wowario
/
wow-btc-swap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c539465925'
${ noResults }
wow-btc-swap/swap/src/protocol/alice/state.rs

382 lines
12 KiB
Raw Normal View History Unescape

Change `imports_granularity` to module This reduces the overall amount of LoC that imports take up in our codebase by almost 100. It also makes merge-conflicts less likely because there is less grouping together of imports that may lead to layout changes which in turn can cause merge conflicts.
3 years ago
use crate::bitcoin::{
Greatly reduce load onto the Electrum backend We achieve our optimizations in three ways: 1. Batching calls instead of making them individually. To get access to the batch calls, we replace all our calls to the HTTP interface with RPC calls. 2. Never directly make network calls based on function calls on the wallet. Instead, inquiring about the status of a script always just returns information based on local data. With every call, we check when we last refreshed the local data and do so if the data is considered to be too old. This interval is configurable. 3. Use electrum's notification feature to get updated with the latest blockheight. Co-authored-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Rishab Sharma <rishflab@hotmail.com>
3 years ago
current_epoch, CancelTimelock, ExpiredTimelocks, PunishTimelock, TxCancel, TxPunish, TxRefund,
Merge xmr_btc crate Created network, storage and protocol modules. Organised files into the modules where the belong. xmr_btc crate moved into isolated modulein swap crate. Remove the xmr_btc module and integrate into swap crate. Consolidate message related code Reorganise imports Remove unused parent Message enum Remove unused parent State enum Remove unused dependencies from Cargo.toml
3 years ago
};
Rename ExecutionParams to EnvironmentConfig
3 years ago
use crate::env::Config;
Alice sweeps refunded funds into default wallet Since Alice's refund scenario starts with generating the temporary wallet from keys to claim the XMR which results in Alice' unloading the wallet. Alice then loads her original wallet to be able to handle more swaps. Since Alice is in the role of the long running daemon handling concurrent swaps, the operation to close, claim and re-open her default wallet must be atomic. This PR adds an additional step, that sweeps all the refunded XMR back into the default wallet. In order to ensure that this is possible, Alice has to ensure that the locked XMR got enough confirmations. These changes allow us to assert Alice's balance after refunding.
3 years ago
use crate::monero::wallet::{TransferRequest, WatchRequest};
use crate::monero::TransferProof;
Change `imports_granularity` to module This reduces the overall amount of LoC that imports take up in our codebase by almost 100. It also makes merge-conflicts less likely because there is less grouping together of imports that may lead to layout changes which in turn can cause merge conflicts.
3 years ago
use crate::protocol::alice::{Message1, Message3};
use crate::protocol::bob::{Message0, Message2, Message4};
use crate::protocol::CROSS_CURVE_PROOF_SYSTEM;
use crate::{bitcoin, monero};
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
use anyhow::{anyhow, bail, Context, Result};
Remember monero wallet-height for Alice's refund scenario
3 years ago
use monero_rpc::wallet::BlockHeight;
Remove newlines from import statements to avoid problems Rust fmt automatically groups the imports (from top to bottom) as `pub use` `use crate` and `use`. There is no need to introduce sections which cause annoyance when auto importing using the IDE.
3 years ago
use rand::{CryptoRng, RngCore};
use serde::{Deserialize, Serialize};
Only construct proof system once The proof system is a static element and can be reused several times.
3 years ago
use sigma_fun::ext::dl_secp256k1_ed25519_eq::CrossCurveDLEQProof;
Remove newlines from import statements to avoid problems Rust fmt automatically groups the imports (from top to bottom) as `pub use` `use crate` and `use`. There is no need to introduce sections which cause annoyance when auto importing using the IDE.
