RFP-003: Atomic Swaps with LEZ#21
Conversation
hackyguru
left a comment
hackyguru
left a comment
There was a problem hiding this comment.
this looks solid already. i suggest we merge this, we should already be able to get some proposals/feedback for this externally
|
|
||
| #### Performance | ||
|
|
||
| 1. Document the compute unit usage for each LEZ program operation (initialise escrow, |
There was a problem hiding this comment.
good point. my earlier investigation indicated that it might be really expensive to run adaptor-based sig schemes in zkVM
There was a problem hiding this comment.
Can you provide more details, see if having a precompiled program would be a solution of some sort?
There was a problem hiding this comment.
Cross-posting from the Discord thread: The cost difference comes down to the cryptographic operations involved. I understand the math of the cryptographic sigs involved in adaptor signs at a very high level right now.
For HTLCs, the only operation inside the zkVM is a SHA-256 hash - compute SHA256(preimage) and compare. SHA-256 has a dedicated accelerated circuit in Risc0, so it costs ~thousands of cycles (milliseconds to prove).
For adaptor signatures, instead of a hash check, we'll be doing multiple elliptic curve scalar multiplications - heavy 256-bit math on curves like secp256k1/ed25519. A single ECDSA verify costs ~5M cycles without acceleration, 870K with it (https://github.com/risc0/risc0/blob/release-3.0/examples/ecdsa/k256/README.md)). A full adaptor sig protocol needs 3-4x that (2-4M cycles even with acceleration).
On precompiles: Risc0 seems to offer accelerated crates (k256, curve25519-dalek) that speed up individual EC operations ~5-10x but these accelerate the building blocks, not the full protocol - there's no "adaptor signature" precompile in any zkVM. Building one would mean designing custom STARK circuits
I'm not an expert at writing circuits at all but looking at this PR that adds acceleration for EC operations, it was 30+ commits over weeks by a core ZK-engineer
There was a problem hiding this comment.
|
|
||
| ### General | ||
|
|
||
| - [eth-lez-atomic-swaps](https://github.com/logos-blockchain/eth-lez-atomic-swaps) — ETH–LEZ HTLC-based swap (reference implementation and LEZ program structure) |
There was a problem hiding this comment.
| - [eth-lez-atomic-swaps](https://github.com/logos-blockchain/eth-lez-atomic-swaps) — ETH–LEZ HTLC-based swap (reference implementation and LEZ program structure) | |
| - [eth-lez-atomic-swaps](https://github.com/logos-co/eth-lez-atomic-swaps) — ETH–LEZ HTLC-based swap (reference implementation and LEZ program structure) |
|
|
||
| Build a unified atomic swap application that enables trustless, non-custodial exchanges | ||
| between LEZ and three major chains: **Bitcoin**, **Monero**, and **Ethereum**. The LEZ | ||
| side is implemented as a Risc0 guest program that locks funds contingent on the appropriate cryptographic proof for each chain. A reference implementation for ETH–LEZ swaps already exists ([eth-lez-atomic-swaps](https://github.com/logos-blockchain/eth-lez-atomic-swaps)); |
There was a problem hiding this comment.
| side is implemented as a Risc0 guest program that locks funds contingent on the appropriate cryptographic proof for each chain. A reference implementation for ETH–LEZ swaps already exists ([eth-lez-atomic-swaps](https://github.com/logos-blockchain/eth-lez-atomic-swaps)); | |
| side is implemented as a Risc0 guest program that locks funds contingent on the appropriate cryptographic proof for each chain. A reference implementation for ETH–LEZ swaps already exists ([eth-lez-atomic-swaps](https://github.com/logos-co/eth-lez-atomic-swaps)); |
| stagenet node options. | ||
| 10. Provide step-by-step documentation for configuring an **Ethereum Web3 RPC | ||
| provider** for Sepolia testnet. All Ethereum interactions in the application must | ||
| use the existing [Logos Ethereum module](https://github.com/logos-blockchain/logos-execution-zone/); |
There was a problem hiding this comment.
this is the link to LEZ. not sure where the Ethereum module lives
| on-chain scripting. | ||
| 4. Trustless swaps between LEZ and **Ethereum** are supported using HTLCs or adaptor | ||
| signatures. Ethereum interactions must use the **Logos Ethereum module**. | ||
| 5. The LEZ escrow program (Rust, Risc0) locks funds contingent on the appropriate |
There was a problem hiding this comment.
LEZ escrow lock is two transactions: LSSA programs can't debit accounts they don't own, so you must transfer funds to the escrow PDA first, then call Lock to set the HTLC rules. A crash between the two leaves funds unprotected. Unlike Ethereum's payable lock() which is atomic, this isworth flagging in the RFP for people unfamiliar with LSSA.
There was a problem hiding this comment.
I would assume then that the design needs to be changed? can't you Lock first and then move funds?
fryorcraken
changed the title
fryorcraken
force-pushed
the
atomic-swaps
branch
from
249441c to
2e78438
Compare
3 participants
No description provided.