atomic file swaps

1. never mind, just use 2-2 multisig with some collateral put in by provider and more by payer, both lose if both aren't happy
2.  
3. by not grabbing rebate, A can avoid paying in old design
4.  
5. Let's say A read on a forum that a file that has a specific public hash of a hash "H(H())" is really good and wants to buy it
6. (to compensate for bandwidth used or for content itself, same thing).
7. B claims to have the file to match that H(H())
8.  
9. # [b]Issue[/b]:
10.  
11. A can't just pay first because B can just not deliver file.
12. B can't just send file first because A can never pay and bandwidth ain't free.
13.  
14. # [b]Solution[/b]:
15.  
16. H() = hashing function, e.g. SHA256 like in OP_SHA256
17. <A priv> = A's private key
18. <B pub> = B's public key
19.  
20. B commits to delivery of file matching H(H(file)) on blockchain w/ locked rebate for X days to act as deterrent for sybil false claims.
21. A locks payment to B in contract that requires A to claim the rebate
22. A has incentive to claim rebate once A has the file
23. Claiming rebate reveals A's secret which lets B get paid
24.  
25. <A priv> has H(H(file)), <B pub>, and secret.
26. <B priv> has file, <A pub>, and H(secret)
27. Alloted time for trade is X days
28. Commitment to deliver is Y coins locked up by B
29. File price is Z-Y coins
30.  
31. B stores rebate in tx1
32. output type: p2sh (pay to script hash)
33. value: Y coins
34. output unlock requires: "rebate"[sig match <A pub>,  H(file) match H(H(file)), secret match H(secret)] or "refund"[over X time has passed, sig match <B pub>]
35.  
36. A stores payment in tx2
37. value: Z coins
38. output unlock requires: "payment"[sig match <B pub>, secret match H(secret)] or "refund"[over X time has passed, sig match <A pub>]
39.  
40. # [b]Effect[/b]:
41.  
42. - hash match guarantees the file is exact same as publicly reviewed file
43. - B cannot spend tx2 without knowing A's secret
44. - A cannot spend tx1 without knowing H(file)
45. - A claiming rebate lets B get paid
46. - If either doesn't like something, both can wait out X time and get money back
47. - If A never claims rebate after getting file, B gets paid Z instead of Z-Y
48. - B providing just H(file) to A doesn't break anything since entire point is A wants to get it
49. - Even H(file) leaking to A not big deal since A grabbing "refund" reveals secret so B can grab a larger "payment" or wastes time of both
50.  
51. Only when A knows secret and file can A get Y coins back, but reveals secret to B in process (net sum = -Z+Y coins)
52. B can use that secret to take the payment of 2 coins (net sum = +1 coin)
53. If B simply reveals H(file) and not file, A has no reason to claim 1 coin when they would lose 2 and would just wait it out
54. If file never provided, each output has additional condition to allow withdrawal after X time.
55.  
56. Q1: how to avoid using off-chain communication? like avoiding <B pub> in rebate so address to monitor for commits is predictable for A instead of relying on off chain communication?
57. - Could add second output with OP_RETURN <B pub>. A could monitor tx w/ OP_RETURN H(H(file)) <B pub> and then be able to verify B in fact used the right p2sh script. A's request for file could also be done with OP_RETURN by providing a marker like "filereq", H(H(file)) of file A wants, X, Y, and Z.
58.  
59. Q2: subatomic swaps for files make this useless? merkle tree of file data with root used for identification. can pay for fragments of files with inclusion proofs that it's correct so never risk entire payment and can use lightning network. if content fragments are in sequence, would work on paying for streaming real time. downside is public communication is difficult to signal request or providers and can lose a little on a single payment vs losing it on neutral fees on-chain.
60.  
61. good idea? bad idea? wrong forum for this discussion? been wondering why not use files as secrets in atomic swaps, but since files are too big for blockchains, hash of file works similar.