Page1 第一页 Portal: DeFi on Bitcoin 门户网站:DeFi on Bitcoin Duggirala,Chandra Martindale, Eric June 2020 2020年6月

Page2 第2页 Contents 目录 Contents 目录 Abstract 摘要 Introduction 简介 Centralized middlemen to DeFi 向DeFi集中中间商 Fabric: A Decentralized Computation Market for Executing Financial Primitives 结构：执行金融原语的分散计算市场 A Coin Swap as a fee for computation" 作为计算费用的硬币交换 Setup 安装 Alice finds a Peer Alice找到了一个同伴 Key Insight 重要见解 Alice deposits Bitcoin into the Network Alice将比特币存入网络 Bob deposits Altcoin Bob存入Altcoin硬币 Alice places an Order Alice下了订单 Bob places an Order Bob下订单 Charlie places an Order 查理下了订单 Atomic Swap: The Fundamental Primitive of DeFi 原子交换：DeFi的基本原语 Layer 1 Atomic Swaps 第1层：原子交换 The fault in our swaps 互换错误 Layer 2 swaps 第2层：交换 Limitations: 局限性 Properties of Portal. 门户网站性质 A Trust-minimized, Atomic Swap Protocol 信任最小化，原子交换协议 Case 1: Setup 案例1：设置 Outcome branches 结果分支 Analysis 分析 Fairness in Optionality: 公平可选性 Facilitation: 简易化 Trust-Minimization: 信任最小化 Analysis of Usability 可用性分析 Drawbacks 退税

Page3 第3页 Case 2: Initiator does not have assets on counterparty's blockchain. 案例2:发起人在交易对手的区块链上没有资产。 Construction (# 1): 建设1 Outcome branches 结果分支 Analysis (Pass/Fail) 分析(通过/失败) Fairness: Pass 公平：及格 Facilitation: Pass 促进：通过 Trust-Minimization: Fail 信任最小化：失败 Analysis of Usability 可用性分析 Drawbacks 缺点 Alternate Construction (# 2): 替代结构(# 2): Outcome branches 结果分支 Analysis 分析 Fairness: Fail 公平：失败 Facilitation: Pass 促进：通过 Trust-Minimization: Pass 信任最小化：通过 Analysis of Usability 可用性分析 Key Insight 重要见解 Censorship resistance 审查阻力 Composing More Complex Financial Contracts using Atomic Swaps 使用原子互换组合更复杂的金融合约 Interest Bearing Instruments: Lending & Borrowing 计息工具:借贷 Derivatives: 派生物 Conclusion: 结局 Code Resources 在代码中使用资源 Appendix A 附录A Flaws inherent to Decentralized Exchanges (DEXs) 分散式交易所固有的缺陷

Abstract 摘要 Here we unveil a multi-layered system purpose-built for allowing censorship-resistant financial (and non-financial) applications on top of the Bitcoin Network. This system allows for the secure establishment and execution of peer-to-peer agreements, including financial and nonfinancial contracts. Financial applications that can use this infrastructure include spot trading, lending, borrowing, investing, crowdfunding and cryptocurrency derivatives. Other decentralized and censorship-resistant applications such as communication networks, social media networks and others can be built as well on the same infrastructure. This system allows users to access all decentralized services from a non-custodial, user-controlled application or a wallet. Users can trade and contract with the speed, user experience, and liquidity of centralized alternatives, but without relinquishing control of assets or data to a trusted party in the middle. 在这里，我们推出了一个多层系统，旨在允许比特币网络之上的抗审查金融（和非金融）应用。该系统允许安全地建立和执行对等协议，包括金融和非金融合同。可以使用这一基础设施的金融应用包括现货交易、借贷、借贷、投资、众筹和加密货币衍生品。其他分散和抗审查的应用程序，如通信网络、社交媒体网络和其他应用程序也可以在相同的基础设施上构建。该系统允许用户从非保管的、用户控制的应用程序或钱包中访问所有分散的服务。用户可以使用集中式替代方案的速度、用户体验和流动性进行交易和签约，但不会将资产或数据的控制权交给中间的可信方。

Page4 第4页 The first part of this white paper gives an overview of the fabric peer-to-peer network. 本白皮书的第一部分概述了fabric点对点网络。 The rest of the paper describes our unique construction of a peer-to-peer contract called an atomic swap and how it can be used for building peer-to-peer exchanges that have the speed, usability and liquidity of centralized alternatives. By solving longstanding problems with cross -chain atomic swaps, we describe how a trust minimized exchange can be built on top of fabric. 本文的其余部分描述了我们称为原子交换的点对点合约的独特构造，以及如何使用它来构建具有集中式替代方案的速度、可用性和流动性的点对点交换。通过解决跨链原子交换长期存在的问题，我们描述了如何在fabric之上构建信任最小化的交换。 We also describe how our approach fixes the well-known problems associated with current Layer 1 and Layer 2 swaps. Moreover, it describes how liquidity in all the decentralized financial applications can be aggregated across a network of traders by homogenizing and matching orders across trades, using a zero-knowledge system with proofs for order book execution. In addition, we show how our construction introduces partial order execution and composability to cross, -chain atomic swaps, how they can be composed into arbitrarily complex contracts for lending, borrowing, derivatives and other financial primitives. 我们还描述了我们的方法如何修复与当前第1层和第2层交换相关的众所周知的问题。此外，它描述了如何在所有分散的金融应用程序中，通过在交易中均质化和匹配订单，使用零知识系统和订单簿执行证明，在交易者网络中聚合流动性。此外，我们展示了我们的构造如何将部分订单执行和可组合性引入到跨链原子互换中，如何将它们组合成任意复杂的贷款、借款、衍生品和其他金融原语合同。 Finally, we describe how the concepts herein can be generalized to build decentralized, censorship-resistant applications, thus allowing fully-featured, trust- minimized web scale ap- plications built on Bitcoin. 最后，我们描述了如何将这里的概念推广到构建去中心化的、不受审查的应用程序，从而允许基于比特币的全功能、信任最小化的网络规模应用程序。

Introduction 简介 Decentralized finance is poised to grow rapidly, while at the same time is getting highly frag-mented. Many Centralized providers of pseudo-decentralized" financial services are at risk of getting hacked, shut down by legal and extralegal threats and expose sensitive, private lser information to hackers and other malicious third parties. The path to DeFi adoption runs through a unified, easy to use and secure protocol that integrates with all the different DeFi services, but does so without incorporating any new security vulnerabilities or compromising the decentralization, censorship resistance or pseudonymity of the underlying chains and protocols. 分散化金融将迅速发展，同时变得高度分散。许多“伪分散”金融服务的集中式提供商面临被黑客攻击、被法律和法律外威胁关闭的风险，并将敏感的私人lser信息暴露给黑客和其他恶意第三方。采用DeFi的途径是通过一个统一、易于使用和安全的协议，该协议集成了所有不同的DeFi服务，但这样做不会引入任何新的安全漏洞，也不会损害底层链和协议的分散性、审查阻力或假名。

Page5 第5页 Centralized middlemen to DeFi 集中的中间商到DeFi Centralized financial services built on top of blockchains ( pseudo- -decentralized Finance"represents the following threats: 建立在区块链之上的集中金融服务（伪去中心化金融）代表了以下威胁。

1. Security: They act as single "economic nodes" and therefore are central points of failure and negate the decentralization of underlying blockchains. 安全性：它们充当单一的“经济节点”，因此是故障的中心点，否定了底层区块链的去中心化。

2. Censorship: They can and do censor transactions and blacklist and whitelist addresses, nullifying censorship resistance provided by blockchains, 审查：他们可以也确实审查交易和黑名单和白名单地址，使区块链提供的审查阻力无效。

3. Privacy: They can lose sensitive client data as well as fundsl. 隐私：他们可能会丢失敏感的客户数据和资金。 Despite these flaws, most DeFi protocols have seen a broad interest from the crypto community. Centralized exchanges that offer various services such as lending, borrowing and derivatives have a near complete market share of crypto (as of this writing) because of their advantages in speed, liquidity, and user experience over decentralized alternatives. 尽管有这些缺陷，大多数DeFi协议已经引起了加密社区的广泛兴趣。提供各种服务（如贷款、借款和衍生品）的集中式交易所拥有接近完整的加密市场份额（截至本文撰写之时），因为它们在速度、流动性和用户体验方面优于分散式交易所。 Portal fixes this. 门户修复这个问题。

   Page6 第六页 Fabric: A Decentralized Computation Market for Execut-ing Financial Primitives 结构：执行金融原语的分散计算市场 Fabric is a Layer 3 peer-to-peer market for computation. The system implements ephemeral compute infrastructure using Smart Contracts on different blockchains (i.e. Bitcoin and Bitcoin-like chains like Zcash, Litecoin, etc, and Ethereum and other smart contract-based chains). A user can compose a secure multi-party circuit over which they can compute some program, typically written in a higher-order language or visually composed with an editor. This is based on encrypted information supplied to the program as part of a homomorphically- encrypted cryptosystem. 结构是计算的第3层对等市场。该系统在不同的区块链使用智能合约实现短暂的计算基础设施（即比特币和类似比特币的链，如Zcash、Litecoin等，以及Ethereum和其他基于智能合约的链）。用户可以构建一个安全的多方电路，通过该电路他们可以计算一些程序，这些程序通常是用高阶语言编写的，或者是用编辑器可视化编写的。这是基于作为同态加密密码系统的一部分提供给程序的加密信息。 1)Alice generates some prover program P. Alice生成某个验证程序P。 2)Alice makes available some amount A of digital currency C Alice提供了一定量的数字货币C。   Page7 第七页 3)Alice publishes a proof that a class of solutions exists in which outcome X results from some input space I.

A Coin Swap as a fee for computation 作为计算费用的硬币交换 As an example, we illustrate how a simple "coin swap" works in the peer-to-peer computation marketplace. 作为一个示例，我们将说明一个简单的“硬币交换”如何在点对点计算市场中工作。

Setup 安装 Alice bonds her Bitcoin into an HTLC hash, refundable to her after 90 days (144 x 90 blocks on the Bitcoin blockchain). Alice将她的比特币绑定到HTLC哈希中，90天后可退还给她（比特币区块链上的144 x 90个区块）。

Alice finds a Peer Alice找到了一个同伴 Fund recovery:At this point, Alice's risk is a total loss of funds, but this is a worst -case scenario and only if she loses her keys. In all other cases, Alice can fully recover her funds after 90 days. 资金回收：在这一点上，Alice的风险是资金的全部损失，但这是最坏的情况，只有在她丢失钥匙的情况下。在其他情况下，Alice可以在90天后完全收回她的资金。

Page 8 第八页 Key Insight 重要见解 Once Alice finds a peer, further contract executions require her signature to continue. By composing long chains of unsigned transactions, Alice can selectively unlock portions of her funds for solutions to "puzzles" in the larger transaction graph. Expanding on this technique, we can compute long-running states, even cycles, over some ephemeral (yet mutual) state. 一旦Alice找到同伴，进一步的合同执行需要她的签名才能继续。通过组成长串未签名的交易，Alice可以有选择地解锁部分资金，用于解决更大交易图中的“难题”。在这种技术的基础上，我们可以在一些短暂的（但相互的）状态上计算长期运行的状态，甚至周期。

Page9 第九页 In the Portal system, we call these threads. Let's explore how such a thread is created. 在Portal系统中，我们调用这些线程。让我们来探索如何创建这样的线程。 Alice deposits Bitcoin into the Network Alice将比特币存入网络 Alice now wants to unlock her Bitcoin for use in her network, so she generates some secrets and generates the sha256 sum (preimage hash). Alice现在想要解锁她的比特币以便在她的网络中使用，所以她生成了一些秘密并生成了sha256和（原图像哈希）。 Alice does not broadcast this transaction, but signs it and passes it off to Bob for his safekeeping. Bob, the partner in Alice's transaction, can only claim the funds in this channel when he also knows the secret, either by observing the network or by learning it from Alice directly. Alice maintains at least one of these channels per peer, by nature of construction. In our reference implementation, we designate 32 as the target network size, but in practice, networks will be larger. Alice没有广播这笔交易，但签署了它，并把它交给Bob保管。Alice交易的合伙人Bob，只有在他也知道这个秘密的情况下，才可以通过观察网络或者直接从Alice那里了解到这个秘密，来认领渠道资金。根据构造的性质，Alice为每个对等体维护至少一个这样的通道。在我们的参考实现中，我们将32指定为目标网络大小，但实际上，网络会更大。

