How segwit changes TumbleBit

Nicolas Dorier
Jul 24, 2017 · 2 min read

You can see more details on the wiki, but in a nutshell, here is how Alice’s escrow was consumed in TumbleBit Tumbler Mode.

Long story short, if the Tumbler and Alice are cooperative, then, only Client Escrow and Client Escape would appear on the chain.

The problem is, Client LockTime was leaking an information: This Client LockTime is a well known public information chosen by a tumbler.

This basically means that some third party could know if you were using a Tumbler.

As you can see above, the Client LockTime condition of the Client Escrow is necessary in case of uncooperative Tumbler, so that Alice can get back her money with Client Redeem or Client Offer Redeem.

One solution to get rid of Client LockTime is for Alice to ask the tumbler to sign Client Redeem and Client Offer Redeem in time locked Transaction (using nLockTime transaction’s field), and use plain old multisig 2–2 for Client Escrow. Once Alice receives signed redeems, she would be able to broadcast Client Escrow.

The problem is, because of malleability issues, a miner could malleate Alice’s transaction so to make Client Redeem or Client Offer Redeem invalid.
If that would happen, the Tumbler can ransom attack Alice.

Here come segwit… Segwit makes third party malleability impossible. Which mean that Alice is sure that Client Redeem and Client Offer Redeem can’t be invalidated.

Conclusion

So what is the big deal? Now, Tumbler transactions look like classic 2–2 multi sig. The second big deal, is that since all those transactions will use segwit, the fees will be lower. Back of the calculation gives me 40% saving.

Last and not the least. On the pre-segwit TumbleBit model, Alice could not sign ahead of time Client Redeem and Client Offer Redeem. Which mean that she had to be online herself, to monitor that the Tumbler behave the right way to sign and broadcast the redeems just on time.

With malleability fixed, Client Redeem and Client Offer Redeem can be signed ahead of time and potentially given to a third party service who will broadcast them for you in case the Tumbler becomes unresponsive.

Welcome Segwit, this had been a bumpy road, but this will make Bitcoin Great Again! :)

Nicolas Dorier

Written by

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade