Saturday, October 21, 2017

bits field relation to hashing and difficulty

In the block explorer you can see a "bits" field determines the difficulty that can be compared between all coins. It is a compact form of the maximum value the hash of the block header must have before nodes will accept the miner's hash. A miner's job is to hash until he can find a hash that is less than the hash value stated in the bits field. The difficulty algorithm sets the bits field value. In HUSH's block 190703 the bits field is 1d 08 ec fa. The 1d in decimal is 29, which means the max hash value is 29 bytes long. The 08 ec fa gives the value of the first 3 of those 29 bytes. The rest of them are 00. If you convert those 1st three to decimal and multiple that by 256^(29-3) it is 2.4E68. The hash of a block header is 32 bytes long, which can take on 2^32 = 1.15E77 different values. The miner's job is to keeping hashing, changing the nonce field between each hash (with a starting point given to him by the pool) to get a different hash each time, until he finds a 32 byte hash that is below that 2.4E68 number. 2.4E68 is 481 million tmies less than 1.16E77. So the miner has to hash that many times in 150 seconds to have a 50% chance of winning. 481 / 150 = 3.21 million hashes per second, which was the network hashrate during that block. The difficulty in hush-cli as you said was 239 M. 2^1 * 239 / 150 = 3.19 M Hashes/s network rate. For some reason, in Zcash replace the 2^1 with 2^13.

Friday, October 20, 2017

Blockchain timestamps, difficulty, and the stars.

posted to Zcash github:
https://github.com/zcash/zcash/issues/1889


Any upper limit you apply to timestamps should be reflected in a lower limit. For example, you could follow the rule that the next timestamp is limited to +/- 750 seconds from the previous timestamp +150 seconds (+900 / -600). If you don't allow the "negative" timestamp (-600 from previous timestamp) AND if miners can assign timestamps without a real-time limit from nodes, then a miner with > 20% of the network hashrate can drive the difficulty as low as he wants, letting everyone get blocks as fast as he wants, in less than a day.

A symmetrical limit on timestamps allows honest miner timestamps to completely erase the effect of bad timestamps. ( You do not need to wait 6 blocks for MTP like Zcash does in delaying the use of timestamps for difficulty, see footnote. ) If you allow the symmetrical "negative" timestamps, you do not need nodes to have the correct time with NTP or GPS unless miners collude with > 51% agreement on setting the timestamps further and further ahead of time to drive difficulty down. It's a real possibility if miners decide they do not like a certain fork due to not providing them with enough fees.

But if your nodes have an accurate time, you do not need mining at all. The only fundamental reason for mining is to act as a timestamp server to prevent double spending.

BTC and ETH depend on nodes to limit the future time assigned to blocks. This seems like a bad joke. Zooko was the only one here who seemed to know there is something fishy about strong reliance on nodes having the correct time. The extent to which BTC and ETH need those forward-time limits to be enforced by real time is the extent to which they do not need mining.

Since gmaxwell (and apparently Satoshi) reject the idea of relying on state-sponsored and crash-able GPS, NTP, or cellphone systems to eliminate the need for miners, the ideal solution is to have nodes that use a camera with a good zoom, known location, and accelerometer (if their camera is a cell phone not correctly mounted) to determine star position and to periodically calibrate their time based on that. @fluffypony was the only one I could get to "like" this idea on twitter. Every honest desktop node could reject transactions with bad timestamps, within some small window like 1 minute (with good optics). Science like this does not need to ask for consensus. Every node on his own could give the middle finger to every node that disagrees with him. Nodes with correct time would naturally comprise the biggest network, all saying F-you to the miners. Blocks could be 2 minutes apart and need only 1 confirmation. Science began with looking at the stars and time is the only thing I can think of that computers can determine in isolation and then agree on without a trusted 3rd party. Colluding miners bullying us with > 51% hashrate into more total fees at the expense of security is a trusted 3rd party.

Footnote:
MTP does not stop a 25% attacker who can set timestamps > 4 blocks ahead if other miners are not allowed to assign a "negative" timestamp to eliminate the error in the next block. But if you allow the "negatives" then MTP is not needed. Putting your tempering aside, this assumes you use

next_D = avg(D's) * T / avg(solvetimes, allowing negative solvetime)
instead of

next_D=sum(D's) * T / [max(Timestamps) - min(Timestamps) ]
because the N's of the denominator and number of the first equation do not cancel like you would think and hope (in order to use the second equation) when there are bad timestamps at the beginning and end of the window. With the MTP, your difficulty is delayed 5 blocks in responding to big ETH miners who jump on about twice a day. That's like a gift to them at the expense of your constant miners.