Page10 第十页 Bob deposits Altcoin Bob存入Altcoin硬币 Bob, also a member of the network, is able to compose a transaction which is spendable to Alice, but she'll have to reveal S to do so. Alice can hand over the secret directly to Bob to ensure her outstanding channels remain open, or simply broadcast the transaction on chain to begin the settlement process. Now, given that the facilitator has a fee included for himself, the order shown below can continue to get filled, until the inputs equal the outputs, at which time, it can be broadcast and be settled on layer 1. Notice that the composability here comes from using special transaction flags Sighash_ Single/Sighash_ Anyone_ can_ pay or Sighash_ All/Sighash_ Anyone can pay. Bob也是这个网络的一员，他能够完成一笔可以让Alice消费交易，但她必须透露S才能完成。Alice可以直接将秘密交给Bob，以确保她未完成的渠道保持开放，或者简单地在链上广播交易，以开始结算过程。现在，假设主持人自己有一笔费用，下面显示的订单可以继续填充，直到输入等于输出，此时，它可以被广播并在第1层结算。请注意，这里的可组合性来自于使用特殊的事务标志Sighash _ Single/Sighash _ any _ can _ pay或Sighash _ All/Sighash _ any _ can _ pay。

Page11 第十一页   Page12 第十二页 This system makes private transactions possible for any blockchain. Given that the private key Alice uses to sign I is only held by Alice, the funds sent to the contract can only be controlled by either Alice or the party that "computes" the solution that unlocks funds from A, a decentralized marketplace for financial transactions exists, if the following conditions are met: 这个系统使得任何区块链人都可以进行私人交易。假设Alice用来签署I的私钥仅由Alice持有，发送到合同的资金只能由Alice或“计算”从A解锁资金的解决方案的一方控制，如果满足以下条件，则存在金融交易的分散市场： 1)Facilitation (i.e, aggregation of supply and demand) is incentivized, and 促进作用（即供给和需求的聚合）受到激励； 2)Identity of the transactors is hidden from the facilitator 事务处理程序的身份对调解人隐藏 Both these properties can be guaranteed by fixing problems in layer 1 (Tier-Nolan) swap. 这两个属性都可以通过修复第1层(Tier-Nolan)交换中的问题得到保证。 Atomic Swap: The Fundamental Primitive of DeFi 原子交换：DeFi的基本原语 A swap contract is a two party trade between assets belonging to two different blockchains. and constitutes the fundamental unit of trade between two parties. Unfortunately, until now, 互换合约是属于两个不同区块链的资产之间的双方交易。并构成双方贸易的基本单位。

Page13 第十三页

the problem of“"swapping”coins belonging to two different blockchains between untrusted parties remained unsolved. “在不受信任的各方之间交换属于两个不同区块链的货币的问题仍然没有解决。”

Layer 1 Atomic Swaps 第1层：原子交换 “Atomic" swaps”, initially thought of as a solution to the problem of trust-minimized cross-chain exchange, have not advanced enough to provide a viable alternative to centralized exchanges. 原子交换最初被认为是解决信任最小化的跨链交换问题的解决方案，但它还不够先进，无法为集中式交换提供可行的替代方案。 The fault in our swaps 互换错误 Atomic swaps were first proposed as a solution to the“exchange risk”in 20133. The classic Tier Nolan Atomic swap uses Hash Time Locked Contracts (HTLCs) and is well understood to have the following problems: 原子互换最早是在20133年作为解决“汇率风险”的方案提出的。经典的Tier Nolan原子交换使用哈希时间锁定契约(HTLCs)，并且众所周知存在以下问题：

1. Facilitation: The classic Tier Nolan atomic swap does not have incentives built into the protocol itself for the swaps to be facilitated by any third parties 1)促进：经典的Tier Nolan原子交换协议本身并没有让任何第三方促进交换的激励机制

2. The“Inadvertent Call Option”*: In a trade, the party holding the preimage gets an option but is not obligated to buy the counterparty's coins for a fixed exchange rate before time lock expiration. This is called an“Inadvertent American call option”. If the price moves against the trade, it can be aborted anytime. 2)“无意看涨期权”***：在交易中，持有原像的一方获得期权，但没有义务在时间锁定到期前以固定汇率购买交易对手的硬币。这被称为“无意中的美国看涨期权”。如果价格逆市波动，随时都可能流产。**

3. Liquidity Trolling/Lockup Griefing: The party that acts second (i.e, the one without the preimage) can make the party with the preimage lock up liquidity for significant periods of time with no intention of following through. 流动性陷阱/锁定破坏：第二方（即没有原像的一方）可以让有原像的一方在很长一段时间内锁定流动性，而没有后续行动的意图。 "An atomic transaction is a series of operations that is indivisible and irreducible. It means that either the entire series of operations happen or none of them happen. “原子事务是一系列不可分割、不可约的操作。这意味着要么整个系列的操作发生，要么它们都不发生。”

Page14 第十四页 4. Speed: On Bitcoin and other chains, lock times of HTLCs have to be long enough because the security comes from the time difference between the holder of the preimage and counterparty locking funds in HTLCs and the block production times, since confirmation cycles vary around the mean block time. This lag makes them unsuitable for spot exchange. 4)速度:在比特币和其他链上，HTLCs的锁定时间必须足够长，因为安全性来自于HTLCs中预映像和交易对手锁定资金的持有人与区块生产时间之间的时间差，因为确认周期围绕平均区块时间而变化。这种滞后使得它们不适合现货交易。 5. Coordination Costs: Swaps can fail after agreeing on exchange rate (wasted negotiation) because agreements prior to both parties commitments are non-binding. This discourages parties from negotiating. 5)协调成本：由于双方承诺之前的协议不具有约束力，因此互换在商定汇率后可能会失败(浪费谈判时间)。这阻碍了各方谈判。

Page15 第十五页 Layer 2 swaps 第2层交换 As of this writing, only one Layer 2 swap protocol exists'. Arwen was designed for trading between a centralized exchange and its users. Note that in this case, the exchange does not play the role of an exchange but that of a trading desk or OTc desk, counterparty to its users. In Arwen, both the user and the exchange lock up their coins in on-chain escrow smart contracts, and "pair their escrows by exchanging their respective Public Key Hash (PKH). Henceforth, all trades involve off. -chain passing of signed (but not posted) transactions. These are between the two parties that update balances from the escrows between the centralized exchange and the user until the escrows are closed. Transactions are therefore fast and happen at near-zero cost. 在撰写本文时，只存在一个第2层交换协议。阿尔温是为中央交易所和它的用户之间的交易而设计的。请注意，在这种情况下，交易所不扮演交易所的角色，而是扮演交易台或OTc台的角色，即其用户的交易对手。在阿尔温，用户和交易所都将其硬币锁定在链上托管智能合约中，并“通过交换各自的公钥散列来配对它们的escrow”(PKH)。从今以后，所有的交易都停止了。已签署（但未过账）交易的连锁传递。这是在集中交易所和用户之间的电子交易记录中更新余额的双方之间，直到电子交易记录关闭。因此，交易速度很快，成本几乎为零。 Limitations: 局限性 1)Dependence on identity: Arwen protocol depends on the real-world reputation of centralized exchange companies to circumvent the inadvertent call option problem. 对身份的依赖：阿尔温协议依赖于集中式交换公司的真实世界声誉来规避无意中的看涨期权问题。 They are expected to act in a manner that protects their reputation and not strategically cancel trades. But it is not a guarantee enforced by the protocol. The user needs to trust that the exchange cares about its reputation enough to voluntarily forego the profits from the free options it owns. The assumption that reputational risk" is enough of a deterrent from strategic manipulations of orders and order books is not borne by evidence. Despite reputational costs of manipulating order books, many of the world's top exchanges continue the practice. Arwen protocols have no rational economic incentives to mitigate this. 他们应该以保护自己声誉的方式行事，而不是战略性地取消交易。但这不是协议强制执行的保证。用户需要相信交易所足够关心自己的声誉，从而自愿放弃其拥有的免费期权的利润。声誉风险“足以阻止对订单和订单簿的战略性操纵”的假设没有证据支持。尽管操纵订单会造成声誉损失，但许多世界顶级交易所仍在继续这种做法。阿尔温协议没有合理的经济动机来缓解这种情况。 2) Not Peerable: As the authors admit in their whitepaper, Arwen is purpose-built for users to trade against centralized exchanges, not with other peers at centralized exchanges. An anonymous, peer-to-peer cross-chain exchange is not implementable using Arwen. 不可比拟：正如作者在他们的白皮书中所承认的，阿尔温是专门为用户在集中交易所进行交易而设计的，而不是与集中交易所的其他同行进行交易。匿名的、对等的跨链交换不能使用阿尔温来实现。 3) Incompatibility with exchange" business model: Arwen protocols require centralized exchanges to become trading desks and market makers, revamping their existing business models. 与交易所“不兼容”的商业模式：阿尔温协议要求集中式交易所成为交易台和做市商，改造其现有的商业模式。

Page16 第十六页 Properties of Portal 门户网站性质 The Portal system incentivizes exchanges to facilitate swaps, while being anonymous to the user. The technical goals of this swap protocol are to ensure the following properties: 门户系统鼓励交易所促进互换，同时对用户是匿名的。此交换协议的技术目标是确保以下属性：

1. Fairness ( "Priced Optionality" ): The party with the option pays a fair market price for that option (henceforth reclaimable deposit" ). 1)公平(“定价期权”)：期权方为该期权支付公平的市场价格(此后可回收保证金)。

2. Facilitation: Neutral, anonymous third parties ( Facilitators" ) are economically incentivized to coordinate users who don't know each other and facilitate swaps by providing resources. 2)促进:中立、匿名的第三方(“促进者”)在经济上受到激励，协调互不认识的用户，并通过提供资源促进互换。 (Resources include: user onboarding, order aggregation, fair pricing service for the option/ reclaimable deposit, and services on-par with centralized exchanges like execution speed, liquidity & user experience) (资源包括:用户入职、订单汇总、期权/可回收存款的公平定价服务，以及与集中式交易所同等的服务，如执行速度、流动性和用户体验)

3. Trust-minimization: Collusion between any of the trading parties (Party, Counter-party and Facilitator) does not allow theft of any party's coins. 3)信任最小化:任何交易方(交易方、对方和服务商)之间的串通不允许窃取任何一方的硬币。 We show that given the constraints of Bitcoin opcodes (as of the day of this writing), all three of the above can be achieved if the swap participants have: 我们表明，给定比特币操作码的约束条件(截至本文撰写之日)，如果交换参与者具备上述三个条件，上述三个条件都可以实现： 1)A minimum amount of both the assets involved in the trade, and 交易中涉及的资产最小值； 2)Key pool files on blockchains of both the assets 两个资产的区块链上的密钥池文件 In the absence of either of the above, we show that we can still achieve Facilitation + Fairness, or Facilitation + Trust-minimization, but not all three. 在没有上述任何一种情况下，我们表明我们仍然可以实现便利化+公平，或便利化+信任最小化，但不是所有这三种。

Page17 第十七页 A Trust-minimized, Atomic Swap Protocol 信任最小化，原子交换协议 These are the building blocks for our protocol are HTLCs on Bitcoin (and other UTXO chains) and smart contracts on Ethereum (and other smart contract blockchains). 这些是我们协议的构建模块，它们是比特币(和其他UTXO链)上的HTLCs和以太网(和其他区块链智能合约)上的智能合约。 Case 1: Setup 案例1：安装 Alice and Bob want to trade. Alice wants to sell her BTC for LTC, and Bob wants to sell his LTC for BTC. Alice has both BTC and LTC in her Wallet. Bob has LTC in his wallet, but his Bitcoin wallet is empty. The facilitator relays messages between both users using a mailbox. Alice和Bob想交易。Alice想把她的BTC卖给LTC，Bob想把他的LTC卖给BTC。Alice的钱包里既有BTC，也有零担。Bob的钱包里有LTC，但他的比特币钱包是空的。主持人使用邮箱在两个用户之间传递消息。

1. Alice gets the price feed" from either the facilitator or a third party. She decides to swap 10 BTC for 100 LTC.

   Alice从服务商或第三方获得“价格反馈”。她决定用10 BTC换100立特。

2. Alice initiates the swap by sending a request for swap to the facilitator. This communicates to the facilitator her order size/ trading pair and requests the deposit price.

