Abstract

The inability to perform cross-chain swaps are one of the many problems that burden the blockchain industry. It constrains the application of the blockchain technology. Among all solutions, HTLC (Hash Time-Locked Contract) ensures the atomicity of cross-chain transactions, which has the highest security. This paper proposes an HTLC implementation on Qtum, and illustrates an atomic cross-chain swap between Qtum and Bitcoin.

Introduction

Atomic cross-chain swaps [1] are one of the many cross-chain solutions. It has the following advantages:

No third parties are needed. Both sides of an atomic cross-chain swap do not need to trust a third party to complete the swap.

The process is atomic. Two transactions executed on two blockchains are completed or canceled simultaneously.

Its disadvantages are:

A price-matching tool is required to allow both sides to negotiate the number of tokens to be swapped.

The confirmation time is constrained by the transaction confirmation time of both blockchains, which is much slower than a centralized exchange.

Currently, one main application of atomic cross-chain swaps is to realize conversions among cryptocurrencies in multi-currency wallets. The HTLC (Hash Time-Locked Contract) technology that atomic cross-chain swaps are based on is used in many production environments, like the lightning network [2], because of its robust security.

The feature of not having a third party dependency and atomicity is consistent with basic principles of Bitcoin, so the future of atomic cross-chain swaps are favored by the market. Many mainstream cryptocurrencies have realized atomic cross-chain swap and released their codes. As the cryptocurrency technologies and markets mature, atomic cross-chain swaps will have more application scenarios. For example, cross-chain exchanges of large amount of cryptocurrencies can be completed on the blockchain using this technology, without the need of centralized exchanges which will charge a large amount of fees.

Related Work

Because of different payment scripts used by different blockchains, there are different implementations of atomic cross-chain swap. An implementation based on bitcoin payment script [3] enables swap among Bitcoin-like cryptocurrencies such as BTC, BCH, and LTC. There is also a Solidity-based implementation [4], which realizes swap among Ethereum-like cryptocurrencies and ERC20 tokens. The swap.online project [5] realizes swaps among Bitcoin-like, Ethereum-like, and EOS cryptocurrencies, and made a product for users to execute swaps [6]. There is also a wallet product [7] which implements atomic cross-chain swap and price matching for various cryptocurrencies, but their source code cannot be found on the Github.

Since Qtum supports both Bitcoin payment scripts and Solidity, it is possible to develop atomic cross-chain swaps in two ways. But as a PoC, we consider the easiest way to implement it, that is, based on the decred project [3]. This way it is easy to realize and can be quickly applied to the swap between QTUM and BTC.

System

Source code has been uploaded to Github [8]. The theory and operations are detailed as follows.

Theory

The basic theory of HTLC has been explained in Jimmy Song’s post on Atomic Swaps[9]. Here we will put emphasis on how it is realized by Bitcoin payment scripts.

For example, a Qtum holder Alice will do an atomic cross-chain swap with a Bitcoin holder Bob. The process is as follows:

Alice initiates a transaction on Qtum which contains a time-locked contract and transfers QTUM to Bob.

Bob audits the transaction.

If the transaction is approved, Bob participates a similar transaction on Bitcoin which pays BTC to Alice.

Alice audits the transaction.

If the transaction is approved, Alice redeems BTC from it.

Bob extracts a secret from the redeeming transaction.

Bob redeems QTUM from the initial transaction.

If the time specified in the time lock is reached and Bob has not redeemed the token, Alice can refund the token.

The transaction described above is based on Bitcoin payment scripts. There are two types of scripts construct the transaction validating process: a locking script and an unlocking script. A locking script is a spending condition placed on an output. An unlocking script is a script that “solves” or satisfies the conditions placed on an output by a locking script and allows the output to be spent. The locking and unlocking scripts used in an atomic cross-chain swap are as follows.