Also, your tempered N=17 gives almost the same results as a straight average N=63. I would use N=40 instead, without the tempering. It should reduce the cheap blocks the big ETH miners are getting.

Your 16% / 32% limits are rarely reached due to the N=63 slowness. This is good because it is a symmetry problem, although it would not be as bad as BCH. Use "limit" and "1/limit" where limit = X^(2/N) where N=63 for your current tempering and X = the size of the larger ETH attackers as a fraction of your total hashrate, which is about 3. This allows the the fastest response up or down at N for a given X with 80% probability. Change the 2 to 3 to get a higher probability of an adequately-fast response. The benefit is that it is a really loose timestamp limit on individual values, as long as the aggregate is not too far from the expected range.

Wednesday, October 18, 2017

Hold coins w/ nLocktime (or burn) as a source of price appreciation (via velocity theory of money)

post to HUSH chat:

Now I see we can't even charge HUSH fees for sending email because if the value increases a lot it will be too expensive. to email. Is it possible for the protocol to measure the swap rate between dollars and HUSH? If yes, then that seems to be a way you could charge say $0.0025 per tx output plus $0.000001 per tx byte . I'm allergic to blockchain bloat. You could burn 1/3 for price appreciation, send 1/3 to devs, and 1/3 to miners. If you don't burn HUSH (or enforcing holding times), what is the market incentive to increase its value if Zcash and other alts are going to attract most of the people seeking an anonymous store of value? There's a similar problem when spending HUSH for XHCP. How is XHCP automatically lowering in HUSH price so that you don't have to fork when HUSH increases 10x? Is burning some of that HUSH the only sure way to get market appreciation? Instead of burning in both cases you could require an nLocktime holding time to enforce the velocity theory of money. Previously I mentioned putting a locktime on the HUSH (for XHCP) before it can be spent, so devs can't spend it right away, giving a contuned work motivation just like stocks. But now I see it has a price appreciation effect. Dollars have value because they are being HELD in many places. It's not merely for savings, but as a requirement of doing business. But in a blockchain that is not being used to make purchases for goods or services in order to get other goods and services that have shipping and production times, there is no hold time. True, XHCP is a service, but if this "gas" should have a constant value, then the exchange rate between it and HUSHJ should fluctuate and in doing so, it removes the incentive to hold HUSH. As a speculator, I would have to trust the devs to hold their HUSH. That trust seems to be the primary source of objective (aka real aka justified) price appreciation.
Are there coins requiring a hold time on transactions as a source of price appreciation? I previously described making receivers also hold HUSH in order to receive but that seems to make it complicated without benefit. In this simpler holding time scheme, the sender would be required to send an amount of HUSH (determined by dollar or commodity basket exchange rate) with a locktime on it to himself.

Sunday, October 15, 2017

Smoothing coin release rate for bitcoin

The halving events in BTC seem absurb in being such a powerful step function. Due to rounding error and trying to keep the same quantity of satoshis emitted every 4 years, it takes some effort to find a formula that exactly ends in 1/2 as many coins per block after 4 years (210,000 blocks) and gives the exact same number of Satoshis in those 4 years. Here's what I came up with.

Once every 4 hours, starting half-way into a halving event, set coins awarded to

BTC=C*int(1E8*A*B^(N/8750))/1E8

where

C = number of coins supposed to be emitted in this halving event.
A = 1.072026880076
B = 0.46636556
N = blocks after the 1/2-way point, up to 8750 when N goes back to 1 and C is cut in half.

8750 is 4 years' worth of 4-hour periods. I didn't like 5, 7, or 10 hours because it is not a multiple of a day. 2 hours would have been harder to check in excel, having 2*8750 adjustment per halving. Other options were not an integer number of blocks. I guess 8 hours is an option.

I guess it could be improved to not have to reset C and N every 4 years.

I believe there is a starting point that is better in the sense that it results in a simpler equation that is good for all time, like ln(2) = 0.693 into a halving event or maybe 1/e into it or 1/e before the end.

Wednesday, October 11, 2017

The ideal currency (new)

This supersedes my previous article an ideal currency (but does not replace the previous ideal currency post that talks about a p2p coin that depends on "reputation" as the coin itself).