   Alice通过向主持人发送交换请求来启动交换。这将向主持人传达她的订单规模/交易对，并要求支付定金。

3. Facilitator responds with: 主持人反应： a) a reclaimable deposit price, 可回收的押金价格 b) Its fee, and 计费终端 c) its Public Key Hashes on both BTC and LTC. The facilitator takes into account the size of order, the price of the asset and the volatility of the asset, using an options pricing method such as binomial options pricing or other methods. The deposit is quoted in the counterparty currency. For the sake of this example, we assume that the deposit is "5 LTC" and the fee for a successful swapis "0.1 BTC +1LTC". c)它在BTC和LTC上的公钥散列。主持人考虑订单的大小、资产价格和资产波动性，使用期权定价方法，如二项式期权定价或其他方法。存款以交易对手货币报价。为了这个例子，我们假设存款是“5立特”，成功的swapis的费用是“0.1 BTC+1立特”。

4. IF Alice has > 5 LTC in her wallet, she goes to step 5; ELSE she goes to Case 2. 4)如果Alice钱包中有> 5 LTC，则转到步骤5；否则她会去第二个案子。

Page18 第十八页 5) Alice generates a random preimage (“secret” ). Alice then constructs the following two partial transactions: one bitcoin transaction and one litecoin transaction (a & b below), then sends 3 pieces of data to the exchange: 5) Alice生成一个随机的前像(“秘密”)。Alice随后构建了以下两个部分交易:一个比特币交易和一个litecoin交易（见下文a & b），然后向交易所发送3条数据： a) A partial HTLC on Bitcoin chain: Input is 10 BTC from Alice, left blank. Time lock is set to 2 days. Output is locked at 10 BTC + 0.1 BTC (left blank for Bob to fill). A)比特币链上的部分HTLC：输入是Alice的10 BTC，留空。时间锁定设置为2天。输出锁定在10 BTC + 0.1 BTC（留空白供Bob填写）。 (i) HTLC conditions: Before 2 days, blank can sign if he reveals Alice's secret. In this case, a fee is paid to the facilitator's address upon a successful swap. (一)HTLC条件：2天前，如果布兰克泄露了Alice的秘密，他可以签字。在这种情况下，交换成功后会向主持人的地址支付费用。 (i) Alice can refund herself her 10 BTC (minus transaction fee). Facilitator gets zero fee. (I)Alice可以退还自己10 BTC(减去交易费)。辅导员零费用。 b) A partial HTLC on Litecoin chain (the deposit transaction): This takes as input, 5 LTC from Alice, Output locked at 105 LTC.100 LTC input left blank. HTLC conditions: Litecoin链上的部分HTLC(存款交易):这将Alice的5立特作为输入，输出锁定在105立特。100立特输入留空。HTLC条件： (i) Before 1 day, Alice can claim LTC by revealing her secret. In this case, the facilitator gets 1 LTC (the fee) andAlice gets 104 LTC (this essentially reclaims Alice's deposit minus the facilitator fee). (一)在1天之前，Alice可以通过泄露自己的秘密来申请LTC。在这种情况下，主持人获得1立特（费用），而lice获得104立特（这基本上是回收Alice的存款减去主持人费用）。 (ii) After 1 day, Bob gets 105 LTC. Facilitator gets nothing. (二)1天后，Bob获得105立特。辅导员什么也得不到。     Page19 第十九页 c) Hash of her secret 她的秘密 Note: Notice that if Alice does not go through with the swap, Alice loses her deposit and Bob gets it. If she does, within the time lock, she can reclaim her deposit. This is what makes it a reclaimable deposit" 注意：请注意，如果Alice没有完成交换，Alice会失去存款，Bob会得到存款。如果她这样做了，在时间锁定内，她可以收回她的存款。这就是它成为可回收矿床的原因。 6) Facilitator checks the transactions, verifies PKHs were included in both the HTLCs in the success swap branches, and the amounts match the message previously sent in 3. Then Facilitator relays the swap request to all its users. 6)主持人检查交易，验证PKHs是否包含在成功交换分支的两个HTLCs中，金额是否与之前在3中发送的消息相匹配。然后，服务商将交换请求转发给所有用户。 7) Bob sees Alice's request on the "order book" that is visible in his wallet/client, and accepts the price. To accept, Bob does the following:

Page20 第二十页 9) Alice checks the partial HTLC, verifies that her PKH is included in the correct branch, makes sure that the hash of the secret Bob included in his Litecoin HTLC matches her Bitcoin HTLC. If it is verified, she adds her 10 BTC input, signs it and then broadcasts it to the Bitcoin chain. 9) Alice检查部分HTLC，验证她的PKH是否包含在正确的分支中，确保包含在他的Litecoin HTLC中的秘密Bob的散列与她的比特币HTLC匹配。如果验证通过，她会添加她的10 BTC输入，签名，然后将其广播给比特币链。 Note: This takes one on-chain confirmation cycle equivalent to current transfer to centralized exchange" delays. But unlike CEXs, there are no further delays as they would arbitrarily enforce due to a) CEX fractional reserve business models, and b) transaction aggregation to minimize on-chain transaction fees. 注意：这需要一个链上确认周期，相当于当前转移到集中交换的“延迟”。但与CEXs不同的是，由于a) CEX部分准备金业务模式，以及b)交易聚合以最小化链上交易费用，它们将任意执行，因此不会有进一步的延迟。 10) Bob can now add his 100 LTC input to his partial Litecoin HTLC, which then makes it a valid transaction (the inputs equal or exceed the outputs). If he doesn't, he pays the facilitation fee to Alice instead of Facilitator. This is Bob's "deposit that prevents him from lockup griefing Alice. 10) Bob现在可以将他的100 LTC输入添加到他的部分Litecoin HTLC，然后使其成为有效交易（输入等于或超过输出）。如果他不这样做，他将向Alice而不是调解人支付调解费。这是Bob的“存款，防止他锁定悲伤的Alice。 11) Alice waits for one Litecoin confirmation cycle and then claims her 4 LTC deposit plus Bob's 100 LTC (total of 104). 1 LTC goes to Facilitator. 11) Alice等待一个Litecoin确认周期，然后申领她的4 LTC存款加上Bob的100 LTC(总共104)。1 LTC转交给辅导员。 12) Bob then claims Alice's BTC on the Bitcoin chain. 0.1 BTC goes to Facilitator. 12)Bob随后声称Alice的BTC在比特币链上。0.1 BTC求助于主持人。 The swap is successfully executed. 交换执行成功。 Note: Notice that the total cycle is 2 confirmations. This is, at most, equivalent to transferring an asset to a centralized facilitator and withdrawing after the trade. 注意:请注意，整个周期是2次确认。这至多相当于将资产转移到一个集中的服务商，并在交易结束后提取资产。 Outcome branches 结果分支

1. Alice's Cancellation: After requesting a swap, Alice can cancel anytime before Bob commits by adding his 100 LTC and broadcasts to the chain.

2. Alice的取消:在请求交换后，Alice可以在Bob提交之前的任何时间通过添加他的100 LTC并广播到链中来取消。 a) If Alice cancels her order and spends her LTC, when Bob tries to execute , the Litecoin chain rejects one of the inputs to his HTLC. a)如果Alice取消订单并花费她的LTC，当Bob试图执行时，Litecoin链会拒绝他的HTLC的一个输入。

   Page 21 第二十一页 b) Alice can then claim her BTC back after 2 days. Alice可以在两天后取回她的BTC。

3. Success: 成功： a) Alice claims her LTC, enabling Bob to claim her BTC. She can claim Bob's LTC + her premium of 5 LTC (minus facilitator fee) anytime before 1 day, by revealing her secret X on LTC chain. Facilitator gets paid a fee. a)Alice认领了她的LTC，使Bob能够认领她的BTC。她可以在1天之前的任何时候，通过在LTC链上透露她的秘密X，来索取Bob的LTC +她5 LTC的溢价（减去培训费）。辅导员会得到报酬。 b) Bob can claim his BTC: Anytime after Alice claims her LTC, but before 2 days. b)Bob可以认领他的BTC:在Alice认领她的LTC之后的任何时候，但在2天之前。

4. Failure: If Alice does not reveal secret X by T2, Bob can get 105 LTC (his 100 LTC plus Alice's option premium). Alice gets her BTC + facilitator fee after T¡. Facilitator does not get a fee. Alice loses her premium. 3)失败:如果Alice没有泄露T2的秘密X，Bob可以获得105 LTC(他的100 LTC加上Alice的期权溢价)。Alice在T之后获得她的BTC +主持人费用。主持人不获得费用。Alice失去了她的保险费。 Analysis 分析 Fairness in Optionality: 公平的可选性： There are two ways to mitigate the unfairness of an inadvertent call option inherent in atomic swaps: 有两种方法可以减轻原子交换中无意的买入期权的不公平性： 1)Eliminate the unintended option, or 消除无意识的选项； 2)Internalize the cost of an option so that the option is "priced in" with the cost of the swap. 内部化期权的成本，使期权与互换成本一起“定价”。 Eliminating the inadvertent option on Layer 1 is not possible, as separate blockchains do not communicate with each other. Instead, Portal internalizes the price of the option in the form a "reclaimable deposit/ bond"

Page22 第二十二页 Facilitation: 简易化

1. Fairly pricing the“reclaimable deposit”: The burden of accurately pricing the option is taken off Alice because the swap facilitator is incentivized to appropriately price the option aligned with the market. If the option price is too high, Alice won't buy, and the facilitator earns nothing. If it is too low, Bob won't sell, and the facilitator earns nothing. Only a successful swap pays the facilitator. 1)公平定价“可回收存款”:准确定价期权的负担从Alice身上卸下，因为互换促进者被激励对与市场一致的期权进行适当定价。如果期权价格太高，Alice不会买，主持人什么也赚不到。如果太低，Bob就不卖了，主持人也赚不到钱。只有成功的交换才能给服务商带来回报。

2. Coordination: Facilitator is incentivized to: 2)协调：激励促进者 a) connect Alice with Bob using a relay service a)使用中继服务连接Alice和Bob b) maintain and aggregate swap requests (“order book”), b)维护和汇总互换请求（“订单”） c) provide a good user experience, and c)提供良好的用户体验 d) make sure that all messages are relayed between them. d)确保所有的信息都在他们之间传递

Note: If the above protocol halts at any stage of the success branch, the facilitator does not get paid. 注意：如果上述协议在成功分支的任何阶段停止，主持人将不会得到报酬。

Trust-Minimization: 信任最小化 Neither Alice colluding with Bob nor Alice and/or Bob colluding with the facilitator risks losing the any party's coins, if the third party follows the protocol fully. 如果第三方完全遵循协议，那么Alice与Bob勾结或Alice和/或Bob与主持人勾结都不会有丢失任何一方硬币的风险。 None of the elements of the swap require a trusted third party to control coins of any participant. Alice controls her coins until the swap request is accepted, Bob controls his coins until he accepts the swap, and Facilitator gets his coins successful execution. Alice broadcasts her own Bitcoin HTLC to Bitcoin chain, Bob broadcasts his Litecoin HTLC to Litecoin chain. 交换的所有要素都不需要可信的第三方来控制任何参与者的硬币。Alice控制她的硬币，直到交换请求被接受，Bob控制他的硬币，直到他接受交换，主持人得到他的硬币成功执行。Alice向比特币链广播自己的比特币HTLC，Bob向比特币链广播自己的Litecoin HTLC。

Analysis of Usability 可用性分析 1)Alice's“request” for a swap requires her to lock her Bitcoins in an HTLC on-chain. Alice的交换请求要求她将比特币锁在HTLC链上。 This requires no more time or transaction fees than transferring BTC to a centralized exchange before trading. 这并不比在交易前将比特币转移到集中交易所需要更多的时间和交易费用。   Page23 第二十三页 2) Alice's request, Bob's PKH relay, and Facilitator's PKH relay are all off-chain communications at Layer 2 and therefore happen fast. 2) Alice的请求，Bob的PKH中继，Facilitator的PKH中继都是在第2层的下链通信，因此发生得很快。 3) Facilitator maintains and displays all swap requests on its order book. All of them are partially-constructed HTLCs and have no need to be broadcast to their chains yet. 3) Facilitator维护和显示其订单上的所有交换请求。它们都是部分构建的htlc，还不需要向它们的链传播。 This makes the experience as fast and usable as CEXs. 这使得体验像CEXs一样快速和可用。 4) Cancellation option: Alice can cancel her order anytime before Bob accepts by simply sending her input into Litecoin HTLC elsewhere or back to a change address that she owns. The possibility of a race condition is resolved by the LTC blockchain. This requires no more steps than pressing a "cancel" button. 4)取消选项:Alice可以在Bob接受之前的任何时候取消她的订单，只需将她的输入发送到其他地方的Litecoin HTLC或返回到她拥有的更改地址。区块链LTC解决了比赛条件的可能性。这不需要比按“取消”按钮更多的步骤。 5) To make sure that no party abandons its activity in the middle of a swap (either by going offline or for other reasons) all steps except 1 & 2 can be automated on the client side (exchange app or directly within a noncustodial wallet app). This makes the user experience seamless and comparable - or superior - to centralized exchanges. 5)为了确保在交换过程中没有任何一方放弃其活动（无论是通过离线还是出于其他原因），除1和2之外的所有步骤都可以在客户端自动执行（交换应用程序或直接在非监管钱包应用程序中）。这使得用户体验无缝，与集中式交换相当或更好。 Drawbacks 退税

