BSV
$53.59
Vol 32.71m
-4.71%
BTC
$96416
Vol 46807.31m
-2.03%
BCH
$453.2
Vol 385.16m
-3%
LTC
$100.89
Vol 898.52m
-1.76%
DOGE
$0.31
Vol 5694.41m
-6%
Getting your Trinity Audio player ready...

This post originally appeared on Medium as part of a three-part series on Bitcoin smart contracts, and we republished with permission from Xiaohui Liu. Read part 1 here.

Fair coin toss without deposit

In the previous article, we generalize Bitcoin smart contracts to include optional off-chain validation part, besides the conventional on-chain part consisting of Bitcoin Script. We applied the concept on a fully on-chain coin toss, by disincentivizing parties from aborting using deposit.

In this article, we implement an alternative contract for achieving fair coin toss as developed in reference¹. It acts as another example of how to design such hybrid smart contracts with on-chain and off-chain parts. Smart contract is defined as a protocol where distrusting parties can transact per their mutual agreement securely, without a trusted third party. Security depends on the specific contract and can usually include properties such as: 1) honest parties who follow the contract/protocol should never lose their money; 2) dishonest parties who deviate must be detected and can optionally be penalized financially.

Fair coin toss without deposit

TX Graph
Tx graph

The new contract consists of the following lock steps:

  1. Alice and Bob exchanges public keys, locktime t and hash of secret numbers/nonces with each other.
  2. Bob creates Tx0. With txid of Tx0, he also creates Tx1. He gives it to Alice. He does not sign it yet, otherwise Alice would know his secret.
  3. Alice signs Tx1 and returns it to Bob.
  4. Bob signs and adds his secret. Now Tx1 is complete, he creates Tx3 and hands it to Alice.
  5. Alice signs it and returns to Bob, who broadcasts Tx0 and Tx1. Alice now knows Bob’s secret in Tx1.
  6. Alice sends her secret to Bob and whoever wins take the bet as in the original coin toss contract. If she does not share her secret before t, Bob can sign and broadcast Tx3 to take the bet.

In each step after 2, each party validates transactions off-chain locally and aborts if validation fails. These validations include: signature, t, secret hash and txid match. The contract is secure because Bob must reveal his secret to create Tx1. Alice must also do so, otherwise Bob will win by broadcasting Tx3.

The HashLock contract in Tx0 is shown below:

The HashLock contract in Tx0
Contract HashLock

The CoinToss contract in Tx1 is the same as before, except that a function forfeit() is added.

New Contract CoinToss
New Contract CoinToss

***

[1] Secure Multiparty Computations on Bitcoin · Marcin Andrychowicz, Stefan Dziembowski, L. Mazurek. 2014 IEEE Symposium on Security and Privacy

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
December 13, 2024
Advertisement
Advertisement
Advertisement