3 years ago
use std::fmt;
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
Move protocol parent states into appropriate module
3 years ago
#[derive(Debug)]
pub enum AliceState {
Started {
state3: Box<State3>,
},
BtcLocked {
state3: Box<State3>,
},
XmrLocked {
Remember monero wallet-height for Alice's refund scenario
3 years ago
monero_wallet_restore_blockheight: BlockHeight,
Move protocol parent states into appropriate module
3 years ago
state3: Box<State3>,
},
EncSigLearned {
Remember monero wallet-height for Alice's refund scenario
3 years ago
monero_wallet_restore_blockheight: BlockHeight,
Preemptively box encrypted signature to avoid size difference in enum
3 years ago
encrypted_signature: Box<bitcoin::EncryptedSignature>,
Move protocol parent states into appropriate module
3 years ago
state3: Box<State3>,
},
BtcRedeemed,
BtcCancelled {
Remember monero wallet-height for Alice's refund scenario
3 years ago
monero_wallet_restore_blockheight: BlockHeight,
Move protocol parent states into appropriate module
3 years ago
state3: Box<State3>,
},
BtcRefunded {
Remember monero wallet-height for Alice's refund scenario
3 years ago
monero_wallet_restore_blockheight: BlockHeight,
Move protocol parent states into appropriate module
3 years ago
spend_key: monero::PrivateKey,
state3: Box<State3>,
},
BtcPunishable {
Remember monero wallet-height for Alice's refund scenario
3 years ago
monero_wallet_restore_blockheight: BlockHeight,
Move protocol parent states into appropriate module
3 years ago
state3: Box<State3>,
},
XmrRefunded,
CancelTimelockExpired {
Remember monero wallet-height for Alice's refund scenario
3 years ago
monero_wallet_restore_blockheight: BlockHeight,
Move protocol parent states into appropriate module
3 years ago
state3: Box<State3>,
},
BtcPunished,
SafelyAborted,
}
impl fmt::Display for AliceState {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match self {
AliceState::Started { .. } => write!(f, "started"),
AliceState::BtcLocked { .. } => write!(f, "btc is locked"),
AliceState::XmrLocked { .. } => write!(f, "xmr is locked"),
AliceState::EncSigLearned { .. } => write!(f, "encrypted signature is learned"),
AliceState::BtcRedeemed => write!(f, "btc is redeemed"),
AliceState::BtcCancelled { .. } => write!(f, "btc is cancelled"),
AliceState::BtcRefunded { .. } => write!(f, "btc is refunded"),
AliceState::BtcPunished => write!(f, "btc is punished"),
AliceState::SafelyAborted => write!(f, "safely aborted"),
AliceState::BtcPunishable { .. } => write!(f, "btc is punishable"),
AliceState::XmrRefunded => write!(f, "xmr is refunded"),
AliceState::CancelTimelockExpired { .. } => write!(f, "cancel timelock is expired"),
}
}
}
Align Alice DB states with swap states
3 years ago
#[derive(Clone, Debug, Deserialize, Serialize, PartialEq)]
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
pub struct State0 {
Update tests after rebase
3 years ago
pub a: bitcoin::SecretKey,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
pub s_a: monero::Scalar,
Update tests after rebase
3 years ago
pub v_a: monero::PrivateViewKey,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
pub(crate) S_a_monero: monero::PublicKey,
pub(crate) S_a_bitcoin: bitcoin::PublicKey,
pub dleq_proof_s_a: CrossCurveDLEQProof,
Remove custom implementation of bitcoin amount serde This is unnecessary as rust-bitcoin provides it.
4 years ago
#[serde(with = "::bitcoin::util::amount::serde::as_sat")]
Add recovery function for Alice
3 years ago
pub btc: bitcoin::Amount,
pub xmr: monero::Amount,
Avoid possible mix up between timelocks Introduce new type to ensure no mix up happens when ordering the fields in function calls.