When Alice initiates the swap, the script is:

OP_IF OP_SIZE secretSize OP_EQUALVERIFY OP_SHA256 secretHash OP_EQUALVERIFY OP_DUP OP_HASH160 pubkHash OP_ELSE locktime OP_CHECKLOCKTIMEVERIFY OP_DROP OP_DUP OP_HASH160 pubkHash OP_ENDIF OP_EQUALVERIFY OP_CHECKSIG

OP_IF is the branch executed when Bob redeems the token, and OP_ELSE is the branch executed when the time lock is reached and the initiator refunds the token.

When Bob redeems the token, the combination of unlocking and locking scripts is:

sig pubkey secret OP_SIZE secretSize OP_EQUALVERIFY OP_SHA256 secretHash OP_EQUALVERIFY OP_DUP OP_HASH160 pubkHash OP_EQUALVERIFY OP_CHECKSIG

The validating process is:

If Bob has not redeemed the token after the time in the time lock, Alice can refund the token, and the combination of unlocking and locking scripts is:

sig pubkey secret locktime OP_CHECKLOCKTIMEVERIFY OP_DROP OP_DUP OP_HASH160 pubkHash OP_EQUALVERIFY OP_CHECKSIG

The validating process is:

Operation

An atomic cross-chain swap between Qtum and Bitcoin is shown as follows, in which 1.2345 QTUM held by Alice is exchanged with 0.005678 BTC held by Bob. The final transactions are:

The operation process is as follows:

Start nodes

$ bitcoind -daemon -rpcuser=atomic -rpcpassword=atomic -deprecatedrpc=signrawtransaction -addresstype=legacy $ qtumd -daemon -rpcuser=atomic -rpcpassword=atomic

Alice initiates

$ qtumatomicswap -rpcuser=atomic -rpcpass=atomic initiate QZaxv8Kfyj469aBMGHnXo9eadydk3CVPLm 1.2345 Secret: 5999ed9033b9c10d18c3b8bf1b9f8a126ad5a7a77446521f97a9d523366bc558 Secret hash: 594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a106040 Contract fee: 0.00114349 QTUM (0.00510487 qtum/kB) Refund fee: 0.00151614 QTUM (0.00521010 qtum/kB) Contract (MA6WNfmbWyzUAS78jbg4Avj4iomKBuYq6M): 6382012088a820594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a1060408876a9148e6839431a103352e20491de639eff514a659a4267042305325cb17576a914541fd33cc2409e9cc2a659eb005e7a00cfa1738b6888ac Contract transaction (ffd08f31ceff36c39fa142b0507b1c71839f4684cce42b2a74ec06917a71c4ae): 020000000156c6222b3e502930542d29f02e56f6aedc0c1396c934b7fafb673e0cc029b991000000006b483045022100e5da4a9f78ed63cd5c2dfa67ba40710493214984318571427bd806fc6831c68002206e487f9d53d323c8cc72c10496feafa58be3b66242bdca1c3991cbafd252f8e3012103b4d6184f0c3a25ba4edaacf7b311a94869f87d8501d5d9ca2c9cbb0dc1c409ebfeffffff0290b25b070000000017a9141815a4111cbd02fa4d17755d2a5764e6b09b1a648759855116000000001976a914b65efa851b3dbfff005a7aa8d0620b133d87d27688ac00000000 Refund transaction (beb0d86be8d102f5024538364328ead471da98b29a27a7a525502e45728bcdb7): 0200000001aec4717a9106ec742a2be4cc84469f83711c7b50b042a19fc336ffce318fd0ff00000000ce47304402207b980278cf263e3d64d4fb3c4ae14d5cfebd34d8ce48ee208a5eff34da57c319022021023a2c3995003a38ca46ed397559aa1f8445124905f7e2986671eac9004c45012102b6a0684882463dcd9b812424a85f6b253b7d4a8b4b64485e7da8fb66eed2018f004c616382012088a820594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a1060408876a9148e6839431a103352e20491de639eff514a659a4267042305325cb17576a914541fd33cc2409e9cc2a659eb005e7a00cfa1738b6888ac000000000152625907000000001976a914200adfb06b1016330fcc6bf45e18403b74788a6d88ac2305325c Publish contract transaction? [y/N] y Published contract transaction (ffd08f31ceff36c39fa142b0507b1c71839f4684cce42b2a74ec06917a71c4ae)

