Decred and Litecoin completed something called a cross-chain atomic swaps a few days ago. They published a blog about it, created a GitHub repo with utilities and talked about it on my show.
In this article, I’m going to explain what atomic swaps are, how this affects Bitcoin and what we can expect going forward.
Problem of Trust
To understand what an atomic swap is, we have to first understand an inherent problem in trading. Suppose Alice wants to buy something from Bob, say a collectible Pez dispenser. Suppose further that Alice and Bob live far away so it’s difficult to do the trade in person and that they’re strangers to each other, so they don’t trust each other. How do Alice and Bob conduct this transaction?
If Alice sent Bob the money first, Bob may simply not send the collectible to Alice as he’d already have the money. On the other hand, if Bob sent the collectible to Alice first, Alice may simply not send the money as she’d already have the collectible.
We call the transfer of money from Alice to Bob, Bob’s side of the trade and the transfer of the collectible from Bob to Alice, Alice’s side of the trade. Ideally, we want both sides of the trade to go through simultaneously, but unfortunately this turns out to be hard.
There are several ways to solve this problem of trust. First, Alice and Bob could meet in a safe location and trade directly. This would be rather expensive for Alice and/or Bob since they would have to physically travel to a common location, but it would remove the problem of trust. One of the reasons why so many shipwrecks have treasure associated with them is precisely this. Trading ships had to bring the goods with them and solved the problem of trust by physically getting to the same location.
Given that the item in question is a Pez dispenser, it’s probably not economic for Alice and Bob, living so far away to travel to a common location to trade. So what else is there?
Another way Alice and Bob can solve the problem of trust is finding someone they both trust, what you would call a third-party intermediary or escrow. The third party can receive both the money and the Pez dispenser and then distribute them to the other party when both are received. This works fine when Alice and Bob have an agreed on escrow. What if they don’t have a good escrow? A poorly-chosen escrow can steal and cheat one or both parties. A well-chosen one can be pretty expensive.
The previous two scenarios are pretty much what people trying to acquire Bitcoin do. Many utilize localbitcoins, which is essentially trading directly. Others utilize exchanges, which is essentially an escrow agent or a trusted third party.
At least when the trade involves something physical, you can’t make one side of the trade dependent on the other without some trusted third party. That is, Alice can’t make her money delivery dependent on the Pez dispenser being delivered by Bob or vice-versa. This is an unfortunate reality of physical trading.
What’s different about digital transfers is that we can make both sides of the trade dependent. That is, Alice can give money to Bob dependent on Bob giving the collectible to Alice. We can create programming logic that makes it impossible for only one side of the trade go through. That is, either both Alice and Bob get their side of the trade or neither do.
This is what we call an atomic swap. There aren’t two separate transfers, but a single transfer that does the swap at once.
What did the Decred developers do?
The Decred developers created a smart contract, using SCRIPT to allow an atomic swap between DCR and LTC. What’s more, since SCRIPT is also the smart contract language for BTC, atomic swaps between DCR/LTC/BTC are all possible. Furthermore, coins like BCH and VTC also have similar SCRIPT capabilities so will have atomic swap capabilities. Coins like Monero, however, don’t have the capabilities required for atomic swaps, so this ability is not universal.
Note this is an on-chain atomic swap. That is, it’s not dependent on Lightning or Segwit, just SCRIPT.
So how does it work?
Imagine that Alice and Bob are trading alpha coin for beta coin. Alice makes the digital equivalent to a lockbox and gives the specifications for the lock to Bob. She puts her alpha coin in the lockbox which requires both the key for the lock and Bob’s signature. Bob creates a similar lockbox which has the same specifications for the lock. Bob’s lockbox requires both the same key (since it’s the same lock) and Alice’s signature and contains his beta coin.
The lockboxes require the other person’s signature so only Alice can open Bob’s box and only Bob can open Alice’s box.
When Alice opens Bob’s lockbox, her key for the lock is revealed on the beta coin blockchain. Bob can use the same key Alice just revealed to unlock the lockbox Alice constructed and get his alpha coin.
This works because opening one lockbox effectively gives the other party the ability to open the other lockbox. Because each lockbox requires both the key and the signature, both lockboxes are essentially secure.
In case something goes wrong or one party backs out in the middle of the process, the lockboxes are constructed in a way as to refund alpha coin and beta coin to Alice and Bob respectively if nobody opened the lockboxes in 48 and 24 hours respectively.
How is this different than Lightning Network Cross-Chain Atomic Swaps?
Lightning Network cross-chain atomic swaps (what we call off-chain atomic swaps) have some benefits and drawbacks compared to the on-chain version. First, off-chain swaps on LN are instant as opposed to requiring several blocks on their respective chains. Second, off-chain swaps require funds to be committed to the Lightning Network. That is, any funds in a Lightning Network channel can only be used on the Lightning Network until the channel is closed.
Generally LN transactions are cheaper, more useful for smaller transactions and have better privacy properties, but bigger transactions, which require off-line signatures will most likely utilize the on-chain atomic swaps.
What’s this useful for?
Any large OTC trade can utilize this on-chain atomic swap. If Alice and Bob wanted to trade large amounts of BTC and LTC, on-chain swapping would make sense since it would not depend at all on trusting a third party.
Other possible uses are trustless exchanges. Users will be able to keep custody of their funds and atomically swap for other coins instead of keeping coins on the exchange. This takes out a whole host of vulnerabilities and attack surfaces associated with digital asset custody.
That said, on-chain atomic swaps reduce privacy as the payments on the two chains can be linked.
Atomic swaps are a really interesting innovation that can potentially change the cryptocurrency landscape. Instead of tumblebit or joinmarket, you may be able to use a secondary coin with privacy features to disassociate yourself from your coins. This in turn would make Bitcoin a lot more fungible, even if Bitcoin itself doesn’t have the feature!