3 years ago
pub cancel_timelock: CancelTimelock,
pub punish_timelock: PunishTimelock,
Add recovery function for Alice
3 years ago
pub redeem_address: bitcoin::Address,
pub punish_address: bitcoin::Address,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
}
impl State0 {
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
3 years ago
pub async fn new<R>(
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
btc: bitcoin::Amount,
xmr: monero::Amount,
Rename ExecutionParams to EnvironmentConfig
3 years ago
env_config: Config,
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
3 years ago
bitcoin_wallet: &bitcoin::Wallet,
Avoid carrying rng
3 years ago
rng: &mut R,
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
3 years ago
) -> Result<Self>
Avoid carrying rng
3 years ago
where
R: RngCore + CryptoRng,
{
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
3 years ago
let a = bitcoin::SecretKey::new_random(rng);
let v_a = monero::PrivateViewKey::new_random(rng);
let redeem_address = bitcoin_wallet.new_address().await?;
Use different address for redeem and punish Having the same address could potentially cause issues when subscribing to transactions by script
3 years ago
let punish_address = bitcoin_wallet.new_address().await?;
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
let s_a = monero::Scalar::random(rng);
Only construct proof system once The proof system is a static element and can be reused several times.
3 years ago
let (dleq_proof_s_a, (S_a_bitcoin, S_a_monero)) = CROSS_CURVE_PROOF_SYSTEM.prove(&s_a, rng);
Avoid carrying rng
3 years ago
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
3 years ago
Ok(Self {
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
a,
s_a,
v_a,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
S_a_bitcoin: S_a_bitcoin.into(),
S_a_monero: monero::PublicKey {
point: S_a_monero.compress(),
},
Avoid carrying rng
3 years ago
dleq_proof_s_a,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
redeem_address,
punish_address,
btc,
xmr,
Rename ExecutionParams to EnvironmentConfig
3 years ago
cancel_timelock: env_config.bitcoin_cancel_timelock,
punish_timelock: env_config.bitcoin_punish_timelock,
Move generation of keys inside `State0::new` The event loop will now use this function so I want to simplify its usage to avoid having to instantiate too many items to use it.
3 years ago
})
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
}
Rename alice::Message0 to Message0 There is now only one message0
3 years ago
pub fn receive(self, msg: Message0) -> Result<State1> {
Only construct proof system once The proof system is a static element and can be reused several times.
3 years ago
let valid = CROSS_CURVE_PROOF_SYSTEM.verify(
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
&msg.dleq_proof_s_b,
(
msg.S_b_bitcoin.into(),
msg.S_b_monero
.point
.decompress()
.ok_or_else(|| anyhow!("S_b is not a monero curve point"))?,
),
);
if !valid {
bail!("Bob's dleq proof doesn't verify")
}
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
let v = self.v_a + msg.v_b;
Ok(State1 {
a: self.a,
B: msg.B,
s_a: self.s_a,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
S_a_monero: self.S_a_monero,
S_a_bitcoin: self.S_a_bitcoin,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
S_b_monero: msg.S_b_monero,
S_b_bitcoin: msg.S_b_bitcoin,
v,
Re-organise Alice state to be more coherent with the msg sequence
3 years ago
v_a: self.v_a,
dleq_proof_s_a: self.dleq_proof_s_a,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
btc: self.btc,
xmr: self.xmr,
Remove Refund timelock and T0/T1/T2 There are no refund timelock, only a cancellation timelock and punish timelock. Refund can be done as soon as the cancellation transaction is published.
3 years ago
cancel_timelock: self.cancel_timelock,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
punish_timelock: self.punish_timelock,
refund_address: msg.refund_address,
redeem_address: self.redeem_address,
punish_address: self.punish_address,
})
}
}
Implement Clone on states
4 years ago
#[derive(Clone, Debug, Deserialize, Serialize)]
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
pub struct State1 {
a: bitcoin::SecretKey,
B: bitcoin::PublicKey,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
s_a: monero::Scalar,
S_a_monero: monero::PublicKey,
S_a_bitcoin: bitcoin::PublicKey,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
S_b_monero: monero::PublicKey,
S_b_bitcoin: bitcoin::PublicKey,
v: monero::PrivateViewKey,
Re-organise Alice state to be more coherent with the msg sequence
3 years ago
v_a: monero::PrivateViewKey,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
dleq_proof_s_a: CrossCurveDLEQProof,
Remove custom implementation of bitcoin amount serde This is unnecessary as rust-bitcoin provides it.