1. Here, the initiating party needs to already have the asset being purchased and access to a true multi-currency wallet that supports both BTC and LTC. 1)在这里，发起方需要已经购买了资产，并访问一个真正的多货币钱包，支持BTC和LTC。

2. Both parties need to be online during the swap, or have access to a client that follows the protocol without fail from beginning to end. 2)交换过程中，双方都需要在线，或者都能访问到一个从头到尾都遵守协议的客户端。 Note: Portal is a multi-currency wallet that performs both of these functions. 注意：门户是执行这两个功能的多货币钱包。 Case 2: Initiator does not have assets on counterparty's blockchain. 案例2：发起人在交易对手的区块链上没有资产。 In this case, we have three possibilities. 在这种情况下，我们有三种可能。

   Page24 第二十四页

3. The swap initiator purchases the asset they need to deposit, using one of the following pathways Alternate construction # 2 or Alternate construction # 3 1)交换发起者购买他们需要储存的资产，使用以下途径之一替代结构# 2或替代结构# 3

4. Alternate construction # 2 minimizes transaction fees and wait time by compressing the initial transaction into one of the HTLCs, but sacrifices trust-minimization to gain usability with lower transaction fees. 2)替代构造# 2通过将初始事务压缩到一个HTLCs中来最小化事务费用和等待时间，但是牺牲信任最小化来获得更低事务费用的可用性。 Alternate construction # 3 sacrifices fairness in favor of trust-minimization. It makes both transactions trustless, but requires two transaction fees and two wait times. The first transaction in this construction is a Layer 1 Tier Nolan atomic swap, but problems are limited in scale only to the cost of the second transaction's reclaimable deposit. 替代结构# 3牺牲了公平性，支持信任最小化。它使两个交易都不可信，但是需要两个交易费用和两个等待时间。该构建中的第一个事务是第1层诺兰原子交换，但问题仅限于第二个事务的可回收存款成本。 Construction (# 1): 建设1：

5. Alice wants to swap her 10 BTC for 100 LTC. She sends a message to the facilitator with this request.

6. Alice想用10个BTC换100个LTC。她向主持人发送了一条消息，提出了这个请求。

7. She sets a price of 100 LTC 110 BTC.

Page26 第二十六页 b) Bob will claim his LTC plus Alice's option premium, paying zero fee to the facilitator. b) Bob将要求他的LTC加上Alice的期权溢价，向主持人支付零费用。 13) If Alice does not claim her LTC, in the refund path the facilitator receives .5 BTc to compensate for the LTC it sent for Alice's deposit. 13)如果Alice没有申请她的零担，在退款路径中，服务商会收到0.5个零担，以补偿它为Alice的押金发送的零担。 Outcome branches 结果分支

1. After requesting a swap, Alice cannot cancel the swap without facilitator's cooperation before Bob commits. Alice can send a Cancel" request to the facilitator to have the facilitator send the input elsewhere. 1)在请求交换后，在Bob提交之前，如果没有协调者的合作，Alice无法取消交换。Alice可以向主持人发送“取消”请求，让主持人将输入发送到其他地方。

2. Cancellation: If Alice/ Facilitator cancels the order and spends the LTC, when Bob tries to execute" , the Litecoin chain rejects one of the inputs to his HTLC. Alice can then claim back her BTC after T]. The facilitator gets paid a fee. 2)取消：如果Alice/主持人取消订单并花费LTC，当Bob尝试执行时，Litecoin链会拒绝他的HTLC的一个输入。Alice可以在T]之后取回她的BTC。辅导员会得到报酬。

3. Success:成功 a) Alice claims Bob's LTC, enabling Bob to claim her BTC. She can claim Bob's LTC + her premium of 5 LTC anytime before Tg by revealing the secret X on Litecoin chain. Facilitator gets paid a fee. a)Alice主张Bob的LTC，使Bob能够主张她的BTC。她可以在Tg之前的任何时候，通过在Litecoin链上泄露秘密X来索取Bob的LTC +她5 LTC的溢价。辅导员会得到报酬。 b) Bob can claim Alice's BTc anytime after Alice claims Bob's LTC, but before T¡. b) Bob可以在Alice主张Bob的LTC之后的任何时间主张Alice的BTc，但是在T之前。

4. Failure: If Alice does not reveal X by T? Bob can get 105 LTC (his 100 LTC plus Alice's option premium). Alice gets her 10 BTC back, but has to pay the facilitator 0.5 BTC. 4)失败：如果Alice没有通过T揭示X ?Bob可以得到105 LTC（他的100 LTC加上Alice的期权溢价）。Alice取回了她的10个比特币，但必须支付给服务商0.5个比特币。 Analysis (Pass/Fail) 分析(通过/失败) Fairness: Pass The swap is fair to both Alice and Bob. Neither one gets an inadvertent call option. This is similar to Construction # 1. 公平：通过交换对爱丽丝和鲍勃都是公平的。两人都没有意外的看涨期权。这类似于建设# 1。

   Page27 第二十七页 Facilitation: Pass 促进:通过

5. Option pricing: Facilitator is incentivized to price the option appropriately because pricing the option too high deters Alice from initiating the swap request, yet pricing it too low deters Bob from accepting the swap. 1)期权定价：激励主持人对期权进行适当定价，因为期权定价过高会阻止爱丽丝发起互换请求，而定价过低会阻止鲍勃接受互换。

6. Coordination: Facilitator is incentivized to connect Alice with Bob and to make sure that all messages are relayed between them. If the above protocol halts at any stage of the success branch, the facilitator does not get paid. Only the success branch results in a fee for the facilitator.

Facilitation: Pass 便利：通过

1. Option pricing: Facilitator is incentivized to price the option appropriately because pricing the option too high deters Alice from initiating the swap request, yet pricing it too low deters Bob from accepting the swap. 1)期权定价：由于期权定价过高会阻止Alice发起互换请求，而定价过低又会阻止Bob接受互换，所以推动者被激励适当地为期权定价。

2. Coordination: Facilitator is incentivized to connect Alice with Bob and to make sure that all messages are relayed between them. If the above protocol halts at any stage of the success branch, the facilitator does not get paid. Only the success branch results in a fee for the facilitator. 2)协调:协调人被激励连接Alice和Bob，并确保所有消息都在他们之间传递。如果上述协议在成功分支的任何阶段停止，则主持人不会得到报酬。只有成功分支才会为主持人收取费用。 Trust- -Minimization: Pass None of the transactions require trust in the counter-party of that transaction. Trust- minimization is preserved. 信任-最小化：通过没有任何交易需要对交易对手的信任。信任最小化得到了保留。 Analysis of Usability 可用性分析 a) Alice must perform two transactions: a) Alice必须执行两个事务：

3. Page31 第三十一页 (i) Her preliminary Swap1 transaction (to acquire LTC as a deposit for Swap2) takes time and incurs transaction fees, and (i)她的初步Swap1交易(收购LTC作为Swap2的保证金)需要时间并产生交易费用； (ii) Swap2 which proceeds according to the steps outlined in Construction # 1. (ii) Swap2，按照建设# 1中概述的步骤进行。 b) Alice's request, Bob's PKH relay, and Facilitator's PKH relay are all off-chain communications and therefore happen fast. b) Alice的请求，Bob的PKH继电器，服务商的PKH继电器都是下链通信，因此发生的很快。 c) Facilitator maintains and displays a cache of partially-constructed LTC transactions on the facilitator server. Because all transactions are off- chain until a swap request is accepted, it is therefore as fast and as usable as CEXs. c)促进者在促进者服务器上维护并显示部分构建的LTC事务的缓存。因为在交换请求被接受之前，所有事务都是链外的，所以它和CEXs一样快，一样有用。 d) Cancellation option: d)取消选项 (i) For Swap1 Alice cannot cancel once she initiates the swap. Facilitator can choose to participate or not after quoting a price to Alice. (I)对于交换1，一旦爱丽丝启动交换，她就不能取消。主持人可以在向爱丽丝报价后选择是否参与。 (ii) In Swape conditions are the same as Construction # 1.

Page33 第三十三页 Notice that this has the exact same security model as that described in section 1 swap contract, with no additional dependencies. 注意，它具有与第1节交换契约中描述的完全相同的安全模型，没有额外的依赖项。 This, therefore will provide a true P2P lending experience. It requires no escrow service or an exchange in the middle. The contracts used to lend and borrow themselves have incentives to encourage borrowers to pay back their loans on time, and for lenders to provide these loans knowing that they do not have to trust a third party. 因此，这将提供一个真正的P2P借贷体验。它不需要托管服务或中间的交换。用于借贷的合同本身就有激励机制，鼓励借款人按时偿还贷款，并让贷款人在不需要信任第三方的情况下提供这些贷款。 Derivatives: 衍生工具 The“inadvertent call option”problem described in section 1 where in a cross chain atomic swap, the party exercising the option gets it for free, is the exact problem that makes Portal a viable primitive for cross chain options trading. Imagine the layer 1 transaction described in section 1, but with a long enough timelock of days, months Dr longer, and it suddenly becomes an american call option on the locked asset, at the exchange rate determined in step 3. 第1节中描述的“无意看涨期权”问题，即在跨链原子互换中，行使期权的一方免费获得期权，正是这个问题使门户成为跨链期权交易的可行原语。想象一下第1节中描述的第1层交易，但是如果有足够长的天数、月数或更长的时间锁定，它会突然变成锁定资产的美式看涨期权，汇率在第3步中确定。 Conclusion: 结论： The innovations described herein create access to a decentralized dark pool via a private, fast, trust-minimized network accessible right inside a crypto user's wallet. Any user can now manage multiple blockchain assets, liabilities and financial services from within his wallet. 本文描述的创新通过加密用户钱包中可访问的私有、快速、信任最小化的网络创建了对去中心化暗池的访问。任何用户现在都可以从他的钱包中管理多个区块链资产、负债和金融服务。 Moreover, the security of our approach does not depend on off-chain or real-world identities of counterparties, nor of the entity facilitating these services. 此外，我们方法的安全性不依赖于链下或对手方的真实身份，也不依赖于提供这些服务的实体。 With Portal,“decentralized finance”becomes a service that any anonymous entity can provide for a competitive fee within open, transparent markets, with a security model as robust as Bitcoin mining. 借助Portal，“去中心化金融”成为一种服务，任何匿名实体都可以在开放、透明的市场中以有竞争力的费用提供这种服务，其安全模式与比特币开采一样稳健。

Page34 第三十四页 Code Resources 代码资源 https://github.com /Tides-Network/ Portal-MacOs https://github.com /Tides-Network/ portal- bridge htps://github.com fabriclabs https: //dev. fabric.pub/ https:/ /github.com [ FabricLabs fabric

Appendix A 附件A Flaws inherent to Decentralized Exchanges (DEXs) 去中心化交易所(DEXs)固有缺陷 DEXs have been touted as a solution'0 to exchange risk, but adoption among DEX users continues to be insignificant. DEXs typically include protocols that are chain-dependent. For example, 0x and Airswap only support ERC-20 tokens, Stellar's DEX only supports Stellar-based tokens, and Newdex and DEXEOS supports EOS-based tokens only. DEX一直被吹捧为解决外汇风险的‘0’，但在DEX用户中的采用仍然微不足道。dex通常包括依赖链的协议。比如0x和Airswap只支持ERC-20代币，Stellar的DEX只支持基于Stellar的代币，Newdex和DEXEOS只支持基于EOS的代币。 Well- known DEX problems include the latency inherent in submitting or cancelling orders on-chain and transaction fees involved in confirming orders or cancellations when order books are hosted on-chain. Here, slow execution, bad user experience and ilquidity are unavoidable. 众所周知的DEX问题包括在链上提交或取消订单的固有延迟，以及在订单簿托管在链上时确认订单或取消订单所涉及的交易费用。在这里，执行缓慢、用户体验不佳和流动性不足是不可避免的。 Some exchanges, such as 0x, AirSwap, EtherDelta, and IDEX, employ off-chain order books but are still plagued with latency and user experience problems. More concerning are their organizational centralization and systemic risks"'. In addition, DEXs expose order information to miners, who may then be able to strategically front-run orders and cancellations. This presents issues of privacy, which are compounded by users' concerns about exchanges knowing their real-world identities". 一些交易所，如0x、AirSwap、EtherDelta和IDEX，采用了离线订单，但仍然受到延迟和用户体验问题的困扰。更令人担忧的是他们的组织集中化和系统性风险。此外，dex向矿工公开订单信息，矿工随后可能能够战略性地提前处理订单和取消订单。这就带来了隐私问题，而用户担心交易所知道他们的真实身份，这又加剧了隐私问题”。

