This post originally appeared on Medium as part of a three-part series on Bitcoin smart contracts, and we republished with permission from Xiaohui Liu. Read part 1 here.
Fair coin toss without deposit
In the previous article, we generalize Bitcoin smart contracts to include optional off-chain validation part, besides the conventional on-chain part consisting of Bitcoin Script. We applied the concept on a fully on-chain coin toss, by disincentivizing parties from aborting using deposit.
In this article, we implement an alternative contract for achieving fair coin toss as developed in reference¹. It acts as another example of how to design such hybrid smart contracts with on-chain and off-chain parts. Smart contract is defined as a protocol where distrusting parties can transact per their mutual agreement securely, without a trusted third party. Security depends on the specific contract and can usually include properties such as: 1) honest parties who follow the contract/protocol should never lose their money; 2) dishonest parties who deviate must be detected and can optionally be penalized financially.
Fair coin toss without deposit
The new contract consists of the following lock steps:
In each step after 2, each party validates transactions off-chain locally and aborts if validation fails. These validations include: signature, t, secret hash and txid match. The contract is secure because Bob must reveal his secret to create Tx1. Alice must also do so, otherwise Bob will win by broadcasting Tx3.
The HashLock contract in Tx0 is shown below:
The CoinToss contract in Tx1 is the same as before, except that a function forfeit() is added.
***
[1] Secure Multiparty Computations on Bitcoin · Marcin Andrychowicz, Stefan Dziembowski, L. Mazurek. 2014 IEEE Symposium on Security and Privacy
Source: Read Full Article