Bob audits

$ qtumatomicswap -rpcuser=atomic -rpcpass=atomic auditcontract 6382012088a820594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a1060408876a9148e6839431a103352e20491de639eff514a659a4267042305325cb17576a914541fd33cc2409e9cc2a659eb005e7a00cfa1738b6888ac 020000000156c6222b3e502930542d29f02e56f6aedc0c1396c934b7fafb673e0cc029b991000000006b483045022100e5da4a9f78ed63cd5c2dfa67ba40710493214984318571427bd806fc6831c68002206e487f9d53d323c8cc72c10496feafa58be3b66242bdca1c3991cbafd252f8e3012103b4d6184f0c3a25ba4edaacf7b311a94869f87d8501d5d9ca2c9cbb0dc1c409ebfeffffff0290b25b070000000017a9141815a4111cbd02fa4d17755d2a5764e6b09b1a648759855116000000001976a914b65efa851b3dbfff005a7aa8d0620b133d87d27688ac00000000 Contract address: MA6WNfmbWyzUAS78jbg4Avj4iomKBuYq6M Contract value: 1.2345 QTUM Recipient address: QZaxv8Kfyj469aBMGHnXo9eadydk3CVPLm Author's refund address: QUGnzfP3f9VzbgzvjTQUrD77BqzRvBNgzo Secret hash: 594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a106040 Locktime: 2019-01-06 13:39:47 +0000 UTC Locktime reached in 47h45m56s

Bob participates

$ btcatomicswap -rpcuser=atomic -rpcpass=atomic participate 1MLrV4fegYEiZQHhVeAiY2bi7ptdUxXAkr 0.005678 594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a106040 Contract fee: 0.00000264 BTC (0.00001184 BTC/kB) Refund fee: 0.00000351 BTC (0.00001202 BTC/kB) Contract (3HZjVwSARiYGP6VrRF53yBwDLttXW4zpAN): 6382012088a820594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a1060408876a914df23b9da392add0d4d230e8c8ecea2a62d0797156704c5b7305cb17576a914cbc0e41865cd6c90c35df30629bc106de707ed6b6888ac Contract transaction (5984f23230715f7c20163356dce62a4afe0ee476b8567987432fa52758967f0f): 0200000001575468b298b892115bc0cfbc22383a07b605ac6885f89d1c0c98fc22bcc93e4d130000006a47304402200836e0f0d050a6143197bf4cf2aa0d6b1d98603e301b763143e654338e6558f702207ad1ad41cb8e39de4047902c9952902c58111cf8adc135476f2bc1bd99e7f292012102cf81d5df7b8c17a7a624984fa7c97cc16849d1ca4122a4894c2a126d4e54d429feffffff0236181500000000001976a9144691ce0beb3a36ee67630c58a097a22e93406f2088acf8a908000000000017a914ae2163fc069b8616afcf7f6b70bee7657d35490d8700000000 Refund transaction (2a30182d1b08c5d4f7931266e169a75b7cb631bbc43c32f681145df7a8829717): 02000000010f7f965827a52f43877956b876e40efe4a2ae6dc563316207c5f713032f2845901000000cf483045022100cc53e08b3d238ca1ce21a8c4041966cd13710d6c9ed56199354d0f46bfeddfb402204c511d7b86be31c0dabb52fe5c2582871c8b4c3683ea46de018037dbee253f8e012102229b695d92beb1312b0c316e1f0c841c90deccc510994ff14bcea3dfe0873255004c616382012088a820594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a1060408876a914df23b9da392add0d4d230e8c8ecea2a62d0797156704c5b7305cb17576a914cbc0e41865cd6c90c35df30629bc106de707ed6b6888ac000000000199a80800000000001976a914534c747a0ab001b92a0fa57cdd32459b14ed096b88acc5b7305c Publish contract transaction? [y/N] y Published contract transaction (5984f23230715f7c20163356dce62a4afe0ee476b8567987432fa52758967f0f)