Page1 第一页 Portal: DeFi on Bitcoin 门户网站:DeFi on Bitcoin Duggirala,Chandra Martindale, Eric June 2020 2020年6月

Page2 第2页 Contents 目录 Contents 目录 Abstract 摘要 Introduction 简介 Centralized middlemen to DeFi 向DeFi集中中间商 Fabric: A Decentralized Computation Market for Executing Financial Primitives 结构：执行金融原语的分散计算市场 A Coin Swap as a fee for computation" 作为计算费用的硬币交换 Setup 安装 Alice finds a Peer Alice找到了一个同伴 Key Insight 重要见解 Alice deposits Bitcoin into the Network Alice将比特币存入网络 Bob deposits Altcoin Bob存入Altcoin硬币 Alice places an Order Alice下了订单 Bob places an Order Bob下订单 Charlie places an Order 查理下了订单 Atomic Swap: The Fundamental Primitive of DeFi 原子交换：DeFi的基本原语 Layer 1 Atomic Swaps 第1层：原子交换 The fault in our swaps 互换错误 Layer 2 swaps 第2层：交换 Limitations: 局限性 Properties of Portal. 门户网站性质 A Trust-minimized, Atomic Swap Protocol 信任最小化，原子交换协议 Case 1: Setup 案例1：设置 Outcome branches 结果分支 Analysis 分析 Fairness in Optionality: 公平可选性 Facilitation: 简易化 Trust-Minimization: 信任最小化 Analysis of Usability 可用性分析 Drawbacks 退税

Page3 第3页 Case 2: Initiator does not have assets on counterparty's blockchain. 案例2:发起人在交易对手的区块链上没有资产。 Construction (# 1): 建设1 Outcome branches 结果分支 Analysis (Pass/Fail) 分析(通过/失败) Fairness: Pass 公平：及格 Facilitation: Pass 促进：通过 Trust-Minimization: Fail 信任最小化：失败 Analysis of Usability 可用性分析 Drawbacks 缺点 Alternate Construction (# 2): 替代结构(# 2): Outcome branches 结果分支 Analysis 分析 Fairness: Fail 公平：失败 Facilitation: Pass 促进：通过 Trust-Minimization: Pass 信任最小化：通过 Analysis of Usability 可用性分析 Key Insight 重要见解 Censorship resistance 审查阻力 Composing More Complex Financial Contracts using Atomic Swaps 使用原子互换组合更复杂的金融合约 Interest Bearing Instruments: Lending & Borrowing 计息工具:借贷 Derivatives: 派生物 Conclusion: 结局 Code Resources 在代码中使用资源 Appendix A 附录A Flaws inherent to Decentralized Exchanges (DEXs) 分散式交易所固有的缺陷

Abstract 摘要 Here we unveil a multi-layered system purpose-built for allowing censorship-resistant financial (and non-financial) applications on top of the Bitcoin Network. This system allows for the secure establishment and execution of peer-to-peer agreements, including financial and nonfinancial contracts. Financial applications that can use this infrastructure include spot trading, lending, borrowing, investing, crowdfunding and cryptocurrency derivatives. Other decentralized and censorship-resistant applications such as communication networks, social media networks and others can be built as well on the same infrastructure. This system allows users to access all decentralized services from a non-custodial, user-controlled application or a wallet. Users can trade and contract with the speed, user experience, and liquidity of centralized alternatives, but without relinquishing control of assets or data to a trusted party in the middle. 在这里，我们推出了一个多层系统，旨在允许比特币网络之上的抗审查金融（和非金融）应用。该系统允许安全地建立和执行对等协议，包括金融和非金融合同。可以使用这一基础设施的金融应用包括现货交易、借贷、借贷、投资、众筹和加密货币衍生品。其他分散和抗审查的应用程序，如通信网络、社交媒体网络和其他应用程序也可以在相同的基础设施上构建。该系统允许用户从非保管的、用户控制的应用程序或钱包中访问所有分散的服务。用户可以使用集中式替代方案的速度、用户体验和流动性进行交易和签约，但不会将资产或数据的控制权交给中间的可信方。

Page4 第4页 The first part of this white paper gives an overview of the fabric peer-to-peer network. 本白皮书的第一部分概述了fabric点对点网络。 The rest of the paper describes our unique construction of a peer-to-peer contract called an atomic swap and how it can be used for building peer-to-peer exchanges that have the speed, usability and liquidity of centralized alternatives. By solving longstanding problems with cross -chain atomic swaps, we describe how a trust minimized exchange can be built on top of fabric. 本文的其余部分描述了我们称为原子交换的点对点合约的独特构造，以及如何使用它来构建具有集中式替代方案的速度、可用性和流动性的点对点交换。通过解决跨链原子交换长期存在的问题，我们描述了如何在fabric之上构建信任最小化的交换。 We also describe how our approach fixes the well-known problems associated with current Layer 1 and Layer 2 swaps. Moreover, it describes how liquidity in all the decentralized financial applications can be aggregated across a network of traders by homogenizing and matching orders across trades, using a zero-knowledge system with proofs for order book execution. In addition, we show how our construction introduces partial order execution and composability to cross, -chain atomic swaps, how they can be composed into arbitrarily complex contracts for lending, borrowing, derivatives and other financial primitives. 我们还描述了我们的方法如何修复与当前第1层和第2层交换相关的众所周知的问题。此外，它描述了如何在所有分散的金融应用程序中，通过在交易中均质化和匹配订单，使用零知识系统和订单簿执行证明，在交易者网络中聚合流动性。此外，我们展示了我们的构造如何将部分订单执行和可组合性引入到跨链原子互换中，如何将它们组合成任意复杂的贷款、借款、衍生品和其他金融原语合同。 Finally, we describe how the concepts herein can be generalized to build decentralized, censorship-resistant applications, thus allowing fully-featured, trust- minimized web scale ap- plications built on Bitcoin. 最后，我们描述了如何将这里的概念推广到构建去中心化的、不受审查的应用程序，从而允许基于比特币的全功能、信任最小化的网络规模应用程序。

Introduction 简介 Decentralized finance is poised to grow rapidly, while at the same time is getting highly frag-mented. Many Centralized providers of pseudo-decentralized" financial services are at risk of getting hacked, shut down by legal and extralegal threats and expose sensitive, private lser information to hackers and other malicious third parties. The path to DeFi adoption runs through a unified, easy to use and secure protocol that integrates with all the different DeFi services, but does so without incorporating any new security vulnerabilities or compromising the decentralization, censorship resistance or pseudonymity of the underlying chains and protocols. 分散化金融将迅速发展，同时变得高度分散。许多“伪分散”金融服务的集中式提供商面临被黑客攻击、被法律和法律外威胁关闭的风险，并将敏感的私人lser信息暴露给黑客和其他恶意第三方。采用DeFi的途径是通过一个统一、易于使用和安全的协议，该协议集成了所有不同的DeFi服务，但这样做不会引入任何新的安全漏洞，也不会损害底层链和协议的分散性、审查阻力或假名。

Page5 第5页 Centralized middlemen to DeFi 集中的中间商到DeFi Centralized financial services built on top of blockchains ( pseudo- -decentralized Finance"represents the following threats: 建立在区块链之上的集中金融服务（伪去中心化金融）代表了以下威胁。

1. Security: They act as single "economic nodes" and therefore are central points of failure and negate the decentralization of underlying blockchains. 安全性：它们充当单一的“经济节点”，因此是故障的中心点，否定了底层区块链的去中心化。

2. Censorship: They can and do censor transactions and blacklist and whitelist addresses, nullifying censorship resistance provided by blockchains, 审查：他们可以也确实审查交易和黑名单和白名单地址，使区块链提供的审查阻力无效。

3. Privacy: They can lose sensitive client data as well as fundsl. 隐私：他们可能会丢失敏感的客户数据和资金。 Despite these flaws, most DeFi protocols have seen a broad interest from the crypto community. Centralized exchanges that offer various services such as lending, borrowing and derivatives have a near complete market share of crypto (as of this writing) because of their advantages in speed, liquidity, and user experience over decentralized alternatives. 尽管有这些缺陷，大多数DeFi协议已经引起了加密社区的广泛兴趣。提供各种服务（如贷款、借款和衍生品）的集中式交易所拥有接近完整的加密市场份额（截至本文撰写之时），因为它们在速度、流动性和用户体验方面优于分散式交易所。 Portal fixes this. 门户修复这个问题。

   Page6 第六页 Fabric: A Decentralized Computation Market for Execut-ing Financial Primitives 结构：执行金融原语的分散计算市场 Fabric is a Layer 3 peer-to-peer market for computation. The system implements ephemeral compute infrastructure using Smart Contracts on different blockchains (i.e. Bitcoin and Bitcoin-like chains like Zcash, Litecoin, etc, and Ethereum and other smart contract-based chains). A user can compose a secure multi-party circuit over which they can compute some program, typically written in a higher-order language or visually composed with an editor. This is based on encrypted information supplied to the program as part of a homomorphically- encrypted cryptosystem. 结构是计算的第3层对等市场。该系统在不同的区块链使用智能合约实现短暂的计算基础设施（即比特币和类似比特币的链，如Zcash、Litecoin等，以及Ethereum和其他基于智能合约的链）。用户可以构建一个安全的多方电路，通过该电路他们可以计算一些程序，这些程序通常是用高阶语言编写的，或者是用编辑器可视化编写的。这是基于作为同态加密密码系统的一部分提供给程序的加密信息。 1)Alice generates some prover program P. Alice生成某个验证程序P。 2)Alice makes available some amount A of digital currency C Alice提供了一定量的数字货币C。   Page7 第七页 3)Alice publishes a proof that a class of solutions exists in which outcome X results from some input space I.

A Coin Swap as a fee for computation 作为计算费用的硬币交换 As an example, we illustrate how a simple "coin swap" works in the peer-to-peer computation marketplace. 作为一个示例，我们将说明一个简单的“硬币交换”如何在点对点计算市场中工作。

Setup 安装 Alice bonds her Bitcoin into an HTLC hash, refundable to her after 90 days (144 x 90 blocks on the Bitcoin blockchain). Alice将她的比特币绑定到HTLC哈希中，90天后可退还给她（比特币区块链上的144 x 90个区块）。

Alice finds a Peer Alice找到了一个同伴 Fund recovery:At this point, Alice's risk is a total loss of funds, but this is a worst -case scenario and only if she loses her keys. In all other cases, Alice can fully recover her funds after 90 days. 资金回收：在这一点上，Alice的风险是资金的全部损失，但这是最坏的情况，只有在她丢失钥匙的情况下。在其他情况下，Alice可以在90天后完全收回她的资金。

Page 8 第八页 Key Insight 重要见解 Once Alice finds a peer, further contract executions require her signature to continue. By composing long chains of unsigned transactions, Alice can selectively unlock portions of her funds for solutions to "puzzles" in the larger transaction graph. Expanding on this technique, we can compute long-running states, even cycles, over some ephemeral (yet mutual) state. 一旦Alice找到同伴，进一步的合同执行需要她的签名才能继续。通过组成长串未签名的交易，Alice可以有选择地解锁部分资金，用于解决更大交易图中的“难题”。在这种技术的基础上，我们可以在一些短暂的（但相互的）状态上计算长期运行的状态，甚至周期。

Page9 第九页 In the Portal system, we call these threads. Let's explore how such a thread is created. 在Portal系统中，我们调用这些线程。让我们来探索如何创建这样的线程。 Alice deposits Bitcoin into the Network Alice将比特币存入网络 Alice now wants to unlock her Bitcoin for use in her network, so she generates some secrets and generates the sha256 sum (preimage hash). Alice现在想要解锁她的比特币以便在她的网络中使用，所以她生成了一些秘密并生成了sha256和（原图像哈希）。 Alice does not broadcast this transaction, but signs it and passes it off to Bob for his safekeeping. Bob, the partner in Alice's transaction, can only claim the funds in this channel when he also knows the secret, either by observing the network or by learning it from Alice directly. Alice maintains at least one of these channels per peer, by nature of construction. In our reference implementation, we designate 32 as the target network size, but in practice, networks will be larger. Alice没有广播这笔交易，但签署了它，并把它交给Bob保管。Alice交易的合伙人Bob，只有在他也知道这个秘密的情况下，才可以通过观察网络或者直接从Alice那里了解到这个秘密，来认领渠道资金。根据构造的性质，Alice为每个对等体维护至少一个这样的通道。在我们的参考实现中，我们将32指定为目标网络大小，但实际上，网络会更大。

