],
"pubkey": "033946e6a495e7278027b38be3d500cfc23d3e0836f1b7e24513841437f316ccb0"
}
}]
Data Provisioning
Inputs
- Cin: UTXO commitment to swap
- xin: Blinding factor of Cin
- K1...n: The public keys of all n servers
Procedure
- Choose random xi for each node ni and create a Payload (Pi) for each containing xi
- Build a rangeproof for Cn=Cin+(Σx1...n)*G and include it in payload Pn
- Choose random initial ephemeral keypair (r1, R1)
- Derive remaining ephemeral keypairs such that ri+1=ri*Sha256(Ri||si) where si=ECDH(Ri, Ki)
- For each node ni, use ChaCha20 stream cipher with key=HmacSha256("MWIXNET"||si) and nonce "NONCE1234567" to encrypt payloads Pi...n
Input Validation
- Node n1 verifies that Cin is in the current UTXO set
- Node n1 verifies the commitment signature is valid for Cin, proving ownership of the input
Output derivation
, Output validation
, Kernel derivation
, and Aggregation
steps remain unchanged from the original design