Paper 2022/1650

LightSwap: An Atomic Swap Does Not Require Timeouts At Both Blockchains

Philipp Hoenisch, CoBloX Pty Ltd, Australia
Subhra Mazumdar, TU Wien, Austria, Christian Doppler Laboratory Blockchain Technologies for the Internet of Things Vienna, Austria
Pedro Moreno-Sanchez, IMDEA Software Institute, Madrid, Spain
Sushmita Ruj, School of Computer Science and Engineering, University of New South Wales, Sydney Australia

Security and privacy issues with centralized exchange services have motivated the design of atomic swap protocols for decentralized trading across currencies. These protocols follow a standard blueprint similar to the 2-phase commit in databases: (i) both users first lock their coins under a certain (cryptographic) condition and a timeout; (ii-a) the coins are swapped if the condition is fulfilled; or (ii-b) coins are released after the timeout. The quest for these protocols is to minimize the requirements from the scripting language supported by the swapped coins, thereby supporting a larger range of cryptocurrencies. The recently proposed universal atomic swap protocol [IEEE S&P’22] demonstrates how to swap coins whose scripting language only supports the verification of a digital signature on a transaction. However, the timeout functionality is cryptographically simulated with verifiable timelock puzzles, a computationally expensive primitive that hinders its use in battery-constrained devices such as mobile phones. In this state of affairs, we question whether the 2-phase commit paradigm is necessary for atomic swaps in the first place. In other words, is it possible to design a secure atomic swap protocol where the timeout is not used by (at least one of the two) users? In this work, we present LightSwap, the first secure atomic swap protocol that does not require the timeout functionality (not even in the form of a cryptographic puzzle) by one of the two users. LightSwap is thus better suited for scenarios where a user, running an instance of LightSwap on her mobile phone, wants to exchange coins with an online exchange service running an instance of LightSwap on a computer. We show how LightSwap can be used to swap Bitcoin and Monero, an interesting use case since Monero does not provide any scripting functionality support other than linkable ring signature verification.

Note: A full version of the paper is available at

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. 6th International Workshop on Cryptocurrencies and Blockchain Technology - CBT 2022
Blockchain Atomic swap Bitcoin Monero Lightweight applications Adaptor signatures
Contact author(s)
philipp @ coblox tech
subhra mazumdar @ tuwien ac at
pedro moreno @ imdea org
sushmita ruj @ unsw edu au
2022-11-28: approved
2022-11-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Philipp Hoenisch and Subhra Mazumdar and Pedro Moreno-Sanchez and Sushmita Ruj},
      title = {LightSwap: An Atomic Swap Does Not Require Timeouts At Both Blockchains},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1650},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.