(please excuse the length of this post..)
Currently there is an issue with ACCT.
You can't lose your coins, but it is very easy for a user to pull out of a trade, before it is complete, and just have both users keep their original coins. The 'Jamming'..
Many of us have come to the conclusion that some kind of central server, that still cannot steal your coins, could be used to help in the transaction.
..
Alex has 1 BTC, and wants to trade with BOB who has 100 LTC. (or whatever)
The Current Method :
2) Alex create a TXN that pays out 1 BTC to BOB, if he can provide the pre-image of a hash, that currently only Alex knows. There is also a refund element that allows Alex to reclaim the coins at some point in the future, lets say 24hrs later.
3) Alex posts this TXN, and BOB now has to wait for it to be 'fully' confirmed. He cannot publish his txn until this has happened.
4) Once the previous txn has cleared, Bob knows that if he knows the pre-image of a certain hash, he -AND ONLY HE- can claim the BTC. (until 24 hrs is up)
5) Bob creates a txn that pays out 100 LTC to Alex, if he can provide the pre-image of the same hash as his txn. This way when Alex claims his LTC, Bob can claim his BTC. (with refund bits etc..)
6) Bob posts his txn, and Alex now has to wait until it is fully confirmed, before he claims his prize, the LTC. Thus revealing the pre-image, and allowing Bob to claim his BTC.
There is no guarantee that Bob will publish his txn, as the price may have gone down, and if that happens both parties just get their coins back.
There is no guarantee that Alex will infact claim the LTC, by revealing the pre-image, as the price may have shot up!, and if that happens both parties just get their coins back.
..
To force Alex to reveal his pre-image I propose another txn be published.
Alex creates a txn that pays Alex say 5% of the original trade value, if he reveals the pre-image. And if he does not, after X amount of time, Bob can claim these coins. Lets call this the 'Hash-Force' (HF) txn.
SO in this case Alex would create a txn that pays 0.05 BTC to Alex(himself) if he reveals the pre-image, and using CLTV, after a few hours Bob can also claim those funds, if they have not been claimed already.
This would force Alex to either publish the pre-image, by claiming the coins, or not publishing and letting Bob take the 5% fee. An adequate recompense for not going through with the whole trade.
..
Now the tricky bit.
Alex of course CANNOT publish the HF txn until he is sure that Bob's txn has cleared, as otherwise he would have his original txn and his HF txn out in the wild and Bob would be able to either claim the original 1 BTC, or the 5% HF txn, without paying any LTC. Also there is little point to having the HF txn if he does wait as he may aswell just claim the original LTC coins, thus revealing the preimge that way, or not publishing anything anyway.
..
Let's bring in a central server. SERV.
New Method :
1) SERV, Alex and Bob, all generate a random string, S, A, B, and then hash it. These are H(S), H(A), and H(B). The pre-images are kept secret.
2) SERV asks BOTH Alex and Bob to send it a very specific txn.
Alex sends a BTC txn:
<txn>
<1 BTC output>
<PAYOUT If signed by Bob and A in H(A) and B in H(B)>
OR
<PAYOUT If CLTV is 24hrs in the future and signed by Alex>
</output>
<0.05 BTC output>
<PAYOUT if signed by Alex and A in H(A)>
OR
<PAYOUT If CLTV 2 hours in the future and signed by Bob and S in H(S)>
</output>
</txn>
Bob sends an LTC txn:
<txn>
<100 LTC output>
<PAYOUT If signed by Alex and A in H(A) and B in H(B)>
OR
<PAYOUT If CLTV is 24hrs in the future and signed by Bob>
</output>
<5 LTC output>
<PAYOUT if signed by Bob and B in H(B)>
OR
<PAYOUT If CLTV 2 hours in the future and signed by Alex and S in H(S)>
</output>
</txn>
Notice that the HF txn cannot be claimed by the other party, unless they know S in H(S). Which only the server knows.
3) Once the server has received BOTH txns, it publishes them. Both.
4) Once BOTH txns have cleared and are confirmed, the server shares the preimage of H(S), S, with both parties. Now both users HAVE to claim their HF txn, or lose the coins, and thus enable the whole trade to go through.
If BOTH txns do not clear the server does not reveal the S in H(S). Deletes it. This way noone can claim the HF, except the original author, and both parties just get their coins back.
If both txns clear, then the first one to claim their HF txn, reveals the preimage they know and allows the other party to claim their prize, aswell as their HF txn, and thus allow them both to claim their coins.
The 'Jamming' issue has now been relegated to one point, only at the very beginning, where one party could try and double spend their coins before they clear. In this case, and not knowing S in H(S), both parties would just get their coins back.
If either party does not provide their txn at the beginning, then neither txn is published, and no coins are jammed. It would be almost instant for the users to provide these TXNs, so if someone fails to do it, the server can just kick them out and move to the next user.
..
The Issue :
Everything works, EXCEPT if the server gets hacked. Then it is possible for one party to claim the HF txn, as they will know the S in H(S), and make sure that their txn is not published.
It is still not possible to steal the actual trade funds.
..
I am not sure if this can ever be made 100% atomic/safe.. can anyone think of anything (S in H(S) done differently)?
Making the HF txn 1% may make it less annoying (the server would have to be hacked after all, so I don't see this as a common occurrence..), but it's still not right..
Anyone ?