Page10 第十页 Bob deposits Altcoin Bob存入Altcoin硬币 Bob, also a member of the network, is able to compose a transaction which is spendable to Alice, but she'll have to reveal S to do so. Alice can hand over the secret directly to Bob to ensure her outstanding channels remain open, or simply broadcast the transaction on chain to begin the settlement process. Now, given that the facilitator has a fee included for himself, the order shown below can continue to get filled, until the inputs equal the outputs, at which time, it can be broadcast and be settled on layer 1. Notice that the composability here comes from using special transaction flags Sighash_ Single/Sighash_ Anyone_ can_ pay or Sighash_ All/Sighash_ Anyone can pay. Bob也是这个网络的一员，他能够完成一笔可以让Alice消费交易，但她必须透露S才能完成。Alice可以直接将秘密交给Bob，以确保她未完成的渠道保持开放，或者简单地在链上广播交易，以开始结算过程。现在，假设主持人自己有一笔费用，下面显示的订单可以继续填充，直到输入等于输出，此时，它可以被广播并在第1层结算。请注意，这里的可组合性来自于使用特殊的事务标志Sighash _ Single/Sighash _ any _ can _ pay或Sighash _ All/Sighash _ any _ can _ pay。

Page11 第十一页   Page12 第十二页 This system makes private transactions possible for any blockchain. Given that the private key Alice uses to sign I is only held by Alice, the funds sent to the contract can only be controlled by either Alice or the party that "computes" the solution that unlocks funds from A, a decentralized marketplace for financial transactions exists, if the following conditions are met: 这个系统使得任何区块链人都可以进行私人交易。假设Alice用来签署I的私钥仅由Alice持有，发送到合同的资金只能由Alice或“计算”从A解锁资金的解决方案的一方控制，如果满足以下条件，则存在金融交易的分散市场： 1)Facilitation (i.e, aggregation of supply and demand) is incentivized, and 促进作用（即供给和需求的聚合）受到激励； 2)Identity of the transactors is hidden from the facilitator 事务处理程序的身份对调解人隐藏 Both these properties can be guaranteed by fixing problems in layer 1 (Tier-Nolan) swap. 这两个属性都可以通过修复第1层(Tier-Nolan)交换中的问题得到保证。 Atomic Swap: The Fundamental Primitive of DeFi 原子交换：DeFi的基本原语 A swap contract is a two party trade between assets belonging to two different blockchains. and constitutes the fundamental unit of trade between two parties. Unfortunately, until now, 互换合约是属于两个不同区块链的资产之间的双方交易。并构成双方贸易的基本单位。

Page13 第十三页

the problem of“"swapping”coins belonging to two different blockchains between untrusted parties remained unsolved. “在不受信任的各方之间交换属于两个不同区块链的货币的问题仍然没有解决。”

Layer 1 Atomic Swaps 第1层：原子交换 “Atomic" swaps”, initially thought of as a solution to the problem of trust-minimized cross-chain exchange, have not advanced enough to provide a viable alternative to centralized exchanges. 原子交换最初被认为是解决信任最小化的跨链交换问题的解决方案，但它还不够先进，无法为集中式交换提供可行的替代方案。 The fault in our swaps 互换错误 Atomic swaps were first proposed as a solution to the“exchange risk”in 20133. The classic Tier Nolan Atomic swap uses Hash Time Locked Contracts (HTLCs) and is well understood to have the following problems: 原子互换最早是在20133年作为解决“汇率风险”的方案提出的。经典的Tier Nolan原子交换使用哈希时间锁定契约(HTLCs)，并且众所周知存在以下问题：

1. Facilitation: The classic Tier Nolan atomic swap does not have incentives built into the protocol itself for the swaps to be facilitated by any third parties 1)促进：经典的Tier Nolan原子交换协议本身并没有让任何第三方促进交换的激励机制

2. The“Inadvertent Call Option”*: In a trade, the party holding the preimage gets an option but is not obligated to buy the counterparty's coins for a fixed exchange rate before time lock expiration. This is called an“Inadvertent American call option”. If the price moves against the trade, it can be aborted anytime. 2)“无意看涨期权”***：在交易中，持有原像的一方获得期权，但没有义务在时间锁定到期前以固定汇率购买交易对手的硬币。这被称为“无意中的美国看涨期权”。如果价格逆市波动，随时都可能流产。**

3. Liquidity Trolling/Lockup Griefing: The party that acts second (i.e, the one without the preimage) can make the party with the preimage lock up liquidity for significant periods of time with no intention of following through. 流动性陷阱/锁定破坏：第二方（即没有原像的一方）可以让有原像的一方在很长一段时间内锁定流动性，而没有后续行动的意图。 "An atomic transaction is a series of operations that is indivisible and irreducible. It means that either the entire series of operations happen or none of them happen. “原子事务是一系列不可分割、不可约的操作。这意味着要么整个系列的操作发生，要么它们都不发生。”

Page14 第十四页 4. Speed: On Bitcoin and other chains, lock times of HTLCs have to be long enough because the security comes from the time difference between the holder of the preimage and counterparty locking funds in HTLCs and the block production times, since confirmation cycles vary around the mean block time. This lag makes them unsuitable for spot exchange. 4)速度:在比特币和其他链上，HTLCs的锁定时间必须足够长，因为安全性来自于HTLCs中预映像和交易对手锁定资金的持有人与区块生产时间之间的时间差，因为确认周期围绕平均区块时间而变化。这种滞后使得它们不适合现货交易。 5. Coordination Costs: Swaps can fail after agreeing on exchange rate (wasted negotiation) because agreements prior to both parties commitments are non-binding. This discourages parties from negotiating. 5)协调成本：由于双方承诺之前的协议不具有约束力，因此互换在商定汇率后可能会失败(浪费谈判时间)。这阻碍了各方谈判。

Page15 第十五页 Layer 2 swaps 第2层交换 As of this writing, only one Layer 2 swap protocol exists'. Arwen was designed for trading between a centralized exchange and its users. Note that in this case, the exchange does not play the role of an exchange but that of a trading desk or OTc desk, counterparty to its users. In Arwen, both the user and the exchange lock up their coins in on-chain escrow smart contracts, and "pair their escrows by exchanging their respective Public Key Hash (PKH). Henceforth, all trades involve off. -chain passing of signed (but not posted) transactions. These are between the two parties that update balances from the escrows between the centralized exchange and the user until the escrows are closed. Transactions are therefore fast and happen at near-zero cost. 在撰写本文时，只存在一个第2层交换协议。阿尔温是为中央交易所和它的用户之间的交易而设计的。请注意，在这种情况下，交易所不扮演交易所的角色，而是扮演交易台或OTc台的角色，即其用户的交易对手。在阿尔温，用户和交易所都将其硬币锁定在链上托管智能合约中，并“通过交换各自的公钥散列来配对它们的escrow”(PKH)。从今以后，所有的交易都停止了。已签署（但未过账）交易的连锁传递。这是在集中交易所和用户之间的电子交易记录中更新余额的双方之间，直到电子交易记录关闭。因此，交易速度很快，成本几乎为零。 Limitations: 局限性 1)Dependence on identity: Arwen protocol depends on the real-world reputation of centralized exchange companies to circumvent the inadvertent call option problem. 对身份的依赖：阿尔温协议依赖于集中式交换公司的真实世界声誉来规避无意中的看涨期权问题。 They are expected to act in a manner that protects their reputation and not strategically cancel trades. But it is not a guarantee enforced by the protocol. The user needs to trust that the exchange cares about its reputation enough to voluntarily forego the profits from the free options it owns. The assumption that reputational risk" is enough of a deterrent from strategic manipulations of orders and order books is not borne by evidence. Despite reputational costs of manipulating order books, many of the world's top exchanges continue the practice. Arwen protocols have no rational economic incentives to mitigate this. 他们应该以保护自己声誉的方式行事，而不是战略性地取消交易。但这不是协议强制执行的保证。用户需要相信交易所足够关心自己的声誉，从而自愿放弃其拥有的免费期权的利润。声誉风险“足以阻止对订单和订单簿的战略性操纵”的假设没有证据支持。尽管操纵订单会造成声誉损失，但许多世界顶级交易所仍在继续这种做法。阿尔温协议没有合理的经济动机来缓解这种情况。 2) Not Peerable: As the authors admit in their whitepaper, Arwen is purpose-built for users to trade against centralized exchanges, not with other peers at centralized exchanges. An anonymous, peer-to-peer cross-chain exchange is not implementable using Arwen. 不可比拟：正如作者在他们的白皮书中所承认的，阿尔温是专门为用户在集中交易所进行交易而设计的，而不是与集中交易所的其他同行进行交易。匿名的、对等的跨链交换不能使用阿尔温来实现。 3) Incompatibility with exchange" business model: Arwen protocols require centralized exchanges to become trading desks and market makers, revamping their existing business models. 与交易所“不兼容”的商业模式：阿尔温协议要求集中式交易所成为交易台和做市商，改造其现有的商业模式。

Page16 第十六页 Properties of Portal 门户网站性质 The Portal system incentivizes exchanges to facilitate swaps, while being anonymous to the user. The technical goals of this swap protocol are to ensure the following properties: 门户系统鼓励交易所促进互换，同时对用户是匿名的。此交换协议的技术目标是确保以下属性：

1. Fairness ( "Priced Optionality" ): The party with the option pays a fair market price for that option (henceforth reclaimable deposit" ). 1)公平(“定价期权”)：期权方为该期权支付公平的市场价格(此后可回收保证金)。

2. Facilitation: Neutral, anonymous third parties ( Facilitators" ) are economically incentivized to coordinate users who don't know each other and facilitate swaps by providing resources. 2)促进:中立、匿名的第三方(“促进者”)在经济上受到激励，协调互不认识的用户，并通过提供资源促进互换。 (Resources include: user onboarding, order aggregation, fair pricing service for the option/ reclaimable deposit, and services on-par with centralized exchanges like execution speed, liquidity & user experience) (资源包括:用户入职、订单汇总、期权/可回收存款的公平定价服务，以及与集中式交易所同等的服务，如执行速度、流动性和用户体验)

3. Trust-minimization: Collusion between any of the trading parties (Party, Counter-party and Facilitator) does not allow theft of any party's coins. 3)信任最小化:任何交易方(交易方、对方和服务商)之间的串通不允许窃取任何一方的硬币。 We show that given the constraints of Bitcoin opcodes (as of the day of this writing), all three of the above can be achieved if the swap participants have: 我们表明，给定比特币操作码的约束条件(截至本文撰写之日)，如果交换参与者具备上述三个条件，上述三个条件都可以实现： 1)A minimum amount of both the assets involved in the trade, and 交易中涉及的资产最小值； 2)Key pool files on blockchains of both the assets 两个资产的区块链上的密钥池文件 In the absence of either of the above, we show that we can still achieve Facilitation + Fairness, or Facilitation + Trust-minimization, but not all three. 在没有上述任何一种情况下，我们表明我们仍然可以实现便利化+公平，或便利化+信任最小化，但不是所有这三种。

Page17 第十七页 A Trust-minimized, Atomic Swap Protocol 信任最小化，原子交换协议 These are the building blocks for our protocol are HTLCs on Bitcoin (and other UTXO chains) and smart contracts on Ethereum (and other smart contract blockchains). 这些是我们协议的构建模块，它们是比特币(和其他UTXO链)上的HTLCs和以太网(和其他区块链智能合约)上的智能合约。 Case 1: Setup 案例1：安装 Alice and Bob want to trade. Alice wants to sell her BTC for LTC, and Bob wants to sell his LTC for BTC. Alice has both BTC and LTC in her Wallet. Bob has LTC in his wallet, but his Bitcoin wallet is empty. The facilitator relays messages between both users using a mailbox. Alice和Bob想交易。Alice想把她的BTC卖给LTC，Bob想把他的LTC卖给BTC。Alice的钱包里既有BTC，也有零担。Bob的钱包里有LTC，但他的比特币钱包是空的。主持人使用邮箱在两个用户之间传递消息。

1. Alice gets the price feed" from either the facilitator or a third party. She decides to swap 10 BTC for 100 LTC.

   Alice从服务商或第三方获得“价格反馈”。她决定用10 BTC换100立特。

2. Alice initiates the swap by sending a request for swap to the facilitator. This communicates to the facilitator her order size/ trading pair and requests the deposit price.

