Adapter Signatures and Their Applications in Cross-Chain Atomic Swaps

With the rapid development of Bitcoin Layer 2 scaling solutions, the frequency of cross-chain asset transfers between Bitcoin and Layer 2 networks has significantly increased. This trend is driven by the higher scalability, lower transaction fees, and high throughput provided by Layer 2 technology. These advancements facilitate more efficient and cost-effective transactions, thereby promoting the broader adoption and integration of Bitcoin in various applications. Consequently, interoperability between Bitcoin and Layer 2 networks is becoming a key component of the cryptocurrency ecosystem, driving innovation and providing users with more diverse and powerful financial tools.

There are three typical solutions for cross-chain transactions between Bitcoin and Layer 2: centralized cross-chain transactions, BitVM cross-chain bridge, and cross-chain atomic swaps. These three technologies differ in terms of trust assumptions, security, convenience, transaction limits, and can meet different application needs.

The advantages of centralized cross-chain trading lie in its speed and relatively easy matching process. However, the security of this method completely depends on the reliability and credibility of the centralized institution. If the centralized institution encounters technical failures, malicious attacks, or defaults, users' funds face a higher risk. Additionally, centralized cross-chain trading may also leak user privacy, requiring users to consider this method carefully.

The BitVM cross-chain bridge technology is relatively complex. This technology introduces an optimistic challenge mechanism, making it relatively complicated. Additionally, the optimistic challenge mechanism involves a large number of challenge and response transactions, resulting in higher transaction fees. Therefore, the BitVM cross-chain bridge is only suitable for large transactions and is used infrequently.

Cross-chain atomic swaps are contracts that enable decentralized cryptocurrency trading. Atomic swaps must involve two parties, and no third party can interrupt or interfere with the swap process. This means that the technology is decentralized, censorship-resistant, has better privacy protection, and can achieve high-frequency cross-chain trading, making it widely used in decentralized exchanges.

Cross-chain atomic swap technology mainly includes hash time locks and adapter signatures. The cross-chain atomic swap based on hash time lock ( HTLC ), although a significant breakthrough in the field of decentralized exchange technology, has privacy leakage issues. The cross-chain atomic swap based on adapter signatures has three advantages: it replaces on-chain scripts, reduces on-chain space usage, and achieves privacy protection.

This article firstly introduces the principles of Schnorr/ECDSA adapter signatures and cross-chain atomic swaps. Then, it analyzes the security issues of random numbers in adapter signatures and the problems of system heterogeneity and algorithm heterogeneity in cross-chain scenarios, providing solutions. Finally, it expands the application of adapter signatures to achieve non-interactive digital asset custody.

In terms of the random number problem, Schnorr/ECDSA adapter signatures commit to the random numbers in their pre-signatures. If the random numbers are leaked or reused, it can lead to the leakage of the private key. Therefore, RFC 6979 should be used to address the issue of random number reuse. RFC 6979 eliminates the need to generate random numbers by deterministically deriving k from the private key and the message to be signed.

In cross-chain scenarios, it is necessary to consider the heterogeneity issue between UTXO and account model systems. Bitcoin uses the UTXO model and implements native ECDSA signatures based on the Secp256k1 curve. Bitlayer, being an EVM-compatible Bitcoin L2 chain, adopts the account model. The adapter signature implements the logic required for BTC exchanges, while the counterpart for Bitlayer exchanges is supported by the functions of Ethereum smart contracts. Additionally, it is important to consider the situation of different algorithms on the same curve, as well as the security issues of adapter signatures when the curves differ.

Finally, this article introduces a non-interactive digital asset custody application based on adapter signatures. This application involves three participants: the buyer, the seller, and the custodian, and is capable of instantiating a subset of threshold spending strategies without interaction. The article also briefly introduces the cryptographic primitive of verifiable encryption, including two implementations: Purify and Juggling.

Adapter signature technology provides new possibilities for cross-chain atomic swaps, with better privacy protection and higher efficiency. However, in practical applications, issues such as random number security and system heterogeneity still need to be considered. Future research can further explore the application of adapter signatures in more cross-chain scenarios, as well as how to optimize their performance and security.