Explain ARK like I'm 5
ELI5
- Alice sends money to the bank and in return receives a check from the bank that she can redeem anytime anywhere (not only on this bank).
- If Alice wants to pay Bob using Ark, she can ask the bank to pay Bob, and in return she will endorse their check back to the bank.
- The bank can only redeem Alice's check if it shows proof of payment to Bob.
- Bob receives a check from the bank that he can redeem anytime anywhere.
Lifting
The first step is for Alice to lift her coins. This is an atomic swap where she will give up a UTXO (+ fees) to receive a vUTXO from the ASP at the same time. The ASP makes a special transaction, called pool transaction (Pool TX), where it mixes UTXOs from many users (among other things) and creates a shared UTXO as well as many off-chain vUTXOs for each of those users including one for Alice.
In this example, Alice, Bob and Carol are "lifting" 1 BTC each to Ark:
Every 5 seconds there's an onchain transaction:
The output is a UTXO locked by a multisig 4 of 4, where 4 is the number of participants in the transaction. An alternative tapleaf allows the ASP to spend it alone after 4 weeks.
The resulting UTXO is then used as input for a new transaction. This new transaction doesn't need to go onchain, but Alice, Bob and Carol each have a copy of it, and they can broadcast it to the network any time to recover their BTC.
Payment
Alice then instructs the ASP to take her vUTXO and pay Bob. She will only need to know Bob's address. This payment is also atomic and private. The ASP does not know which vUTXO belongs to which user and blindly mixes them to produce another anonymous vUTXO set. Ark's magic occurs in the fact that the post-mix vUTXOs can only be claimed by the intended recipients even though the ASP has no idea who owns them. Put another way, the ASP is simply coordinating blind coinjoin rounds. Bob does not have to be online to receive the funds, can claim them at any time, transfer them to others, or move them on-chain.
Now let's imagine Alice wants to send Eve 1 BTC using Ark:
Alice forfeits its vUTXO to the ASP and in return Bob receives a vUTXO
- Alice asks Eve for an address (address E)
- Alice informs ASP she wants to pay 1 BTC to address E
- ASP (with help of Eve) prepares new transaction (TX2) and show it to Alice:
- Alice looks at the locking script for this new UTXO and sees Eve's public key on it
- Alice understands that when TX2 confirms, Eve will have 1 BTC on Ark
- Alice proceeds by sending her vUTXO to the server, on the condition that TX2 is confirmed:
- ASP cannot cheat, if he wants to receive from Alice he needs to send it to Eve, which means Alice is paying Eve atomically.
"only if TX2 is confirmed"
This condition is not possible to implement today using Bitcoin script, but we can implement it using a trick:
- TX1 will have additional outputs, called connectors
- This connectors have no financial value (dust limit)
- Connectors are singlesig spendable by the ASP
- Alice will use one of this connectors as input to the new transaction
- Alice will sign her vUTXO with SIGHASH_ALL to commit to all inputs
- The ASP will sign the connector input
This way, the TX where Alice gives her vUTXO to the server is only valid if TX2 is confirmed.
To be continued...
Sources:
- https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-August/021858.html
- https://www.youtube.com/watch?v=EocWax43QgQ
- https://bitguide.substack.com/p/ark-bitcoins-new-layer-2-protocol
- https://gist.github.com/RubenSomsen/a394beb1dea9e47e981216768e007454#confirmation-times
- https://roose.io/presentations/understanding-ark.pdf