From a27f30eda38bdfae15bb1b9a579b9a3b0fb70559 Mon Sep 17 00:00:00 2001
From: Leonardo Comandini <leo@leocomandini.org>
Date: Wed, 17 Jul 2024 18:27:16 +0200
Subject: [PATCH 1/2] Add ELIP for input and output abf

---
 elip-abf.mediawiki | 131 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 131 insertions(+)
 create mode 100644 elip-abf.mediawiki

diff --git a/elip-abf.mediawiki b/elip-abf.mediawiki
new file mode 100644
index 0000000..19f048b
--- /dev/null
+++ b/elip-abf.mediawiki
@@ -0,0 +1,131 @@
+<pre>
+  ELIP: XXX
+  Layer: Applications
+  Title: Asset Blinding Factors for Partially Signed Elements Transaction Format
+  Author: Leonardo Comandini <leonardo@blockstream.com>
+  Comments-Summary: No comments yet.
+  Status: Draft
+  Type: Standards Track
+  Created: 2024-07-17
+  License: BSD-2-Clause
+</pre>
+
+==Introduction==
+
+===Abstract===
+
+This document describes an extension to the Partially Signed Elements Transaction (PSET) format, to encode additional data, the asset bliding factors, that might be necessary to collectively blind a transaction.
+
+The asset blinding factors are necessary under specific circumstances, but otherwise these fields should not be set.
+
+===Copyright===
+
+This ELIP is licensed under the 2-clause BSD license.
+
+==Specification==
+
+This ELIP extends the current PSET specification (available at https://github.com/ElementsProject/elements/blob/master/doc/pset.mediawiki) with an additional field for input asset blinding factors and an additional field for output blidning factors.
+
+This additional per-input proprietary type element is defined:
+
+{|
+! Name
+! <tt><keytype></tt>
+! <tt><keydata></tt>
+! <tt><keydata></tt> Description
+! <tt><valuedata></tt>
+! <tt><valuedata></tt> Description
+! Versions Requiring Inclusion
+! Versions Requiring Exclusion
+! Versions Allowing Inclusion
+|-
+| Asset Blinding Factor
+| <tt>PSBT_ELEMENTS_IN_ASSET_BLINDING_FACTOR = 0x16</tt>
+| None
+| No key data
+| <tt><256 bit uint></tt>
+| The 32 byte asset blinding factor for the input being spent.
+|
+| 0
+| 2
+|}
+
+And this additional per-output proprietary type element is defined:
+
+{|
+! Name
+! <tt><keytype></tt>
+! <tt><keydata></tt>
+! <tt><keydata></tt> Description
+! <tt><valuedata></tt>
+! <tt><valuedata></tt> Description
+! Versions Requiring Inclusion
+! Versions Requiring Exclusion
+! Versions Allowing Inclusion
+|-
+| Asset Blinding Factor
+| <tt>PSBT_ELEMENTS_OUT_ASSET_BLINDING_FACTOR = 0x0b</tt>
+| None
+| No key data
+| <tt><256 bit uint></tt>
+| The 32 byte asset blinding factor of this output.
+|
+| 0
+| 2
+|}
+
+==Rationale==
+
+In some protocols where blinding is done by different parties, the asset surjection proof for some output might be created by:
+
+* someone who does not own an input with the same asset, or
+* someone who does not know the asset blinding factor corresponding to the output asset commitment
+
+This, in general, is the case of [https://leocomandini.github.io/2022/10/27/liquidexv1.html LiquiDEX v1], e.g.
+
+* Alice wants to swap x of asset A for y of asset B
+* Alice owns a utxo with x of asset A
+* Alice creates a spending that utxo and receiving an output with y of asset B
+* Alice draws at random the asset and value blinding factors for the output, sets the corresponding asset and value commitment. Sets the nonce commitment. Computes and sets the rangeproof
+* Alice computes the scalar offset contribution of the input and output (combined)
+* Alice computes the value blind proofs for the input and output
+* Alice creates the LiquiDEX proposal using the data obtained above:
+<pre>
+{
+  "version": 1,
+  "tx": "...",
+  "inputs": [{
+    "asset": "aa...",
+    "satoshi": x,
+    "assetblinder": "...",
+    "value_blind_proof": "...",
+  }],
+  "outputs": [{
+    "asset": "bb...",
+    "satoshi": y,
+    "assetblinder": "...",
+    "value_blind_proof": "...",
+  }],
+  "scalars": ["..."],
+}
+</pre>
+* Alice shares the proposal with Bob
+* Bob adds more inputs for the asset B and fees
+* Bob adds more outputs for the asset A, B and fees
+* Bob blinds the transaction, i.e.:
+** draws at random abf and vbf for each new output, apart from the last one for which he uses the new inputs contribution and the scalar offset from the proposal to balance the tx
+** creates rangeproofs for each new output
+** creates surjection proofs for each (blinded) fee output
+** creates surjection proofs for each A output, note that in general the input asset blinding factor is needed.
+** creates surjection proofs for each B output, including the one from Alice, which requires the output blinding factor. Note that Alice could not have created the surjection proof since she did not know any B input when she created the tx
+
+This example shows why sharing the asset blinding factors for input and outputs is necessary under some specific circumstances.
+
+Adding input and output asset blinding factors, allows to convert LiquiDEX v1 proposal in PSETs, so that wallets can only deal with PSETs.
+
+However, in most cases, setting the asset blinding factors in a PSET is not necessary, and in such cases these elements should not be set.
+
+==Reference implementation==
+
+* [https://github.com/ElementsProject/elements/pull/1329 Elements Core]
+* [https://github.com/ElementsProject/rust-elements/pull/201 rust-elements]