   Alice通过向主持人发送交换请求来启动交换。这将向主持人传达她的订单规模/交易对，并要求支付定金。

3. Facilitator responds with: 主持人反应： a) a reclaimable deposit price, 可回收的押金价格 b) Its fee, and 计费终端 c) its Public Key Hashes on both BTC and LTC. The facilitator takes into account the size of order, the price of the asset and the volatility of the asset, using an options pricing method such as binomial options pricing or other methods. The deposit is quoted in the counterparty currency. For the sake of this example, we assume that the deposit is "5 LTC" and the fee for a successful swapis "0.1 BTC +1LTC". c)它在BTC和LTC上的公钥散列。主持人考虑订单的大小、资产价格和资产波动性，使用期权定价方法，如二项式期权定价或其他方法。存款以交易对手货币报价。为了这个例子，我们假设存款是“5立特”，成功的swapis的费用是“0.1 BTC+1立特”。

4. IF Alice has > 5 LTC in her wallet, she goes to step 5; ELSE she goes to Case 2. 4)如果Alice钱包中有> 5 LTC，则转到步骤5；否则她会去第二个案子。

Page18 第十八页 5) Alice generates a random preimage (“secret” ). Alice then constructs the following two partial transactions: one bitcoin transaction and one litecoin transaction (a & b below), then sends 3 pieces of data to the exchange: 5) Alice生成一个随机的前像(“秘密”)。Alice随后构建了以下两个部分交易:一个比特币交易和一个litecoin交易（见下文a & b），然后向交易所发送3条数据： a) A partial HTLC on Bitcoin chain: Input is 10 BTC from Alice, left blank. Time lock is set to 2 days. Output is locked at 10 BTC + 0.1 BTC (left blank for Bob to fill). A)比特币链上的部分HTLC：输入是Alice的10 BTC，留空。时间锁定设置为2天。输出锁定在10 BTC + 0.1 BTC（留空白供Bob填写）。 (i) HTLC conditions: Before 2 days, blank can sign if he reveals Alice's secret. In this case, a fee is paid to the facilitator's address upon a successful swap. (一)HTLC条件：2天前，如果布兰克泄露了Alice的秘密，他可以签字。在这种情况下，交换成功后会向主持人的地址支付费用。 (i) Alice can refund herself her 10 BTC (minus transaction fee). Facilitator gets zero fee. (I)Alice可以退还自己10 BTC(减去交易费)。辅导员零费用。 b) A partial HTLC on Litecoin chain (the deposit transaction): This takes as input, 5 LTC from Alice, Output locked at 105 LTC.100 LTC input left blank. HTLC conditions: Litecoin链上的部分HTLC(存款交易):这将Alice的5立特作为输入，输出锁定在105立特。100立特输入留空。HTLC条件： (i) Before 1 day, Alice can claim LTC by revealing her secret. In this case, the facilitator gets 1 LTC (the fee) andAlice gets 104 LTC (this essentially reclaims Alice's deposit minus the facilitator fee). (一)在1天之前，Alice可以通过泄露自己的秘密来申请LTC。在这种情况下，主持人获得1立特（费用），而lice获得104立特（这基本上是回收Alice的存款减去主持人费用）。 (ii) After 1 day, Bob gets 105 LTC. Facilitator gets nothing. (二)1天后，Bob获得105立特。辅导员什么也得不到。     Page19 第十九页 c) Hash of her secret 她的秘密 Note: Notice that if Alice does not go through with the swap, Alice loses her deposit and Bob gets it. If she does, within the time lock, she can reclaim her deposit. This is what makes it a reclaimable deposit" 注意：请注意，如果Alice没有完成交换，Alice会失去存款，Bob会得到存款。如果她这样做了，在时间锁定内，她可以收回她的存款。这就是它成为可回收矿床的原因。 6) Facilitator checks the transactions, verifies PKHs were included in both the HTLCs in the success swap branches, and the amounts match the message previously sent in 3. Then Facilitator relays the swap request to all its users. 6)主持人检查交易，验证PKHs是否包含在成功交换分支的两个HTLCs中，金额是否与之前在3中发送的消息相匹配。然后，服务商将交换请求转发给所有用户。 7) Bob sees Alice's request on the "order book" that is visible in his wallet/client, and accepts the price. To accept, Bob does the following:

Page20 第二十页 9) Alice checks the partial HTLC, verifies that her PKH is included in the correct branch, makes sure that the hash of the secret Bob included in his Litecoin HTLC matches her Bitcoin HTLC. If it is verified, she adds her 10 BTC input, signs it and then broadcasts it to the Bitcoin chain. 9) Alice检查部分HTLC，验证她的PKH是否包含在正确的分支中，确保包含在他的Litecoin HTLC中的秘密Bob的散列与她的比特币HTLC匹配。如果验证通过，她会添加她的10 BTC输入，签名，然后将其广播给比特币链。 Note: This takes one on-chain confirmation cycle equivalent to current transfer to centralized exchange" delays. But unlike CEXs, there are no further delays as they would arbitrarily enforce due to a) CEX fractional reserve business models, and b) transaction aggregation to minimize on-chain transaction fees. 注意：这需要一个链上确认周期，相当于当前转移到集中交换的“延迟”。但与CEXs不同的是，由于a) CEX部分准备金业务模式，以及b)交易聚合以最小化链上交易费用，它们将任意执行，因此不会有进一步的延迟。 10) Bob can now add his 100 LTC input to his partial Litecoin HTLC, which then makes it a valid transaction (the inputs equal or exceed the outputs). If he doesn't, he pays the facilitation fee to Alice instead of Facilitator. This is Bob's "deposit that prevents him from lockup griefing Alice. 10) Bob现在可以将他的100 LTC输入添加到他的部分Litecoin HTLC，然后使其成为有效交易（输入等于或超过输出）。如果他不这样做，他将向Alice而不是调解人支付调解费。这是Bob的“存款，防止他锁定悲伤的Alice。 11) Alice waits for one Litecoin confirmation cycle and then claims her 4 LTC deposit plus Bob's 100 LTC (total of 104). 1 LTC goes to Facilitator. 11) Alice等待一个Litecoin确认周期，然后申领她的4 LTC存款加上Bob的100 LTC(总共104)。1 LTC转交给辅导员。 12) Bob then claims Alice's BTC on the Bitcoin chain. 0.1 BTC goes to Facilitator. 12)Bob随后声称Alice的BTC在比特币链上。0.1 BTC求助于主持人。 The swap is successfully executed. 交换执行成功。 Note: Notice that the total cycle is 2 confirmations. This is, at most, equivalent to transferring an asset to a centralized facilitator and withdrawing after the trade. 注意:请注意，整个周期是2次确认。这至多相当于将资产转移到一个集中的服务商，并在交易结束后提取资产。 Outcome branches 结果分支

1. Alice's Cancellation: After requesting a swap, Alice can cancel anytime before Bob commits by adding his 100 LTC and broadcasts to the chain.

2. Alice的取消:在请求交换后，Alice可以在Bob提交之前的任何时间通过添加他的100 LTC并广播到链中来取消。 a) If Alice cancels her order and spends her LTC, when Bob tries to execute , the Litecoin chain rejects one of the inputs to his HTLC. a)如果Alice取消订单并花费她的LTC，当Bob试图执行时，Litecoin链会拒绝他的HTLC的一个输入。

   Page 21 第二十一页 b) Alice can then claim her BTC back after 2 days. Alice可以在两天后取回她的BTC。

3. Success: 成功： a) Alice claims her LTC, enabling Bob to claim her BTC. She can claim Bob's LTC + her premium of 5 LTC (minus facilitator fee) anytime before 1 day, by revealing her secret X on LTC chain. Facilitator gets paid a fee. a)Alice认领了她的LTC，使Bob能够认领她的BTC。她可以在1天之前的任何时候，通过在LTC链上透露她的秘密X，来索取Bob的LTC +她5 LTC的溢价（减去培训费）。辅导员会得到报酬。 b) Bob can claim his BTC: Anytime after Alice claims her LTC, but before 2 days. b)Bob可以认领他的BTC:在Alice认领她的LTC之后的任何时候，但在2天之前。

4. Failure: If Alice does not reveal secret X by T2, Bob can get 105 LTC (his 100 LTC plus Alice's option premium). Alice gets her BTC + facilitator fee after T¡. Facilitator does not get a fee. Alice loses her premium. 3)失败:如果Alice没有泄露T2的秘密X，Bob可以获得105 LTC(他的100 LTC加上Alice的期权溢价)。Alice在T之后获得她的BTC +主持人费用。主持人不获得费用。Alice失去了她的保险费。 Analysis 分析 Fairness in Optionality: 公平的可选性： There are two ways to mitigate the unfairness of an inadvertent call option inherent in atomic swaps: 有两种方法可以减轻原子交换中无意的买入期权的不公平性： 1)Eliminate the unintended option, or 消除无意识的选项； 2)Internalize the cost of an option so that the option is "priced in" with the cost of the swap. 内部化期权的成本，使期权与互换成本一起“定价”。 Eliminating the inadvertent option on Layer 1 is not possible, as separate blockchains do not communicate with each other. Instead, Portal internalizes the price of the option in the form a "reclaimable deposit/ bond"

Page22 第二十二页 Facilitation: 简易化

1. Fairly pricing the“reclaimable deposit”: The burden of accurately pricing the option is taken off Alice because the swap facilitator is incentivized to appropriately price the option aligned with the market. If the option price is too high, Alice won't buy, and the facilitator earns nothing. If it is too low, Bob won't sell, and the facilitator earns nothing. Only a successful swap pays the facilitator. 1)公平定价“可回收存款”:准确定价期权的负担从Alice身上卸下，因为互换促进者被激励对与市场一致的期权进行适当定价。如果期权价格太高，Alice不会买，主持人什么也赚不到。如果太低，Bob就不卖了，主持人也赚不到钱。只有成功的交换才能给服务商带来回报。

2. Coordination: Facilitator is incentivized to: 2)协调：激励促进者 a) connect Alice with Bob using a relay service a)使用中继服务连接Alice和Bob b) maintain and aggregate swap requests (“order book”), b)维护和汇总互换请求（“订单”） c) provide a good user experience, and c)提供良好的用户体验 d) make sure that all messages are relayed between them. d)确保所有的信息都在他们之间传递

Note: If the above protocol halts at any stage of the success branch, the facilitator does not get paid. 注意：如果上述协议在成功分支的任何阶段停止，主持人将不会得到报酬。

Trust-Minimization: 信任最小化 Neither Alice colluding with Bob nor Alice and/or Bob colluding with the facilitator risks losing the any party's coins, if the third party follows the protocol fully. 如果第三方完全遵循协议，那么Alice与Bob勾结或Alice和/或Bob与主持人勾结都不会有丢失任何一方硬币的风险。 None of the elements of the swap require a trusted third party to control coins of any participant. Alice controls her coins until the swap request is accepted, Bob controls his coins until he accepts the swap, and Facilitator gets his coins successful execution. Alice broadcasts her own Bitcoin HTLC to Bitcoin chain, Bob broadcasts his Litecoin HTLC to Litecoin chain. 交换的所有要素都不需要可信的第三方来控制任何参与者的硬币。Alice控制她的硬币，直到交换请求被接受，Bob控制他的硬币，直到他接受交换，主持人得到他的硬币成功执行。Alice向比特币链广播自己的比特币HTLC，Bob向比特币链广播自己的Litecoin HTLC。

Analysis of Usability 可用性分析 1)Alice's“request” for a swap requires her to lock her Bitcoins in an HTLC on-chain. Alice的交换请求要求她将比特币锁在HTLC链上。 This requires no more time or transaction fees than transferring BTC to a centralized exchange before trading. 这并不比在交易前将比特币转移到集中交易所需要更多的时间和交易费用。   Page23 第二十三页 2) Alice's request, Bob's PKH relay, and Facilitator's PKH relay are all off-chain communications at Layer 2 and therefore happen fast. 2) Alice的请求，Bob的PKH中继，Facilitator的PKH中继都是在第2层的下链通信，因此发生得很快。 3) Facilitator maintains and displays all swap requests on its order book. All of them are partially-constructed HTLCs and have no need to be broadcast to their chains yet. 3) Facilitator维护和显示其订单上的所有交换请求。它们都是部分构建的htlc，还不需要向它们的链传播。 This makes the experience as fast and usable as CEXs. 这使得体验像CEXs一样快速和可用。 4) Cancellation option: Alice can cancel her order anytime before Bob accepts by simply sending her input into Litecoin HTLC elsewhere or back to a change address that she owns. The possibility of a race condition is resolved by the LTC blockchain. This requires no more steps than pressing a "cancel" button. 4)取消选项:Alice可以在Bob接受之前的任何时候取消她的订单，只需将她的输入发送到其他地方的Litecoin HTLC或返回到她拥有的更改地址。区块链LTC解决了比赛条件的可能性。这不需要比按“取消”按钮更多的步骤。 5) To make sure that no party abandons its activity in the middle of a swap (either by going offline or for other reasons) all steps except 1 & 2 can be automated on the client side (exchange app or directly within a noncustodial wallet app). This makes the user experience seamless and comparable - or superior - to centralized exchanges. 5)为了确保在交换过程中没有任何一方放弃其活动（无论是通过离线还是出于其他原因），除1和2之外的所有步骤都可以在客户端自动执行（交换应用程序或直接在非监管钱包应用程序中）。这使得用户体验无缝，与集中式交换相当或更好。 Drawbacks 退税

