Tumblebit Puzzle Contract
Tumblebit puzzle transaction as proposed in the Tumblebit white paper.
Alice can insert a 0 (false) in the scriptSig to choose to enter through the else branch and recover her money after the expiry date, if Bob has not been paid.
Tumbler can insert a 1 (true) in the scriptSig to choose to enter through the if branch and send the money to Bob, Bob having supplied the solution to the puzzle.
Alice wants to send money to Bob via Tumbler, an untrusted anonymous payment hub.
In the escrow phase, Alice sends money to the P2SH Tumblebit Puzzle address.
The contract contains the hashes hi of 15 secret preimages (ki) that must be revealed by Tumbler for Tumbler to get paid.
Bob can collect his payment by using the solution to the Tumblebit puzzle found by Alice.
The solution is in the form of a symetric encryption key used by Tumbler to encrypt his signature over a transaction paying Bob.
If Tumbler fails to collect his payment before the expiry time, Alice can collect her refund.
RIPEMD160 <h1> EQUALVERIFY
RIPEMD160 <h15> EQUALVERIFY
<expiry time> CHECKLOCKTIMEVERIFY DROP
scriptSig (before expiry):
<Tumbler signature> <k15>..<k1> TRUE
scriptSig (after expiry):
<Alice signature> FALSE
k1-secret: "a", k2-secret: "b", ..., k14-secret: "n", k15-secret: "o"
ki = RIPEMD160(ki-secret)
hi = RIPEMD160(ki)
Expiry: 2016-11-24 08:56:00 UTC
Alice Public Key: 023927B837A922696836E26399F759965328437F93AAFAF3E02767D22860C0FBA7
Tumbler Public Key: 02259B57015E60DE464E1D83C375BDD01D272290C51CEDE0B794301DE1B7770C7B
Tumblebit Puzzle Contract Address: 36mVdtCTQz2dMbHEUAAMYkX6UjZq5u2xLG