Previously I described how all characteristics of an ideal currency such as Nick Szabo's list (scarcity, fungibility, divisibility, durability, and transferability) can be derived from the desire to have constant value in space and time. The best measure of "value" results in a more specific definition: ideal constant value currency is proportional to the net potential energy available as work per person, where the net energy available is the total that is available in a legal system that dictates how the energy may be used, which includes enforcing the concept of ownership of assets that fall under the control of that legal system, and enforcing law (settling disputes, collecting taxes, etc) with that particular currency unless the transfer of other assets in a certain case is more appropriate. I should mention intellectual property does not have energy that is proportional to its value, but it increases the net work energy available by more efficient use of existing assets, even if by entertaining people which may enable them to work better by feeling better. Assets have a net work energy, but in calculating how much more currency should be in the system due to those asset, the costs of anything such as intellectual property needed in its conversion to work should be first subtracted out. That cost from all other assets purchasing the I.P. is a work energy assigned to that I.P. in our balance sheet of total currency in the system.

There is waste energy as heat when work energy is expended, and the amount depends on the form of the original energy. There is also wasted energy when work energy is expended to get other work energy where it is needed. These and other forms of waste are not included in the "net total work in the system per person" that I'm talking about. So, I can't say this work is exactly based on Gibbs free energy ( E = U + pV - ST) of a set of atoms in some chemical and thermodynamic system because that is measured before these wastes. Gibbs free energy is the precise definition of "available work energy". So what I'm talking about is the Gibbs free energy minus the waste and minus cost of the intellectual property. Gibbs free energy includes a subtraction from the total that is due to the energy having an amount of disorder (entropy) at a given temperature (S*T). In a sense, the waste and I.P. expense is like a pre-existing "disorder" (or inefficiency) that assets have. If the size of a system (a system of assets under a common legal control that is enforced by the currency) is stable, then the new total net work energy (as I've defined it) coming into the system in a given time is equal to the waste energy going out. The companies or government with infrastructure that acquires the input energy is a potential energy that will be depleted over time as the infrastructure depreciates. That potential energy isits value in terms of the currency, minus the I.P. which includes dividends and profits to shareholders (their decision to invest was an I.P.). Every asset is similarly a potential energy. So the net work energy I've defined is probably better viewed as a potential energy and new energy coming in and going out in a stable system keep that potential energy constant. If the incoming energy coming is greater than that waste going out, then the potential energy of the system is increasing. If the population does not increase, then the currency quantity will increase.

All assets in a legal system should have a reference that defines the owner. The currency gains control of a portion of those assets (say, 10%) by owners having debts as well as assets which places a lien on their assets, so they do not exactly have full ownership of the assets they own. The debts may be expressible in other assets, but the legal system typically allows settlement in the currency in equivalent amount of currency. So not all debt is currency, but all currency is based on a debt. An immediate question I have is "Should the total debt-currency (as a percentage of the assets in the system) be constant?" My first guess is "yes" to keep things simple and therefore more measurable and predictable.

The rest is potentially hogwash that I need to investigate further. I have it here for my future reference.

coins = bytes = DNA = synapses => used to create economically beneficial arrangements of atoms and potential energy

The usefulness of energy depends on the form it is in as well as the pre-existing order of the matter it needs to move. For example, oil in the ground is not as valuable as oil in a tanker. Gold in an vein is not as useful as gold in sea water. So the order in the mass of commodities has value like energy commodities due to making itself more amenable for energy to move. A.I. systems like evolution and economies use energy to move mass to make copies of themselves to repeat the process. More precisely, the historical position of mass and potential energy gradients cause matter to form self-replicating way. Genes, brains, and A.I. are not forces that do anything of their own free will, but they are the result of forces from pre-existing potential energy gradients that created them. They are enzymes that allow energy and mass to move in an efficient direction, not forces. The following is mathematically exactly true: Intelligence = efficient prediction = compression = science. I am referring to the "density" of each of these, not the total abilities. For example, science seeks to predict the most in the least number of bytes. The least number of bytes is known as Occam's razor in science and is the 2nd of two fundamental tenants of science. The first is that observations should have the potential to prove a theory wrong (falsifiability), and that those observations always support the theory (reproducible observations). So the 1st science tenant is prediction and the 2nd is compression or efficiency. Total currency in an A.I. system = bytes / time that are destroyed in CPU computations and memory writes. Every computation in a CPU and memory write to RAM or a hard drive generates heat and entropy. The theoretical minimal entropy per byte destroyed is S =kb * ln(2). kb is boltzmann's constant. The minimal heat energy created (the energy lost) is Q = Temperature * S. In economics, the "bytes" are "dollars" that represent energy spent like a CPU computation to create a mass of a commodity (like the storage of a byte). When we write to memory in A.I. we are creating value that can be used in the future. Typically the writes are assigning weights to the connections in neural nets or the probabilities to a Bayesian net or making copies of a gene in genetic algorithms. Bytes in evolution are DNA. The bytes in our bodies are cellular energy like glucose and energy stored in the crystals of DNA. Energy-based commodities are spent to create mass-based commodities that are used for an economic system to replicate (expand), just like evolution and A.I. Total currency is the total available commodities per economic cycle. Approximating a constant number of economizing agents like people or neurons in a brain or nodes in a neural net means that the currency is also a bytes per economic cycle per economizing agent. Agents compete for the limited number of bytes in order to increase the number of bytes per agent per cycle. Coins are bytes that represent a percent ownership of the total commodities available per economic cycle per person.

