Symmetric Fair Exchange Protocol

Symmetric Fair Exchange Protocol
Posted on 2018-10-15 in Alternative Coins & Systems

Background

In a fair exchange protocol two parties either both honour an exchange (such as a contract), or neither of them do. It is known that deterministic fair exchange is impossible without a trusted third party (Even and Yacobi 1980). However, under the Bitcoin protocol, a validated blockchain acts as a trusted third party.

 

Current State of the Art

The Bitcoin Wiki (2014) includes a page on ‘Atomic cross-chain trading’ which describes a protocol where two parties own coins in different cryptocurrencies, and want to exchange them without having to trust a third party or centralised exchange. There also exists a BIP (Bitcoin Improvement Proposal) entitled ‘Atomic Cross Chain Transfers’ (Tiernan 2014), that describes the method. Maxwell (2012) hints that by combining secrets a more symmetric solution is possible.

Problem Statement

The objective is to implement a fair exchange protocol under the Bitcoin protocol.

Benefits

The proposed protocol offers all of the benefits of the ‘Atomic cross-chain trading’ protocol, i.e. it enables two parties to conduct a fair exchange using separate transactions and no third party, and is both atomic and secure. Furthermore, the proposed protocol is perfectly symmetric.

Key Elements

The proposed invention describes the first known implementation of a symmetric fair exchange protocol on the Bitcoin blockchain.

Proposal

The locking and unlocking scripts are described below in pseudocode. It is inherent that the scripting language supports the described algorithm.

Alice and Bob wish to trade entities of value, such as bitcoins, other currencies, contracts, goods or services. They have agreed that Alice shall give Bob e1, and Bob shall give Alice e2. Let H(x) be the OP_HASH160 Bitcoin script hash of x. Note also that in the Bitcoin script, as used here, a non-zero locktime indicates the earliest time that the transaction may be added to the block chain and in practice is expressed in Unix time (the number of seconds that have elapsed since 00:00:00 UTC 1 January 1970), whilst a zero locktime is interpreted as no locktime (for immediate broadcast). The protocol is described in Table 1, and the transactions are given in full in the appendix.

 
 
Table 1: Symmetric fair exchange protocol

Appendix

 
 

References

Bitcoin Wiki (2014), Atomic cross-chain trading, http://en.bitcoin.it/wiki/Atomic_cross-chain_trading.

Even, S. and Yacobi, Y. (1980), Relations among public key signature systems, Technical Report CS0175, Technion, Haifa.

Maxwell, G. (2012), Re: P2PTradeX: P2P Trading between cryptocurrencies, Bitcoin Forum, http://fanbitcoin.com/index.php?topic=91843.msg1011956#msg1011956.

Tiernan, N. (2014), Atomic Cross Chain Transfers, GitHub, http://github.com/TierNolan/bips/blob/bip4x/bip-atom.mediawiki.