Alice audits

$ btcatomicswap -rpcuser=atomic -rpcpass=atomic auditcontract 6382012088a820594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a1060408876a914df23b9da392add0d4d230e8c8ecea2a62d0797156704c5b7305cb17576a914cbc0e41865cd6c90c35df30629bc106de707ed6b6888ac 0200000001575468b298b892115bc0cfbc22383a07b605ac6885f89d1c0c98fc22bcc93e4d130000006a47304402200836e0f0d050a6143197bf4cf2aa0d6b1d98603e301b763143e654338e6558f702207ad1ad41cb8e39de4047902c9952902c58111cf8adc135476f2bc1bd99e7f292012102cf81d5df7b8c17a7a624984fa7c97cc16849d1ca4122a4894c2a126d4e54d429feffffff0236181500000000001976a9144691ce0beb3a36ee67630c58a097a22e93406f2088acf8a908000000000017a914ae2163fc069b8616afcf7f6b70bee7657d35490d8700000000 Contract address: 3HZjVwSARiYGP6VrRF53yBwDLttXW4zpAN Contract value: 0.005678 BTC Recipient address: 1MLrV4fegYEiZQHhVeAiY2bi7ptdUxXAkr Author's refund address: 1KaMFF6XwvJahrohzzDmHzFgMxNuHSBege Secret hash: 594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a106040 Locktime: 2019-01-05 13:57:25 +0000 UTC Locktime reached in 23h55m47s

Alice redeems

$ btcatomicswap -rpcuser=atomic -rpcpass=atomic redeem 6382012088a820594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a1060408876a914df23b9da392add0d4d230e8c8ecea2a62d0797156704c5b7305cb17576a914cbc0e41865cd6c90c35df30629bc106de707ed6b6888ac 0200000001575468b298b892115bc0cfbc22383a07b605ac6885f89d1c0c98fc22bcc93e4d130000006a47304402200836e0f0d050a6143197bf4cf2aa0d6b1d98603e301b763143e654338e6558f702207ad1ad41cb8e39de4047902c9952902c58111cf8adc135476f2bc1bd99e7f292012102cf81d5df7b8c17a7a624984fa7c97cc16849d1ca4122a4894c2a126d4e54d429feffffff0236181500000000001976a9144691ce0beb3a36ee67630c58a097a22e93406f2088acf8a908000000000017a914ae2163fc069b8616afcf7f6b70bee7657d35490d8700000000 5999ed9033b9c10d18c3b8bf1b9f8a126ad5a7a77446521f97a9d523366bc558 Redeem fee: 0.0000039 BTC (0.00001200 BTC/kB) Redeem transaction (1dfc072337d079847fb634ebf7d4a5d51874142dd3bbb958c3556afa1b2fc29c): 02000000010f7f965827a52f43877956b876e40efe4a2ae6dc563316207c5f713032f2845901000000f0483045022100a15b3165defce6994ebdddd2dc83c67032aa40f1095218ed474895135426ea6a02201e0dd886c7d5007b17436261c1e82f881874d2a8c9b1dae0f8b7a851c3eeebd201210274e7945427e4c669c7e8c9440fb694bcce47dccc1af17b997cea0a055040b400205999ed9033b9c10d18c3b8bf1b9f8a126ad5a7a77446521f97a9d523366bc558514c616382012088a820594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a1060408876a914df23b9da392add0d4d230e8c8ecea2a62d0797156704c5b7305cb17576a914cbc0e41865cd6c90c35df30629bc106de707ed6b6888acffffffff0172a80800000000001976a914008d0a620a3cebd41927eaaebb67e541878c4b2a88acc5b7305c Publish redeem transaction? [y/N] y Published redeem transaction (1dfc072337d079847fb634ebf7d4a5d51874142dd3bbb958c3556afa1b2fc29c)