From 594cbf29906250a641d6dfb35ead79d756f4c422 Mon Sep 17 00:00:00 2001
From: Leonardo Comandini <leo@leocomandini.org>
Date: Fri, 26 Jul 2024 10:43:48 +0200
Subject: [PATCH 2/2] elip abf: change to LiquiDEX extensions

---
 elip-abf.mediawiki | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/elip-abf.mediawiki b/elip-abf.mediawiki
index 19f048b..f10e939 100644
--- a/elip-abf.mediawiki
+++ b/elip-abf.mediawiki
@@ -1,7 +1,7 @@
 <pre>
   ELIP: XXX
   Layer: Applications
-  Title: Asset Blinding Factors for Partially Signed Elements Transaction Format
+  Title: LiquiDEX extensions for Partially Signed Elements Transaction Format
   Author: Leonardo Comandini <leonardo@blockstream.com>
   Comments-Summary: No comments yet.
   Status: Draft
@@ -14,9 +14,9 @@
 
 ===Abstract===
 
-This document describes an extension to the Partially Signed Elements Transaction (PSET) format, to encode additional data, the asset bliding factors, that might be necessary to collectively blind a transaction.
+This document describes extensions to the Partially Signed Elements Transaction (PSET) format for [https://leocomandini.github.io/2021/06/15/liquidex.html LiquiDEX] swaps.
 
-The asset blinding factors are necessary under specific circumstances, but otherwise these fields should not be set.
+In LiquiDEX swaps, transactions are (partially) blinded collectively, thus some extra information must be shared to make blinding possible, this ELIP describes how to encode the necessary extra data (asset blinding factors) in a PSET.
 
 ===Copyright===
 
@@ -24,7 +24,8 @@ This ELIP is licensed under the 2-clause BSD license.
 
 ==Specification==
 
-This ELIP extends the current PSET specification (available at https://github.com/ElementsProject/elements/blob/master/doc/pset.mediawiki) with an additional field for input asset blinding factors and an additional field for output blidning factors.
+To avoid possible collisions with PSET fields from the main specification (available at https://github.com/ElementsProject/elements/blob/master/doc/pset.mediawiki), a distinct proprietary field prefix <tt>"pset_liquidex"</tt> is used for the fields described in this ELIP.
+For example, identifier of PSBT_ELEMENTS_LIQUIDEX_IN_ABF is a sequence of 11 bytes <tt>fc0d707365745f6c6971756964657800</tt>.
 
 This additional per-input proprietary type element is defined:
 
@@ -40,7 +41,7 @@ This additional per-input proprietary type element is defined:
 ! Versions Allowing Inclusion
 |-
 | Asset Blinding Factor
-| <tt>PSBT_ELEMENTS_IN_ASSET_BLINDING_FACTOR = 0x16</tt>
+| <tt>PSBT_ELEMENTS_LIQUIDEX_IN_ABF = 0x00</tt>
 | None
 | No key data
 | <tt><256 bit uint></tt>
@@ -64,7 +65,7 @@ And this additional per-output proprietary type element is defined:
 ! Versions Allowing Inclusion
 |-
 | Asset Blinding Factor
-| <tt>PSBT_ELEMENTS_OUT_ASSET_BLINDING_FACTOR = 0x0b</tt>
+| <tt>PSBT_ELEMENTS_LIQUIDEX_OUT_ABF = 0x00</tt>
 | None
 | No key data
 | <tt><256 bit uint></tt>
@@ -125,7 +126,17 @@ Adding input and output asset blinding factors, allows to convert LiquiDEX v1 pr
 
 However, in most cases, setting the asset blinding factors in a PSET is not necessary, and in such cases these elements should not be set.
 
-==Reference implementation==
+==Test Vectors==
 
-* [https://github.com/ElementsProject/elements/pull/1329 Elements Core]
-* [https://github.com/ElementsProject/rust-elements/pull/201 rust-elements]
+Valid Asset Blinding Factor, which can be set both on inputs or outputs:
+
+  Source values:
+    abf:   3311111111111111111111111111111111111111111111111111111111111111
+
+  Resulting record:
+    key:   fc0d707365745f6c6971756964657800
+    value: 3311111111111111111111111111111111111111111111111111111111111111
+
+==Reference Implementation==
+
+* [https://github.com/ElementsProject/rust-elements/pull/207 rust-elements]