1. Here, the initiating party needs to already have the asset being purchased and access to a true multi-currency wallet that supports both BTC and LTC. 1)在这里，发起方需要已经购买了资产，并访问一个真正的多货币钱包，支持BTC和LTC。

2. Both parties need to be online during the swap, or have access to a client that follows the protocol without fail from beginning to end. 2)交换过程中，双方都需要在线，或者都能访问到一个从头到尾都遵守协议的客户端。 Note: Portal is a multi-currency wallet that performs both of these functions. 注意：门户是执行这两个功能的多货币钱包。 Case 2: Initiator does not have assets on counterparty's blockchain. 案例2：发起人在交易对手的区块链上没有资产。 In this case, we have three possibilities. 在这种情况下，我们有三种可能。

   Page24 第二十四页

3. The swap initiator purchases the asset they need to deposit, using one of the following pathways Alternate construction # 2 or Alternate construction # 3 1)交换发起者购买他们需要储存的资产，使用以下途径之一替代结构# 2或替代结构# 3

4. Alternate construction # 2 minimizes transaction fees and wait time by compressing the initial transaction into one of the HTLCs, but sacrifices trust-minimization to gain usability with lower transaction fees. 2)替代构造# 2通过将初始事务压缩到一个HTLCs中来最小化事务费用和等待时间，但是牺牲信任最小化来获得更低事务费用的可用性。 Alternate construction # 3 sacrifices fairness in favor of trust-minimization. It makes both transactions trustless, but requires two transaction fees and two wait times. The first transaction in this construction is a Layer 1 Tier Nolan atomic swap, but problems are limited in scale only to the cost of the second transaction's reclaimable deposit. 替代结构# 3牺牲了公平性，支持信任最小化。它使两个交易都不可信，但是需要两个交易费用和两个等待时间。该构建中的第一个事务是第1层诺兰原子交换，但问题仅限于第二个事务的可回收存款成本。 Construction (# 1): 建设1：

5. Alice wants to swap her 10 BTC for 100 LTC. She sends a message to the facilitator with this request.

6. Alice想用10个BTC换100个LTC。她向主持人发送了一条消息，提出了这个请求。

7. She sets a price of 100 LTC 110 BTC.

Page26 第二十六页 b) Bob will claim his LTC plus Alice's option premium, paying zero fee to the facilitator. b) Bob将要求他的LTC加上Alice的期权溢价，向主持人支付零费用。 13) If Alice does not claim her LTC, in the refund path the facilitator receives .5 BTc to compensate for the LTC it sent for Alice's deposit. 13)如果Alice没有申请她的零担，在退款路径中，服务商会收到0.5个零担，以补偿它为Alice的押金发送的零担。 Outcome branches 结果分支

1. After requesting a swap, Alice cannot cancel the swap without facilitator's cooperation before Bob commits. Alice can send a Cancel" request to the facilitator to have the facilitator send the input elsewhere. 1)在请求交换后，在Bob提交之前，如果没有协调者的合作，Alice无法取消交换。Alice可以向主持人发送“取消”请求，让主持人将输入发送到其他地方。

2. Cancellation: If Alice/ Facilitator cancels the order and spends the LTC, when Bob tries to execute" , the Litecoin chain rejects one of the inputs to his HTLC. Alice can then claim back her BTC after T]. The facilitator gets paid a fee. 2)取消：如果Alice/主持人取消订单并花费LTC，当Bob尝试执行时，Litecoin链会拒绝他的HTLC的一个输入。Alice可以在T]之后取回她的BTC。辅导员会得到报酬。

3. Success:成功 a) Alice claims Bob's LTC, enabling Bob to claim her BTC. She can claim Bob's LTC + her premium of 5 LTC anytime before Tg by revealing the secret X on Litecoin chain. Facilitator gets paid a fee. a)Alice主张Bob的LTC，使Bob能够主张她的BTC。她可以在Tg之前的任何时候，通过在Litecoin链上泄露秘密X来索取Bob的LTC +她5 LTC的溢价。辅导员会得到报酬。 b) Bob can claim Alice's BTc anytime after Alice claims Bob's LTC, but before T¡. b) Bob可以在Alice主张Bob的LTC之后的任何时间主张Alice的BTc，但是在T之前。

4. Failure: If Alice does not reveal X by T? Bob can get 105 LTC (his 100 LTC plus Alice's option premium). Alice gets her 10 BTC back, but has to pay the facilitator 0.5 BTC. 4)失败：如果Alice没有通过T揭示X ?Bob可以得到105 LTC（他的100 LTC加上Alice的期权溢价）。Alice取回了她的10个比特币，但必须支付给服务商0.5个比特币。 Analysis (Pass/Fail) 分析(通过/失败) Fairness: Pass The swap is fair to both Alice and Bob. Neither one gets an inadvertent call option. This is similar to Construction # 1. 公平：通过交换对爱丽丝和鲍勃都是公平的。两人都没有意外的看涨期权。这类似于建设# 1。

   Page27 第二十七页 Facilitation: Pass 促进:通过

5. Option pricing: Facilitator is incentivized to price the option appropriately because pricing the option too high deters Alice from initiating the swap request, yet pricing it too low deters Bob from accepting the swap. 1)期权定价：激励主持人对期权进行适当定价，因为期权定价过高会阻止爱丽丝发起互换请求，而定价过低会阻止鲍勃接受互换。

6. Coordination: Facilitator is incentivized to connect Alice with Bob and to make sure that all messages are relayed between them. If the above protocol halts at any stage of the success branch, the facilitator does not get paid. Only the success branch results in a fee for the facilitator.

Facilitation: Pass 便利：通过

1. Option pricing: Facilitator is incentivized to price the option appropriately because pricing the option too high deters Alice from initiating the swap request, yet pricing it too low deters Bob from accepting the swap. 1)期权定价：由于期权定价过高会阻止Alice发起互换请求，而定价过低又会阻止Bob接受互换，所以推动者被激励适当地为期权定价。

2. Coordination: Facilitator is incentivized to connect Alice with Bob and to make sure that all messages are relayed between them. If the above protocol halts at any stage of the success branch, the facilitator does not get paid. Only the success branch results in a fee for the facilitator. 2)协调:协调人被激励连接Alice和Bob，并确保所有消息都在他们之间传递。如果上述协议在成功分支的任何阶段停止，则主持人不会得到报酬。只有成功分支才会为主持人收取费用。 Trust- -Minimization: Pass None of the transactions require trust in the counter-party of that transaction. Trust- minimization is preserved. 信任-最小化：通过没有任何交易需要对交易对手的信任。信任最小化得到了保留。 Analysis of Usability 可用性分析 a) Alice must perform two transactions: a) Alice必须执行两个事务：

3. Page31 第三十一页 (i) Her preliminary Swap1 transaction (to acquire LTC as a deposit for Swap2) takes time and incurs transaction fees, and (i)她的初步Swap1交易(收购LTC作为Swap2的保证金)需要时间并产生交易费用； (ii) Swap2 which proceeds according to the steps outlined in Construction # 1. (ii) Swap2，按照建设# 1中概述的步骤进行。 b) Alice's request, Bob's PKH relay, and Facilitator's PKH relay are all off-chain communications and therefore happen fast. b) Alice的请求，Bob的PKH继电器，服务商的PKH继电器都是下链通信，因此发生的很快。 c) Facilitator maintains and displays a cache of partially-constructed LTC transactions on the facilitator server. Because all transactions are off- chain until a swap request is accepted, it is therefore as fast and as usable as CEXs. c)促进者在促进者服务器上维护并显示部分构建的LTC事务的缓存。因为在交换请求被接受之前，所有事务都是链外的，所以它和CEXs一样快，一样有用。 d) Cancellation option: d)取消选项 (i) For Swap1 Alice cannot cancel once she initiates the swap. Facilitator can choose to participate or not after quoting a price to Alice. (I)对于交换1，一旦爱丽丝启动交换，她就不能取消。主持人可以在向爱丽丝报价后选择是否参与。 (ii) In Swape conditions are the same as Construction # 1.

Page33 第三十三页 Notice that this has the exact same security model as that described in section 1 swap contract, with no additional dependencies. 注意，它具有与第1节交换契约中描述的完全相同的安全模型，没有额外的依赖项。 This, therefore will provide a true P2P lending experience. It requires no escrow service or an exchange in the middle. The contracts used to lend and borrow themselves have incentives to encourage borrowers to pay back their loans on time, and for lenders to provide these loans knowing that they do not have to trust a third party. 因此，这将提供一个真正的P2P借贷体验。它不需要托管服务或中间的交换。用于借贷的合同本身就有激励机制，鼓励借款人按时偿还贷款，并让贷款人在不需要信任第三方的情况下提供这些贷款。 Derivatives: 衍生工具 The“inadvertent call option”problem described in section 1 where in a cross chain atomic swap, the party exercising the option gets it for free, is the exact problem that makes Portal a viable primitive for cross chain options trading. Imagine the layer 1 transaction described in section 1, but with a long enough timelock of days, months Dr longer, and it suddenly becomes an american call option on the locked asset, at the exchange rate determined in step 3. 第1节中描述的“无意看涨期权”问题，即在跨链原子互换中，行使期权的一方免费获得期权，正是这个问题使门户成为跨链期权交易的可行原语。想象一下第1节中描述的第1层交易，但是如果有足够长的天数、月数或更长的时间锁定，它会突然变成锁定资产的美式看涨期权，汇率在第3步中确定。 Conclusion: 结论： The innovations described herein create access to a decentralized dark pool via a private, fast, trust-minimized network accessible right inside a crypto user's wallet. Any user can now manage multiple blockchain assets, liabilities and financial services from within his wallet. 本文描述的创新通过加密用户钱包中可访问的私有、快速、信任最小化的网络创建了对去中心化暗池的访问。任何用户现在都可以从他的钱包中管理多个区块链资产、负债和金融服务。 Moreover, the security of our approach does not depend on off-chain or real-world identities of counterparties, nor of the entity facilitating these services. 此外，我们方法的安全性不依赖于链下或对手方的真实身份，也不依赖于提供这些服务的实体。 With Portal,“decentralized finance”becomes a service that any anonymous entity can provide for a competitive fee within open, transparent markets, with a security model as robust as Bitcoin mining. 借助Portal，“去中心化金融”成为一种服务，任何匿名实体都可以在开放、透明的市场中以有竞争力的费用提供这种服务，其安全模式与比特币开采一样稳健。

Page34 第三十四页 Code Resources 代码资源 https://github.com /Tides-Network/ Portal-MacOs https://github.com /Tides-Network/ portal- bridge htps://github.com fabriclabs https: //dev. fabric.pub/ https:/ /github.com [ FabricLabs fabric

Appendix A 附件A Flaws inherent to Decentralized Exchanges (DEXs) 去中心化交易所(DEXs)固有缺陷 DEXs have been touted as a solution'0 to exchange risk, but adoption among DEX users continues to be insignificant. DEXs typically include protocols that are chain-dependent. For example, 0x and Airswap only support ERC-20 tokens, Stellar's DEX only supports Stellar-based tokens, and Newdex and DEXEOS supports EOS-based tokens only. DEX一直被吹捧为解决外汇风险的‘0’，但在DEX用户中的采用仍然微不足道。dex通常包括依赖链的协议。比如0x和Airswap只支持ERC-20代币，Stellar的DEX只支持基于Stellar的代币，Newdex和DEXEOS只支持基于EOS的代币。 Well- known DEX problems include the latency inherent in submitting or cancelling orders on-chain and transaction fees involved in confirming orders or cancellations when order books are hosted on-chain. Here, slow execution, bad user experience and ilquidity are unavoidable. 众所周知的DEX问题包括在链上提交或取消订单的固有延迟，以及在订单簿托管在链上时确认订单或取消订单所涉及的交易费用。在这里，执行缓慢、用户体验不佳和流动性不足是不可避免的。 Some exchanges, such as 0x, AirSwap, EtherDelta, and IDEX, employ off-chain order books but are still plagued with latency and user experience problems. More concerning are their organizational centralization and systemic risks"'. In addition, DEXs expose order information to miners, who may then be able to strategically front-run orders and cancellations. This presents issues of privacy, which are compounded by users' concerns about exchanges knowing their real-world identities". 一些交易所，如0x、AirSwap、EtherDelta和IDEX，采用了离线订单，但仍然受到延迟和用户体验问题的困扰。更令人担忧的是他们的组织集中化和系统性风险。此外，dex向矿工公开订单信息，矿工随后可能能够战略性地提前处理订单和取消订单。这就带来了隐私问题，而用户担心交易所知道他们的真实身份，这又加剧了隐私问题”。