Introduction

As a public blockchain focusing on technical innovation, Qtum has a reputation for promoting the development and application of blockchain and the importance of privacy. Although the Qtum blockchain itself has anonymity on some level, privacy and protection can always be strengthened. From its collaborative research with universities to the world’s first online privacy hackathon co-sponsored with Beam, Qtum remains as committed as ever to progress in privacy.

Recently, the emergence of the Mimblewimble protocol has given a new direction to the privacy field. As a representative of the Mimblewimble protocol, Beam simplifies transaction size while ensuring privacy protection with high scalability.

Atomic swap has also been well received in the industry, enabling cross-chain transactions between two digital currencies. The successful cooperation between Beam and Qtum further symbolizes Qtum’s dedication to privacy and cross-chain technology.

Background

Atomic Swaps

Atomic Swap allows atomic cross-chain transactions of cryptocurrencies on two separate blockchains without relying on third-party trust endorsements. The term “atomic” means that the transaction can either be a success or a failure, without involving the third state.

For example: Let’s assume that Alice and Bob want to exchange a certain amount of cryptocurrencies A and B. In the absence of a centralized exchange, both parties will first need to agree on the exchange rate and then, with the help of atomic swap, send A to Bob and then B to Alice.

However, transactions on the blockchain are irreversible. Trading in different currencies without a central endorsement must involve operational priorities. If Alice sends A first, then Alice is at a disadvantage, because she cannot ensure Bob will send a certain amount of B to her as agreed.

In order to guarantee the success of decentralized peer-to-peer transactions, we need a mechanism to ensure that both parties will not cheat. So far, Hashed Timelock Contracts (HTLC) is a commonly used solution.

Hashed Timelock Contracts (HTLC)

One main solution to achieve an atomic swap is through Hashed Timelock Contracts (HTLC). The core idea is by locking a given transaction, the cryptocurrency in question will be unusable until certain conditions are met.

Suppose Alice and Bob intend to exchange tokens A and B. Alice first creates an encrypted digital password box, and tells Bob about the specifications of the lock before putting A into the box. In order for Bob to open the password box, he must provide this key as well as his signature. Bob will then create a similar password box with the same specifications of the lock.

Since opening the password box requires another party’s signature, only Alice can open Bob’s box and only Bob can open Alice’s box. Once Alice opens Bob’s box, the key will be displayed on the blockchain, which will allow Bob to hen use the key published by Alice to open her box. If problems occur or if a party performs a withdrawal operation during the transaction, meaning that the box is not opened within the agreed upon time, the digital currencies will be refunded to Alice and Bob respectively.

The above is the design concept of HTLC, but the actual implementation of the algorithm will be more complicated and practical issues should be taken into consideration.

Beam

Beam is a cryptocurrency developed based on the Mimblewimble protocol, which has strong privacy, substitutability, and scalability. Mimblewimble ensures the privacy of the transaction by hiding the identity of the user and shielding the amount of the transaction.

Mimblewimble requires both parties to negotiate some parameters before creating a transaction. Therefore, the generation of a transaction requires the online joint signature of both parties. Remarkably, Beam provides the Secure Bulletin Board System (SBBS) mechanism to provide a simultaneous online buffer time for both parties.

Beam has implemented the atomic swap function of Beam/Btc and Beam/Litecoin, merging the code into the master branch. In mid-June, Qtum developers completed the atomic swap code of Beam/Qtum and submitted it to the Beam team. The code has also merged into the master branch of Beam project. The atomic swap between Beam and Qtum is now available on the Beam MainNet.

Function implementation

Assuming there are two users — one where Alice owns Beam and where Bob owns Qtum. Alice wants to exchange Bob’s 80 Qtum for 200 Beam.

Transaction process

1. Bob generates Qtum Lock Transaction

Alice first passes her public key to Bob. Bob generates a local Hash Preimage, calculates the Hash Image, and uses Alice’s public key and Hash Image to generate a transaction with a lock script. This transaction locks Bob’s 80 UTXO of Qtum, which can only be spent if any of the following conditions are met.

The agreed time of the atomic swap has expired (judged by the current block height), and Bob claims ownership of the UTXO by using his own private key. This condition is mainly used to enable Bob to take back the UTXO if the atomic swap fails for some reason.

Reveal the Hash Preimage and use Alice’s private key for authentication. This condition is mainly used under normal circumstances, where Alice accepts the Qtum sent by Bob revealing the private hash preimage.

Bob sends the generated Qtum Lock Transaction to Alice, so Alice can verify the transaction on the Qtum network.

2. Alice and Bob collaborate to generate Beam Lock Transaction and Beam Refund Transaction

Beam uses the Mimblewimble protocol, which discards scripts and hides attributes such as the amount of tokens. As a result, lock transactions require the collaboration of two participants. Since this article mainly focuses on atomic swap, we won’t go too much into detail about the generation process of Mimblewimble transactions. For more information, please refer to [Qtum Research Institute: New Privacy Protection Protocol MimbleWimble] (in Qtum’s WeChat Official Account).

However, consider the following scenario: Alice interacts with Bob, including the negotiation of the blinding factor, the signature of Bulletproof, etc. to generate a Beam Lock Transaction on the Beam network, which locks a Beam UTXO that Alice is about to transfer to Bob. Since there is no script in the transaction to determine the branch, Alice needs to generate a Beam Refund Transaction, which refunds the locked Beam UTXO back to Alice. This enables Alice to retrieve her own Beam after the failure of the atomic swap.

3. Bob and Alice mutually confirm that two UTXOs have been locked

When Qtum and Beam’s two separate lock transactions are completed, Alice and Bob need to check if the two transactions are correctly locked. Alice also needs to determine if the lock time for the Qtum Lock Transaction is longer than that of Beam to prevent Bob from retrieving Qtum through the timeout condition after getting Beam.

4. Alice and Bob collaborate to initiate Beam Redeem Transaction

When the two parties confirm the correct deployment of the lock transactions, they will enter the exchange link of the atomic swap. First, Alice and Bob will conduct a Mimblewimble-based negotiation to generate a Beam Redeem Transaction, which transfers the locked Beam UTXO to Bob. During the transaction, Bob will reveal his Hash Preimage generated by himself, which Alice learns from.

5. Alice initiates Qtum Redeem Transaction

After Alice obtains the Hash Preimage generated by Bob on the Beam network, she initiates Qtum Redeem Transaction on the Qtum network, which triggers the second condition of the Qtum Lock Transaction script thus transferring Qtum to her account by revealing the Hash Preimage with her signature.

6. The atomic swap is completed

After the atomic swap transactions get sufficient confirmations on their respective networks, the entire atomic swap comes to the end. When problems occur in any link, the atomic swap will fail and the lock transactions can guarantee that the tokens can be refunded to the original account after the lock time.

For more details, please refer to: Beam Atomic Swap

Details of the experiment