Bob extracts secret

$ btcatomicswap -rpcuser=atomic -rpcpass=atomic extractsecret 02000000010f7f965827a52f43877956b876e40efe4a2ae6dc563316207c5f713032f2845901000000f0483045022100a15b3165defce6994ebdddd2dc83c67032aa40f1095218ed474895135426ea6a02201e0dd886c7d5007b17436261c1e82f881874d2a8c9b1dae0f8b7a851c3eeebd201210274e7945427e4c669c7e8c9440fb694bcce47dccc1af17b997cea0a055040b400205999ed9033b9c10d18c3b8bf1b9f8a126ad5a7a77446521f97a9d523366bc558514c616382012088a820594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a1060408876a914df23b9da392add0d4d230e8c8ecea2a62d0797156704c5b7305cb17576a914cbc0e41865cd6c90c35df30629bc106de707ed6b6888acffffffff0172a80800000000001976a914008d0a620a3cebd41927eaaebb67e541878c4b2a88acc5b7305c 594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a106040 Secret: 5999ed9033b9c10d18c3b8bf1b9f8a126ad5a7a77446521f97a9d523366bc558

Bob redeems

$ qtumatomicswap -rpcuser=atomic -rpcpass=atomic redeem 6382012088a820594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a1060408876a9148e6839431a103352e20491de639eff514a659a4267042305325cb17576a914541fd33cc2409e9cc2a659eb005e7a00cfa1738b6888ac 020000000156c6222b3e502930542d29f02e56f6aedc0c1396c934b7fafb673e0cc029b991000000006b483045022100e5da4a9f78ed63cd5c2dfa67ba40710493214984318571427bd806fc6831c68002206e487f9d53d323c8cc72c10496feafa58be3b66242bdca1c3991cbafd252f8e3012103b4d6184f0c3a25ba4edaacf7b311a94869f87d8501d5d9ca2c9cbb0dc1c409ebfeffffff0290b25b070000000017a9141815a4111cbd02fa4d17755d2a5764e6b09b1a648759855116000000001976a914b65efa851b3dbfff005a7aa8d0620b133d87d27688ac00000000 5999ed9033b9c10d18c3b8bf1b9f8a126ad5a7a77446521f97a9d523366bc558 Redeem fee: 0.00168464 QTUM (0.00519951 qtum/kB) Redeem transaction (10008e0a43a56b19266bcc087785789eb4af75c34f3501fb1caed05b63b11a61): 0200000001aec4717a9106ec742a2be4cc84469f83711c7b50b042a19fc336ffce318fd0ff00000000ef47304402203ac06fb2ca8c5a3ffe89c424df7aa43b4fca57001815f7a48fd93d3c2bc4b58f02205fdc2179cb2db53552e3ada562f89097f9901b18dfb05c581e30cf54e88048fe012103f25b08492e78e32bb637eea3702e7587e7028b5256485b689b8310dac601f47a205999ed9033b9c10d18c3b8bf1b9f8a126ad5a7a77446521f97a9d523366bc558514c616382012088a820594bcc33084211c6607a561dcd3bcfb1a39f049cb4fb760a0d981a6d4a1060408876a9148e6839431a103352e20491de639eff514a659a4267042305325cb17576a914541fd33cc2409e9cc2a659eb005e7a00cfa1738b6888acffffffff0180205907000000001976a914631d44dd763ea361ffb68765f6c6d0aa4dc21a0e88ac2305325c Publish redeem transaction? [y/N] y Published redeem transaction (10008e0a43a56b19266bcc087785789eb4af75c34f3501fb1caed05b63b11a61)

Reference

[1] Atomic cross-chain swaps. https://arxiv.org/pdf/1801.09515.pdf.

[2] The bitcoin lightning network: scalable off-chain instant payments. https://lightning.network/lightning-network-paper.pdf.

[3] Decred atomic swap implementation. https://github.com/decred/atomicswap.

[4] Secto-io atomic swap implementation. https://github.com/secto-io/atomic-swap.

[5] Swap.online atomic swap implementation. https://github.com/swaponline/swap.core.

[6] Swap.online. https://swap.online/.

[7] Atomic wallet. https://atomicwallet.io/.

[8] Qtum atomic swap implementation. https://github.com/qtumatomicswap/atomicswap.

[9] Atomic swaps. https://bitcointechtalk.com/atomic-swaps-d6ca26b680fe.

Contact:

Huo Dong (huodong@pku.edu.cn), Zheng Yi (zhengyi@qtum.org)