241 sats \ 0 replies \ @tptrevethan OP 1 Feb \ parent \ on: Mercury layer AMA bitcoin
This is quite good: https://bitcoinmagazine.com/technical/mercury-layer-a-massive-improvement-on-statechains
But as a quick ELI5-ish:
An address (public key) is created from two private key shares - one from the server/operator and one from the owner. Bitcoin deposited to this address is the 'statecoin' - it can only be spent with a signature generated from both the server and owner cooperating.
The server and owner cooperate to sign a 'backup transaction' spending the BTC to an address of the owner, which will become valid after a future timelock. So if the server disappears, the owner will still get their money back.
To send the statecoin to a new owner (receiver), the current owner gets the public key of the new owner (this is the mercury address). They then sign a new backup transaction paying to the new owners pubkey, but with a timelock that expires some time sooner than the first one (so it becomes valid sooner). They then get an encrypted random number from the server, and add their private key to it. They send this and data about all previous signatures and backup txs to the receiver (they don't have to send directly, can relay via the server an encrypted blob).
The receiver then verifies all previous signatures and backup txs, and check this matches the number of signatures the server reports it has previously co-signed for this shared key. They add their private key to the encrypted key value and send back to the server.
The server then updates it's private key share with this blinded key value. The server private key share now only combines with the new owner private key share to be able to co-sign for the statecoin pubkey (which doesn't change). The old owners private key share isn't valid any more - and no-one has learnt the full private key at any point.
So long as the server:
- Updates their key share (i.e. deletes the old one) there is no way they a previous owner share can be used, even if they hack the server.
- Correctly reports the number of co-signings it has done. Then it is completely non-custodial and secure.
The transfer has then completed off-chain and completely privately.