4 years ago
#[serde(with = "::bitcoin::util::amount::serde::as_sat")]
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
btc: bitcoin::Amount,
xmr: monero::Amount,
Avoid possible mix up between timelocks Introduce new type to ensure no mix up happens when ordering the fields in function calls.
3 years ago
cancel_timelock: CancelTimelock,
punish_timelock: PunishTimelock,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
refund_address: bitcoin::Address,
redeem_address: bitcoin::Address,
punish_address: bitcoin::Address,
}
impl State1 {
Re-organise Alice state to be more coherent with the msg sequence
3 years ago
pub fn next_message(&self) -> Message1 {
Message1 {
A: self.a.public(),
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
S_a_monero: self.S_a_monero,
S_a_bitcoin: self.S_a_bitcoin,
Re-organise Alice state to be more coherent with the msg sequence
3 years ago
dleq_proof_s_a: self.dleq_proof_s_a.clone(),
v_a: self.v_a,
redeem_address: self.redeem_address.clone(),
punish_address: self.punish_address.clone(),
}
}
Rename bob::Message1 to Message2 As per sequence diagram.
3 years ago
pub fn receive(self, msg: Message2) -> State2 {
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
State2 {
a: self.a,
B: self.B,
s_a: self.s_a,
S_b_monero: self.S_b_monero,
S_b_bitcoin: self.S_b_bitcoin,
v: self.v,
btc: self.btc,
xmr: self.xmr,
Remove Refund timelock and T0/T1/T2 There are no refund timelock, only a cancellation timelock and punish timelock. Refund can be done as soon as the cancellation transaction is published.
3 years ago
cancel_timelock: self.cancel_timelock,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
punish_timelock: self.punish_timelock,
refund_address: self.refund_address,
redeem_address: self.redeem_address,
punish_address: self.punish_address,
tx_lock: msg.tx_lock,
}
}
}
Implement Clone on states
4 years ago
#[derive(Clone, Debug, Deserialize, Serialize)]
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
pub struct State2 {
a: bitcoin::SecretKey,
B: bitcoin::PublicKey,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
s_a: monero::Scalar,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
S_b_monero: monero::PublicKey,
S_b_bitcoin: bitcoin::PublicKey,
v: monero::PrivateViewKey,
Remove custom implementation of bitcoin amount serde This is unnecessary as rust-bitcoin provides it.
4 years ago
#[serde(with = "::bitcoin::util::amount::serde::as_sat")]
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
btc: bitcoin::Amount,
xmr: monero::Amount,
Avoid possible mix up between timelocks Introduce new type to ensure no mix up happens when ordering the fields in function calls.
3 years ago
cancel_timelock: CancelTimelock,
punish_timelock: PunishTimelock,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
refund_address: bitcoin::Address,
redeem_address: bitcoin::Address,
punish_address: bitcoin::Address,
tx_lock: bitcoin::TxLock,
}
impl State2 {
Rename alice::Message1 to Message3 As per sequence diagram.
3 years ago
pub fn next_message(&self) -> Message3 {
Upgrade rust-bitcoin to 0.25
4 years ago
let tx_cancel =
Remove Refund timelock and T0/T1/T2 There are no refund timelock, only a cancellation timelock and punish timelock. Refund can be done as soon as the cancellation transaction is published.
3 years ago
bitcoin::TxCancel::new(&self.tx_lock, self.cancel_timelock, self.a.public(), self.B);
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
let tx_refund = bitcoin::TxRefund::new(&tx_cancel, &self.refund_address);
// Alice encsigns the refund transaction(bitcoin) digest with Bob's monero
// pubkey(S_b). The refund transaction spends the output of
// tx_lock_bitcoin to Bob's refund address.
// recover(encsign(a, S_b, d), sign(a, d), S_b) = s_b where d is a digest, (a,
// A) is alice's keypair and (s_b, S_b) is bob's keypair.
Upgrade rust-bitcoin to 0.25
4 years ago
let tx_refund_encsig = self.a.encsign(self.S_b_bitcoin, tx_refund.digest());
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
let tx_cancel_sig = self.a.sign(tx_cancel.digest());
Rename alice::Message1 to Message3 As per sequence diagram.
3 years ago
Message3 {
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
tx_refund_encsig,
tx_cancel_sig,
}
}
Rename bob::Message2 to Message4 As per sequence diagram.
3 years ago
pub fn receive(self, msg: Message4) -> Result<State3> {
Upgrade rust-bitcoin to 0.25
4 years ago
let tx_cancel =
Remove Refund timelock and T0/T1/T2 There are no refund timelock, only a cancellation timelock and punish timelock. Refund can be done as soon as the cancellation transaction is published.
3 years ago
bitcoin::TxCancel::new(&self.tx_lock, self.cancel_timelock, self.a.public(), self.B);
Improve error reporting on signature verification
3 years ago
bitcoin::verify_sig(&self.B, &tx_cancel.digest(), &msg.tx_cancel_sig)
.context("Failed to verify cancel transaction")?;
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
let tx_punish =
bitcoin::TxPunish::new(&tx_cancel, &self.punish_address, self.punish_timelock);
Improve error reporting on signature verification
3 years ago
bitcoin::verify_sig(&self.B, &tx_punish.digest(), &msg.tx_punish_sig)
Typo Co-authored-by: Daniel Karzel <daniel.karzel@coblox.tech>
3 years ago
.context("Failed to verify punish transaction")?;
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
Ok(State3 {
a: self.a,
B: self.B,
s_a: self.s_a,
S_b_monero: self.S_b_monero,
S_b_bitcoin: self.S_b_bitcoin,
v: self.v,
btc: self.btc,
xmr: self.xmr,
Remove Refund timelock and T0/T1/T2 There are no refund timelock, only a cancellation timelock and punish timelock. Refund can be done as soon as the cancellation transaction is published.
3 years ago
cancel_timelock: self.cancel_timelock,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
punish_timelock: self.punish_timelock,
refund_address: self.refund_address,
redeem_address: self.redeem_address,
punish_address: self.punish_address,
tx_lock: self.tx_lock,
tx_punish_sig_bob: msg.tx_punish_sig,
tx_cancel_sig_bob: msg.tx_cancel_sig,
})
}
}
Remove generics from Database
4 years ago
#[derive(Clone, Debug, Deserialize, Serialize, PartialEq)]
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
pub struct State3 {
Write action_generator_alice
4 years ago
pub a: bitcoin::SecretKey,
pub B: bitcoin::PublicKey,
Upgrade to bdk 4.0 To achieve this we also: - upgrade rust-bitcoin to 0.26 - upgrade bitcoin-harness to latest version (which also depends bitcoin 0.26) - upgrade to latest edcsa-fun - replace cross_curve_dleq proof with sigma_fun (to avoid an upgrade dance over there)
3 years ago
pub s_a: monero::Scalar,
Write action_generator_alice
4 years ago
pub S_b_monero: monero::PublicKey,
pub S_b_bitcoin: bitcoin::PublicKey,
pub v: monero::PrivateViewKey,
Remove custom implementation of bitcoin amount serde This is unnecessary as rust-bitcoin provides it.
4 years ago
#[serde(with = "::bitcoin::util::amount::serde::as_sat")]
Fix rebase conflicts
4 years ago
pub btc: bitcoin::Amount,
pub xmr: monero::Amount,
Avoid possible mix up between timelocks Introduce new type to ensure no mix up happens when ordering the fields in function calls.
3 years ago
pub cancel_timelock: CancelTimelock,
pub punish_timelock: PunishTimelock,
Fix rebase conflicts
4 years ago
pub refund_address: bitcoin::Address,
pub redeem_address: bitcoin::Address,
pub punish_address: bitcoin::Address,
pub tx_lock: bitcoin::TxLock,
pub tx_punish_sig_bob: bitcoin::Signature,
pub tx_cancel_sig_bob: bitcoin::Signature,
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
}
impl State3 {
Remove traits in favor of using the wallet struct directly Abstracting over the individual bits of functionality of the wallet does have its place, especially if one wants to keep a separation of an abstract protocol library that other people can use with their own wallets. However, at the moment, the traits only cause unnecessary friction. We can always add such abstraction layers again once we need them.
