Adaptor Signature
2 min read
An adaptor signature is an additional signature which is combined with an initial signature to reveal a secret piece of data. Adaptor signatures allow two parties to reveal two pieces of data to one another at the same time, which solves the trust problem involved in simultaneous transactions such as atomic swaps and coin swaps.
The setup for an adaptor signature involves a secret value, an adaptor signature, and a “normal" signature. Knowing any two of these data is enough to calculate the third. A powerful feature of adaptor signatures is that one party can generate an adaptor signature based on a secret piece of data, and another party can generate their own adaptor signature based on the same data without actually knowing the data itself.
As an example, Alice and Bob want to swap 1 BTC. First, Alice gives Bob an adaptor signature for an unsigned transaction sending 1 BTC to Bob. The adaptor is not a transaction signature, so the transaction cannot be spent yet, but it commits to a secret value.
Next, Bob creates his transaction sending Alice 1 BTC. Using Alice’s adaptor signature, Bob can produce his own adaptor signature. This adaptor signature commits to the same secret value even though Bob doesn’t know the secret value. Bob shares both his transaction and his adaptor signature with Alice.
Since Alice has both Bob’s adaptor signature and the secret value, she has enough information to produce Bob’s signature for his transaction, allowing her to claim her 1 BTC. As soon as Bob sees his signed transaction on the blockchain however, he can also calculate the secret value using his adaptor signature and his initial signature. From there, he can calculate Alice’s initial signature with the secret value and Alice’s adaptor signature. Bob can now sign Alice’s transaction and claim his 1 BTC.