ideal cryptocurrency:

This is jumbled, but I want to save it for future review to pick up where I left off.

The general idea is for people to gain "reputation points" as their own personal coin by "giving" something away, someone receives and gives "reputation to you". It costs them reputation to give to you. So you want to give only to people you trust to stay within the system. You vouch for them and they vouch for you. You lose reputation if they cheat on others in the future. You keep each other's transactions on a blockchain, and those of your mutual nearest neighbors. Everyone will have a different blockchain, supporting your "local" buyers/sellers, who support you. Trust before a transaction is from a potential buyer/seller checking your past transactions and confirming with those people that your blockchain is correct and complete. The exchange rate for reputation depends on how close buyer and seller are in their network of connections. It should be possible to limit the amount of your transactions potential buyers/sellers can see, but your exchange rate will not be good if you are too secretive about your past. Transaction speeds to check everyone and proceed should be very fast, less than a minute. Your reputation could be recoverable from your "local network" if you lose your keys. Outsiders not wanting to disclose information about themselves will not be able to decrypt blockchains that contain your data.

=======

Here's another "insane idea" to be added onto to the timestamp idea (again, not necessarily the stars). People get more coin by having more "friends". It might be a slightly exponential function to discourage multiple identities. Your individual coin value is worth more to your "local" friends than to "distant" friends. The distance is shorter if you have a larger number of parallel connections through unique routes. A coin between A and D when they are connected through friends like A->B->C->D and A->E->F->D is worth more than if the E in the 2nd route is B or C. But if E is not there (A->F->D) then the distance is shorter. More coin is generated as the network grows. Each transaction is recorded, stored, timestamped, and signed by you and your friends and maybe your friends' friends. Maybe they are the only ones who can see it unencrypted or your get the choice of a privacy level. Higher privacy requirement means people who do not actually know you will trust your coin less. Maybe password recovery and "2-factor" security can be implemented by closest friends. Each transaction has description of item bought/sold so that the network can be searched for product. There is also a review and rating field for both buyer and seller. For every positive review, you must have 1 negative review: you can't give everyone 5 stars like on ebay and high ranking reviewers on Amazon (positive reviewers get better ranking based on people liking them more than it being an honest review). This is a P2P trust system, but there must be a way to do it so that it is not easy tricked, which is the usual complaint and there is a privacy issue. But look at the benefits. Truly P2P. Since it does not use a single blockchain it is infinitely faster and infinitely more secure than the bitcoin blockchain. I know nothing about programming a blockchain, let alone understand it if I created a clone. But I could program this. And if I can program it, then it is secure and definitive enough to be hard-coded by someone more clever and need changing only fast as the underlying crypto standards (about once per 2 decades?)


zawy [9:54 AM]
Obviously the intent is to replace fiat, amazon, and ebay, but it should also replace FB. A transaction could be a payment you make to friends if you want them to look at a photo. The photo would be part of the transaction data. Since only you and your friends store the data, there are no transaction fees other than the cost of your computing devices. Your friends have to like it in order for you to get your money back. LOL, right? But it's definitely needed. We need to step back and be able to generalize the concept of reviews, likes, votes, and products into the concept of a coin. You have a limited amount dictated by the size of the network. The network of friends decides how much you get. They decide if you should get more or less relative power than other friends. (edited)

zawy [9:58 AM]
It would not require trust in the way you're thinking. Your reputation via the history of transactions would enable people to trust you. It's like a brand name, another reason for having only 1 identity. Encouraging 1 identity is key to prevent people from creating false identities with a bot in order to get more coin. The trick and difficulty is in preventing false identities in a way that scams the community.