3 years ago
pub async fn expired_timelocks(
&self,
bitcoin_wallet: &bitcoin::Wallet,
) -> Result<ExpiredTimelocks> {
Remove unnecessary state variables by constructing TXs on demand
3 years ago
let tx_cancel = self.tx_cancel();
Greatly reduce load onto the Electrum backend We achieve our optimizations in three ways: 1. Batching calls instead of making them individually. To get access to the batch calls, we replace all our calls to the HTTP interface with RPC calls. 2. Never directly make network calls based on function calls on the wallet. Instead, inquiring about the status of a script always just returns information based on local data. With every call, we check when we last refreshed the local data and do so if the data is considered to be too old. This interval is configurable. 3. Use electrum's notification feature to get updated with the latest blockheight. Co-authored-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Rishab Sharma <rishflab@hotmail.com>
3 years ago
Introduce `Watchable` abstraction for Bitcoin wallet We have a repeated pattern where we construct one of our Tx{Cancel,Redeem,Punish,Refund,Lock} transactions and wait until the status of this transaction changes. We can make this more ergonomic by creating and implementing a `Watchable` trait that gives access to the TxId and relevant script for this transaction. This allows us to remove a parameter from the `watch_until_status` function. Additionally, there is a 2nd pattern: "Completing" one of these transaction and waiting until they are confirmed with the configured number of blocks for finality. We can make this more ergonomic by returning a future from `broadcast` that callers can await in case they want to wait for the broadcasted transaction to reach finality.
3 years ago
let tx_lock_status = bitcoin_wallet.status_of_script(&self.tx_lock).await?;
let tx_cancel_status = bitcoin_wallet.status_of_script(&tx_cancel).await?;
Greatly reduce load onto the Electrum backend We achieve our optimizations in three ways: 1. Batching calls instead of making them individually. To get access to the batch calls, we replace all our calls to the HTTP interface with RPC calls. 2. Never directly make network calls based on function calls on the wallet. Instead, inquiring about the status of a script always just returns information based on local data. With every call, we check when we last refreshed the local data and do so if the data is considered to be too old. This interval is configurable. 3. Use electrum's notification feature to get updated with the latest blockheight. Co-authored-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Rishab Sharma <rishflab@hotmail.com>
3 years ago
Ok(current_epoch(
Remove Refund timelock and T0/T1/T2 There are no refund timelock, only a cancellation timelock and punish timelock. Refund can be done as soon as the cancellation transaction is published.
3 years ago
self.cancel_timelock,
Ensure that Bob can cancel correctly if T1 expired and Alice did not move Bob has to check for the possibility to cancel in every state after he locked the BTC. Otherwise Bob will try to perform actions that don't have any point.
3 years ago
self.punish_timelock,
Greatly reduce load onto the Electrum backend We achieve our optimizations in three ways: 1. Batching calls instead of making them individually. To get access to the batch calls, we replace all our calls to the HTTP interface with RPC calls. 2. Never directly make network calls based on function calls on the wallet. Instead, inquiring about the status of a script always just returns information based on local data. With every call, we check when we last refreshed the local data and do so if the data is considered to be too old. This interval is configurable. 3. Use electrum's notification feature to get updated with the latest blockheight. Co-authored-by: Thomas Eizinger <thomas@eizinger.io> Co-authored-by: Rishab Sharma <rishflab@hotmail.com>
3 years ago
tx_lock_status,
tx_cancel_status,
))
Test Alice refunds after Bob refund Reworked Alice XmrLocked state transition handler to handle the scenario when Alice received the encsig but Bob refunds. Previously Alice was trying to redeem after receiving the encsig without checking if t1 had elapsed.
3 years ago
}
Eliminate `build_bitcoin_punish_transaction` We reduce indirection by constructing TxPunish directly based off `State3` and make the type itself more powerful by moving the logic of completing it with a signature onto it.
