The neglected step sister of privacy protocols in Bitcoin is atomic swaps. Find somebody who wants to trade a utxo with you, and arrange a swap.

CoinSwap v2 is based on an idea originally proposed by Greg Maxwell in 2013.

CoinSwap v2 is a taker-coordinated, multi-hop atomic swap protocol built around Taproot contracts and MuSig2. You route value through independent makers, receive different coins back, and keep a recovery path if anyone disappears mid-swap.

This v2 uses Taproot and MuSig2 to make the swap look like a normal transaction.

Successful swaps look like ordinary Taproot spendsSuccessful swaps look like ordinary Taproot spends

On the happy path, adjacent parties cooperate with a MuSig2 key-path spend, so the hashlock and timelock scripts stay hidden. Script branches only appear when someone has to recover or force completion.

Here's a step by step for how it works:

The Taker sets up the route with different makers, so it should be harder for any one Maker to compromise privacy.

Every hop is a single P2TR output with a MuSig2 internal key and two script leaves. The receiver can force completion with the hashlock if needed, while the sender can recover after the CLTV deadline. When things go right, neither script is revealed.

Tue protocol also includes fidelity bonds which ought to increase the cost to Sybil attack it.

A maker proves skin in the game with a time-locked bitcoin bond. The bond data, certificate hash, and signature are bundled into the fidelity proof returned during offer discovery. Takers verify that proof before trusting the offer book.

Looks like CoinSwap v2 is a product of a summer of Bitcoin and Bitshala program attendee, Sarthak.

Announcement tweet: