Number: HIP-0004
Title: Interactive Atomic Name Swaps
Type: Standards Track
Status: Draft
Authors: Matthew Zipkin <pinheadmz@gmail.com>
Created: 2021-02-08
We define a protocol by which two Handshake users can agree on a price for a HNS domain name, and swap the name itself for payment in HNS using a single transaction. The buyer and seller must be able to interact before and during the protocol, and the final transaction is signed by both parties.
HNS users need a decentralized, platform-less way to sell the domain names they've acquired form on-chain auctions. They need to be able to engage in trustless commerce without third-party custodians to ensure censorship resistance and protect against weak points of centralization.
- Alice owns a name and agrees to sell it to Bob for a certain price (they communicate any way possible, not on-chain)
- Bob sends Alice an address to receive the name
- Alice signs and broadcasts a TRANSFER covenant committing to Bob's address
- At this point, Alice still unilaterally owns the name
- Bob can see the TX on the blockchain (so can everyone) and confirm his address is in the covenant
- At any time before the FINALIZE is broadcast, Alice can CANCEL the transfer
- Bob can see this CANCEL on chain (back to step 1)
- No money or name is lost by either party if Alice decides to CANCEL, just the two mining fees so far spent by Alice
- After 288 blocks a FINALIZE is valid, and is constructed cooperatively by both parties
- Alice can complete her end of the protocol at any time, but Bob can not broadcast the FINALIZE until after 288 blocks
- Alice may decide to CANCEL if Bob doesn't complete the FINALIZE within a certain time
- This is not enforced by the blockchain, it's just something Alice can do, and should warn Bob about it in step 1
- Alice constructs and partially signs a FINALIZE that sends value to her own receive address, and consumes the TRANSFER covenant as an input
- This requires
SIGHASH_ANYONECANPAY | SIGHASH_SINGLEREVERSEso that Bob can still add funds
- This requires
- Alice sends the serialized, partially-signed FINALIZE to Bob as a hex string
- Bob decodes the blob, and verifies what he can
- His address is in the TRANSFER covenant and the FINALIZE output is valid
- Alice's signature is valid, and the value output to her address is the agreed price
- Bob adds funds to the TX inputs and adds a change output if necessary
- Bob signs his inputs with
SIGHASH_ALL - Bob broadcasts the final transaction
- This action transfers the money to Alice and the name to Bob in the same TX
- Once this TX is confirmed, no rollback of the swap is possible