zawy [10:04 AM]
Everyone should have a motivation to link to only real, known friends. That's the trick anf difficulty. I'm using "friend" very loosely. It just needs to be a known person. Like me and you could link to David Mercer and Zookoo, but we can't vouch for each other very well. That's because David and Zookoo have built up more real social credibility through many years and good work. They have sacrificed some privacy in order to get it. Satoshi could get real enormous credibility through various provable verifications and not even give up privacy, so it's not a given that privacy must be sacrificed. (edited)


zawy [10:07 AM]
Right, it should be made, if possible, to not give an advantage to people because they are taking a risk in their personal safety.


zawy [10:15 AM]
The system should enable individuals to be safer, stronger, etc while at the same time advancing those who advance the system. So those who help others the most are helped by others the most. "Virtuous feedback". This is evolution, except it should not be forgotten that "help others the most" means "help 2 others who have 4 times the wealth to pay you instead of 4 others with nominal wealth". So it's not necessarily charitably socialistic like people often want for potential very good reasons, but potentially brutally capitalistic, like evolution.



zawy [6:26 AM]
It does not have to be social network, but it does seem likable social people would immediately get more wealth. It's a transaction + reputation + existence network. Your coin quantity is based on reviews others give you for past transactions (social or financial) plus the mere fact that you were able to engage in economic or social activity with others (a measure of the probability of your existence). There have been coins based on trust networks but I have not looked into them. It's just the only way I can think of to solve the big issues. If the algorithm can be done in a simple way, then it's evidence to me that it is the correct way to go. Coins give legal control of other people's time and assets. If you and I are not popular in at least a business sense where people give real money instead of "smiles" and "likes" like your brother, why should society relinquish coin (control) to us? The "smiles" might be in a different category than the coin. I mean you may not be able to buy and sell likes like coin. Likes might need to be like "votes". You would get so many "likes" per day to "vote" on your friends, rather than my previous description of people needing to be "liked" in order to give likes, which is just a constant quantity coin. Or maybe both likes and coin could be both: everyone gets so many likes and coins per day, but they are also able to buy/sell/accumulate them. I have not searched for and thought through a theoretical foundation for determining which of these options is the best. Another idea is that every one would issue their own coin via promises. This is how most money is created. Coin implies a tangible asset with inherent value. But paper currency is usually a debt instrument. "I will buy X from you with a promise to pay you back with Y." Y is a standard measure of value like the 1 hour of laborer's time plus a basket of commodities. Government issues fiat with the promise it buys you the time and effort of its taxpayers because it demands taxes to be paid in that fiat. This is called modern monetary theory.


zawy [6:40 AM]
So China sells us stuff for dollars, and those dollars gives china control of U.S. taxpayers, provided our government keeps its implicit promise to not inflate the fiat to an unexpectedly low value too quickly, which would be a default on its debt. So your "financially popular" existence that is proven by past transactions of fulfilling your debt promises gives you the ability to make larger and larger debt promises. How or if social likes/votes should interact with that I do not yet know. But I believe it should be like democratic capitalism. The sole purpose of votes is to prevent the concentration of wealth, distributing power more evenly. This makes commodity prices lower and gives more mouths to feed, and that enabled big armies, so it overthrew kings, lords, and religions. Then machines enabled a small educated Europe and then U.S. population to gain control of the world.


[6:43]
If my ideas ever solidify, I'll program it in Python.

The end game of currency will be a trust network where your reputation among friends and past buyers/sellers is the amount of currency you own to purchase things in the future. You can't lose your keys because your reputation is stored on the network. It's not centralized in any way like bitcoin, except for the protocol people should agree on. Complete anonymity is not possible, but only sociopaths don't have any friends and don't deserve any currency. A super-majority of friends can rat you out or give your keys back. You can't exchange with strangers until the network grows tentacles via 6 degrees of separation. You are penalized if a friend cheats and vice versa. You can have multiple identities but it means you would have to split friends among them, not getting any net benefit except fall-back security and dispersion to distant networks. There is no currency except how friends of friends of friends etc choose to score your reputation. There's no profit to being a dev or adopting early. There's huge profit in not being anonymous.

your productivity would show in high scores from things youve sold. As I mentioned last time I'm using "friends" losely. The guy in india who gets me cheap meds is a friend. I sent him bitcoin blindly and hope i get the products


[9:26]
he and i benefit based on trust which is based on our reputation with each other

zawy [9:45 PM]
Again, the network would have to really grow "grassroots" style among people like you and me. You and I have not trust with the bots sending us spam and whatnot, and we would not believe anything posted on bitcointalk unless we had a history of knowing someone


[9:47]
the whole point is to solve these problems. I mean I have these problems in mind as a reason for designing it. I just havent worked on any of the details


[9:49]
our computer would check a potential sellers network for connections to ours, and we buy nothing from them because the reliability settings we've chosen would indicate low reputation no matter how many friends they have simply because we and our friends have no experience with them. an interesting side effect is that you're more likely to do business with people you know.


