Cashbtc, A fast IRL bitcoin exchange protocol.

As bitcoin adoption is growing, and the debate about scaling the blockchain stalling, it becomes less and less practical to exchange bitcoin for cash in a peer to peer fashion. Indeed, if you want to sell bitcoins and fix a meeting with someone, you will have to stay until the transaction gets confirmed by the network, and this can take a long time.

This is very unfortunate, as buying bitcoin peer to peer stays in my opinion the most anonymous way to acquire bitcoins. This is why I propose Cashbtc, a protocol to allow two individuals to exchange bitcoins for cash, without having to wait for a network confirmation on the meeting point.


In this description of the protocol, Alice wants to sell 1 bitcoin to Bob. The refund address of Alice is \(ad_A\) and the destination address of Bob is \(ad_B\). Before the transaction, Alice computes a new key pair \((pub_A, pr_A)\), and Bob computes a new key pair \((pub_B, pr_B)\).

Alice   Bob
Computes \(TX_0: 1BTC \rightarrow (2of2 \{pub_A, pub_B\}\)    
\(\lor (locktime \land sign_A))\)    
Announces \(TX_0\)    
  Network confirms \(TX_0\)  
Goes to the meeting   Goes to the meeting
Reveals \(pr_A\) \(\Longleftrightarrow\) Pays in cash
    Computes \(TX_1: (2of2 \{pub_A, pub_B\}) \rightarrow ad_B\)
    Announce \(TX_1\)
  Bob defaults  
Computes \(TX_2: (locktime \land sign_A) \rightarrow ad_A\)    
Announcs \(TX_2\)    

If the protocol is clear enough, you should have noticed that Bob doesn’t have to wait for \(TX_1\) to confirm, as Alice doesn’t have \(pr_B\), and the refund transaction is still supposedly locked. Thus the exchange can go really fast, Alice would have to display \(pr_A\) with a QR code, and Bob would have to scan it, and check its validity. Once Bob is sure that \(pr_A\) is valid, he can leave the meeting in peace !

This protocol is not tested, I am currently working on an implementation on the Bitcoin testnet network. Comments/suggestions are greatly appreciated.

Written on December 15, 2016