[bisq-network/proposals] Off-chain trading using a lightning network of BTC & tainted BSQ (#312)

chimp1984 notifications at github.com
Fri Feb 12 04:52:52 CET 2021 

Thanks a lot @stejbac for those excellent ideas!

To better understand your proposal I wrote down for myself the basics. I hope I interpreted it correctly, if not please correct me. I will share it here maybe it is helpful for other readers.

A taint tx creates (a) pair(s) of equal valued Tainted BSQ (TBSA) and anti-tainted BSQ (ATBSQ). 
OpReturn marks tx type and carries metadata about trade context (TAG) and destruction block height (DBH). 
To convert them later back both types need to be present in same value, TAG and DBH. 

Example tx (ignoring BTC for miner fees):
Input: 1000 BSQ
Ouput 1: 500 BSQ -> Tainted BSQ (TBSQ)
Ouput 2: 500 BSQ -> Anti-Tainted BSQ (ATBSQ) (same output value)

TBSQ and ATBSQ can be transferred like normal BSQ with some restrictions.  TBSQ or ATBSQ are not valueable as BSQ and would not be accepted in a BSQ/BTC trade. Transfer is used between traders and escrow and in LN channel hops.
If they get transferred the TAG is found in the taint tx originating the txos. Only ABSQ or ATBSQ with same TAG and DBH can be combined in a tx.

Un-taint tx example:
Input 1: 500 ABSQ
Input 2: 500 ATBSQ (same TAG, DBH as in Input 1)
Output: 1000 BSQ (clean)


How are they used for the trade protocol:

Alice is BTC buyer. We ignore security deposits and fees. We assume 10k USD = 10k BSQ = 1 BTC to keep numbers simple.
TBSQ =  tained BSQ
ATBSQ = anti tainted BSQ
BSQ = normal clean BSQ
Alice buys 1 BTC from Bob for 10k USD using Carol for borrowing the BSQ bond.

### Happy trade path

State 1:
Alice: 0 BTC, 10k USD
Bob: 1 BTC, 0 USD
Carol: 0 BTC, 40k BSQ

Transition 1: 
Atomic Taint tx with BTC bond payment from traders to Carol in exchange to a BSQ bond

Input 1: 40k BSQ from Carol
Input 2: 1 BTC from Alice
Input 3: 1 BTC from Bob
Output 1: 10k TBSQ to Alice
Output 2: 10k TBSQ to Bob
Output 3: 20k ATBSQ to Carol
Output 4: 2 BTC to Carol
OpReturn marking it as taint tx with trade meta data as TAG and DBH


State 2:
Alice: 0 BTC, 10k USD, 10k TBSQ 
Bob:  0 BTC, 0 USD, 10k TBSQ 
Carol: 2 BTC, 20k ATBSQ

Transition 2 (Alice send USD):
Alice sends 10k USD to Bob

State 3:
Alice: 0 BTC, 0 USD, 10k TBSQ 
Bob:  0 BTC, 10 USD, 10k TBSQ 
Carol: 2 BTC, 20k ATBSQ

Transition 3 (Bob confirms USD receipt, atomic refund tx):
Un-tain tx and refund of BTC to traders and BSQ bond to Carol.

Input 1: 10k TBSQ from Alice to Carol
Input 2: 10k TBSQ from Bob to Carol
Input 3: 1 BTC from Carol to Alice
Input 4: 1 BTC from Carol to Bob
Input 5: 20k ATBSQ from Carol
Output 1: 40k BSQ to Carol
Output 2: 1 BTC to Alice
Output 3: 1 BTC to Bob

State 4:
Alice: 1 BTC, 0 USD, 0 TBSQ 
Bob:  0 BTC, 10 USD, 0 TBSQ 
Carol: 0 BTC, 40k BSQ



### Not happy paths

Case 1:
Alice never sends USD, Bob requests refund. Alice lose her sec. deposit if she cooperates otherwise case 3. The sec. deposit was not modelled above but would be 15% of trade amount.

Case 1:
Bob did not confirm receipt. Alice requests refund. Bob lose his sec. deposit if he cooperates otherwise case 3.

Case 3:
A Trader do not refund TBSQ:
Carol do not refund the BTC and will burn the ATBSQ rendering the TBSQ of the trader worthless (and get invalidated at the destruction block hight). Carol cannot convert back the ATBSQ so she burns that as well and request refund 10K BSQ (for 1 trader) - she keeps 1 BTC for the loss of 10k BSQ

Case 4:
Carol does not refund BTC:
Traders burn TBSQ and get a DAO refund in BSQ. Alice has lost 40k BSQ (double the 2 BTC) as she cannot use the 20k ATBSQ and those get invalidated at the destruction block hight


I think the high capital requirement for Carol (4 times the trade amount if I understand it correctly) might become a problem for larger trades and volume. Currently we have about 0.5M USD volume per day, assuming average settlement time is 1 day that means 2M USD in BSQ need to be available for bonds. That is about 25% of current BSQ available. Settlement times would be much faster if we manage to automate altcoin trades (essentially XMR as thats 70-90% of total volume). Pure fiat volume is then only 20-30% so the required total capital for bonds would become much less. 
Of course the demand for bonds will drive up BSQ price so that could mitigate the issue as well. 

I think for altcoins we also can take benefit from the fast and cheap tx options in LN and try to do micropayment style trades if altcoin miner fee costs permit that.
E.g. If one wants to trade 2 BTC for XMR that would be very expensive for bonding (180k USD equivalent BSQ). But if the trade gets automated and split in 10 small trades and each settles quite fast (altcoin confirm time is bottleneck) the required liquidity is much lower as one completed trade free up BSQ capital. Also volatility risks with burned and reimbursend BSQ need to be considered and is a open problem with current protocol.

I am not sure if Carol could be considered a financial intermediary. At least she could run away with the BTC and then make the traders depen on the DAO to get reimbursed. I think that is worse then current burning man problem as the BM cannot trigger that the traders send the funds to the donation address as long he is not part of the trade.

I have not though more about the case that Alice (or Bob) plays the role of Carol.
If we can find a way to avoid Carol and instead solve the problem that the traders need a high amount of BSQ for the bond by providing a trustless lending service, I think the legal risks that Carol could be interpreted as partizipant in the trade would get reduced. 
It also would make clear that providing capital comes with costs and if traders dont want to pay for that by paying interest rate for the loan they can get BSQ themself.
If it is not possible to remove the role of Carol maybe it can be modelled as a bot or if possible as smart contract. The input to the bot/contract if there is no cooperative outcome would be provided by a mediator/arbitrator both traders would agree on to accept their judgement in case of a dispute. As the mediator has no access/control to the funds at all but only the power to trigger that funds get burned this should be more safe. Thought how can a bot/contract get the DAO reimbursement...


I will need more time to understand the second idea, specially the required garbled circuits.

I think the ideas your presented here are a huge step further to a secure off-chain protocol. 
It would be great if we could find a solution which avoids a custom LN fork as that comes with a huge development challenge and well as the difficulty to bootstrap the network and well might have different security concerns than the standard LN because of the special use case in the context of an exchange with potentially large volumes. 


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/proposals/issues/312#issuecomment-777951412
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20210211/b419f470/attachment.htm>

More information about the bisq-github mailing list