[9:50]
but in the beginning, we would trust strangers as much as we do people on ebay and openbazaar

zawy [9:53 PM]
we are each basically issuing our own credits and debits like the tally sticks. We are issuing our own currency. The settings people choose depend on how much they score our reputation.


[9:54]
so there would be 7 billion currencies and (7B)^2 exchange rates


zawy [9:56 PM]
total currency should equal total energy controlled by the legal system divided by the number of people

and recovering lost coins is not possible. I'm talking about trying to get perfect even distribution and lightening speed pf the network everywhere and the ability to recover lost keys and potentially losing anonymity only among friends

zawy [10:02 PM]
i mean i could be an anonymous person on the internet like Satoshi who has enormous reputation despite the physical body being unknown


your "blockchain" would be only a recorded of your friends transactions. so a buyer and seller's computer would request data from your past buyers and sellers (your friends) to take his own measure of your reputation score



zawy [10:07 PM]
so I should really say friends, but that's the way it could start. Really maybe it's more likely to start with strangers you just have to trust like I do cpeople in india and china. So instead of "friends
I should say "past buyers and sellers"


Friday, October 6, 2017

Cross-chain atomic swaps

If the BTC scripting is enabled in HUSH, it looks like I could write transaction scripts for cross-chain atomic swaps with no changes to the code. A HUSH seller "A" would first send funds to themself (via a t-transaction) that includes a message field that indicates "these coins are for sale for x coin" where "x" coin would have to be BTC-script-compatible. The message field would include the 1st transaction script in the atomic swap described in the link below. The amount of HUSH offered and the amount of "x" required to get it would be in that script. Both users would need a GUI (probably as part of their wallet) for each coin that scans transactions for "sells" and "buys" and each cross-chain-swap wallet would need to be following a protocol standard. B's HUSH wallet would see the offer, and generate the "code" that he would copy and paste to his BTC wallet which his BTC wallet converts to a transaction that will indicate via a transaction that he wants to sell the correct quantity of BTC for that HUSH. A's BTC wallet would be scanning BTC transactions for that buy request, and generate the "code" that her HUSH wallet needs. She would copy and paste that "code" to her HUSH wallet, which will know how to turn it into a transaction that includes the script that will allow B to unlock the HUSH funds. The script includes the timelock that allows her to regain the funds if B does not spend them. B's HUSH wallet would see it and construct the "code" for copying and pasting to his BTC wallet that will similarly include the script in a BTC transaction that A can spend. So, as far as I can see, it only needs to be wallets that are following a protocol, not a code change to the coins. I assume there is some field in BTC that can be used to send text. There's no market created, unless there are a lot of BTC buy requests on the HUSH chain competing to get BTC sellers. You just wouldn't sell or buy unless the price was as good as what is on cryptopia, etc.

https://en.bitcoin.it/wiki/Atomic_cross-chain_trading#Algorithm

Summary:

My above text describes a general implementation without changes to either coin (only changes to how a wallets use the data given) but I left out some steps. Here is a more complete view of the process. (I've got "A" sending the altcoin instead of BTC).

1) A sends HUSH to self with message field.
2) B sends BTC to self with message field.
3) A sends HUSH to self with message field that fulfills (in the link above) "A sends TX2 to B".
4) B signs it and returns to A via the message field in a HUSH (or BTC?) transaction to self.
5) A sends locked HUSH transaction, refundable by A if B is unable to cash in 48 hours.
6) B does exactly the mirror image of what A does in 3, 4, and 5, but with 24 hour condition.

B can't spend 5 until A spends the last part of step 6. A can't spend B's BTC (last part of 6) unless the unlocking script she uses provides the secret random number that hashes to the correct value she previously provided to B in step 3. That random number is what B needs to spend 5. (edited)

I don't even know if there is a message field available on BTC. Even if there is, it would be simpler to have an off-chain source like bitcointalk where people post the sell offers, then having the buyer/seller PM each other to replace all the "send to self" steps.