This blog is about my musings and thoughts. I hope you find it useful, at most, and entertaining, at least.
Problem: Party A and Party B would like to perform two mutual transactions (Transaction 1: A -> B ; Transaction 2: B -> A). The parties require that neither Transaction 1 or Transaction 2 be completed without the other also being completed.
Solution: If the mutual transactions take place in a Bitcoin-like system, the transactions could be split such that:
Where P1 and P2 are address computer by:
Once both parties are satisfied that the transaction has been completed, a Multi-Party Fair Exchange Protocol is used to allow A and B to swap a2 and b1. This will only succeed if both parties end with the swapped values.
At this point, B has the private key for P1 and A has the private key for P2, allowing them to perform Transaction 1β and Transaction 2β, respectively.
The problem then comes if the swap isn’t performed, leading to a state where what is paid into Transaction 1α and 2α are lost forever. To remedy this situation, two more transactions are created and published:
which are locked for a pre-determined amount of time. When the time comes, if the transactions haven’t been withdrawn by the entity with the private key, the transaction will be (should be) invalid because P1 and P2 should have no funds in them.
If the swap hasn’t happened, and noöne has the private keys, how can Transaction 1α\* and 2α\* be formed? A Secure Multi-Party Function evaluation! The SMFE can compute the signature needed without revealing the private keys to A or B.