3 years ago
Introduce monero::TransferRequest This allows us to move critical crypto logic onto `State3` which holds all the necessary data which consequently allows us to get rid of `lock_xmr` altogether by inlining it into the swap function. The reduced indirection improves readability.
3 years ago
pub fn lock_xmr_transfer_request(&self) -> TransferRequest {
let S_a = monero::PublicKey::from_private_key(&monero::PrivateKey { scalar: self.s_a });
let public_spend_key = S_a + self.S_b_monero;
let public_view_key = self.v.public();
TransferRequest {
public_spend_key,
public_view_key,
amount: self.xmr,
}
}
Alice sweeps refunded funds into default wallet Since Alice's refund scenario starts with generating the temporary wallet from keys to claim the XMR which results in Alice' unloading the wallet. Alice then loads her original wallet to be able to handle more swaps. Since Alice is in the role of the long running daemon handling concurrent swaps, the operation to close, claim and re-open her default wallet must be atomic. This PR adds an additional step, that sweeps all the refunded XMR back into the default wallet. In order to ensure that this is possible, Alice has to ensure that the locked XMR got enough confirmations. These changes allow us to assert Alice's balance after refunding.
3 years ago
pub fn lock_xmr_watch_request(
&self,
transfer_proof: TransferProof,
Monero confirmations are a u64 Trying to deserialize the number as a u32 caused deserialization errors.
3 years ago
conf_target: u64,
Alice sweeps refunded funds into default wallet Since Alice's refund scenario starts with generating the temporary wallet from keys to claim the XMR which results in Alice' unloading the wallet. Alice then loads her original wallet to be able to handle more swaps. Since Alice is in the role of the long running daemon handling concurrent swaps, the operation to close, claim and re-open her default wallet must be atomic. This PR adds an additional step, that sweeps all the refunded XMR back into the default wallet. In order to ensure that this is possible, Alice has to ensure that the locked XMR got enough confirmations. These changes allow us to assert Alice's balance after refunding.
3 years ago
) -> WatchRequest {
let S_a = monero::PublicKey::from_private_key(&monero::PrivateKey { scalar: self.s_a });
let public_spend_key = S_a + self.S_b_monero;
let public_view_key = self.v.public();
WatchRequest {
public_spend_key,
public_view_key,
transfer_proof,
conf_target,
expected: self.xmr,
}
}
Remove unnecessary state variables by constructing TXs on demand
3 years ago
pub fn tx_cancel(&self) -> TxCancel {
TxCancel::new(&self.tx_lock, self.cancel_timelock, self.a.public(), self.B)
}
Eliminate `build_bitcoin_punish_transaction` We reduce indirection by constructing TxPunish directly based off `State3` and make the type itself more powerful by moving the logic of completing it with a signature onto it.
3 years ago
pub fn tx_punish(&self) -> TxPunish {
Remove unnecessary state variables by constructing TXs on demand
3 years ago
bitcoin::TxPunish::new(
&self.tx_cancel(),
&self.punish_address,
self.punish_timelock,
)
}
Eliminate `build_bitcoin_punish_transaction` We reduce indirection by constructing TxPunish directly based off `State3` and make the type itself more powerful by moving the logic of completing it with a signature onto it.
3 years ago
Remove unnecessary state variables by constructing TXs on demand
3 years ago
pub fn tx_refund(&self) -> TxRefund {
bitcoin::TxRefund::new(&self.tx_cancel(), &self.refund_address)
Eliminate `build_bitcoin_punish_transaction` We reduce indirection by constructing TxPunish directly based off `State3` and make the type itself more powerful by moving the logic of completing it with a signature onto it.
3 years ago
}
Swap Monero for Bitcoin Co-authored-by: rishflab <rishflab@hotmail.com> Co-authored-by: Philipp Hoenisch <philipp@hoenisch.at> Co-authored-by: Tobin C. Harding <tobin@coblox.tech>
4 years ago
}