One major advantage of PTLCs over HTLCs for atomic swaps is that there is no direct on-chain linkage of paired PTLCs. However, as with anything related to privacy, heuristics and correlation of metadata such as timing can link txs with high degree of confidence. The privacy of a single PTLC thus depends on the existence of other PTLCs; the greater the anonymity set the better.
Here are some ideas, used together, to get full advantage of PTLCs.
(For the sake of this discussion, we will assume that the increased plasma requirements are not a problem.)
Externally, only use standard sends when the desired outcome is a public payment between two known addresses. Internally, only use standard sends for organizing funds between accounts that are already correlated.
If seeking to create a new on-chain identity, when sending funds to a new address, always use a PTLC. This is only effective when other metadata is not correlated. Need to have wallet features to disable auto-receiving, and to help the user collect rewards at different times. Random pillar delegation selection. With a big enough anonymity set, this is much better than say sending to a Cex and withdrawing.
When sending funds to other users, send PTLCs to each other. This is similar to Bitcoin’s concept of coinjoins. If you want to send a user 5 ZNN, instead create a PTLC sending them 10 ZNN, and they will create a PTLC sending you 5. These are actually more private than coinjoins because all ptlcs contribute to the anon set of all other ptlcs within a certain timespan.
Add randomness by default to timing parameters to prevent correlation.
Prefer disposable BIP340 point types even for ZTS-ZTS swaps, to increase the anonyminity set of cross chain swaps with btc.
I might refactor the PTLC embedded to have an account model where PTLCs can be created and unlocked within the embedded contract without needing to withdraw to a zenon address. This can enable high plasma accounts to better take advantage of the proxy unlock feature and greatly increase the number of PTLCs for greater anonymity set.
As with the HTLCs, I wanted to create a tutorial for PTLCs. But as I started to understand it better, it wasn’t that easy to implement directly it in CLI.
PTLCs require much more coordination between both parties, a trusted party is needed to facilitate the communication. To avoid making the entire project too complex, I created a demo instead.
It demonstrates a single chain atomic swap using PTLCs on the Zenon Network. The repository has a sequence diagram showing all the steps involved. Following the instructions one can execute it running a local devnet with PTLC support.
It’s a first working example written in Go. More research is needed to add other and alternative use cases to the repo. Such as a cross chain atomic swap between znn and btc for example.
I hope this helps the community understand PTLCs better and that it helps us getting a step closer to successfully implement PTLCs on NoM.
Brilliant!
IIRC, you were the first to start understanding and building off of HTLCs as well.
As you noted, collaborative PTLC constructions are a bit more involved.
Figuring out how to make this available to users will require some thought.