Loan Assignment

Loan Assignment

The Borrower sends a loan request to the Lending Contract to initiate a loan.

{
  "borrower":"bc1p5d7rjq7g6rdk2yhzks9smlaqtedr4dekq08ge8ztwac72sfr9rusxg3297",
  "maturityTime": "2024-10-10T00:00:00z",
}

The Lending Contract then assigns a unique vault, the Collateral Vault, for the loan. Expressed in a Miniscript-like pseudocode, the lock script for this vault is as follows:

or(
    // case 1 - the DCM and Borrower can collaborate to create CETs
    and(
        pk(borrower),
        thresh(T, pk(DCM0),pk(DCM1),...pk(DCMn))
    ),
    
    // case 2 - collateral reverts to Borrower after Final Timeout(15 days after Maturity Date), 
    and(
        pk(borrower),
        after(final_timeout)
    )
)

The Collateral Vault serves as the foundation for all collateral-related operations. In this paper, we will examine each spending condition in detail. For now, here are some initial observations to help build understanding.

The DCM multi-sig participants are indexed from 0..n, with a threshold T of signatures required to spend.

The aggregated adaptor signature setup in the script above merits further examination. We can formally describe the Adaptor Signature process as follows. Let λ represent the secret scalar, and G be the base point of the elliptic curve. The adaptor point A is computed as A = λG. Let m denote the message, which is pre-signed signature of Bitcoin transaction: m = sig_hash(psbt)

Given a private key sk and the adaptor point A, we define the adaptor signature σ_A = SignAdaptor(sk, m, A).

The function SignAdaptor represents the cryptographic operation to create an adaptor signature. To redeem the signature, we use the secret λ to adapt σ_A, producing the final signature σ = Adapt(σ_A, λ).

In this formulation:

• λ ∈ Zq (the scalar field of the curve)

• A, G ∈ E(Fq) (points on the elliptic curve)

• m ∈ {0,1}^256 (256-bit hash output)

• σ_A, σ are elements of the signature space

In summary, from the Bitcoin chain’s perspective, the resulting signature appears as a standard Schnorr signature. However, this scheme modifies the signing process to produce a special adaptor signature, which can embed a secret to be revealed at a later stage. This adaptor signature enables trust-minimized loan repayment by leveraging Scriptless Scripts within the Bitcoin framework.

The Lending Contract also needs to compute the interest and liquidation price based on the current price and pre-allocate funds for this loan, representing it as the Loan Request:

{
 "borrower":"bc1p5d7rjq7g6rdk2yhzks9smlaqtedr4dekq08ge8ztwac72sfr9rusxg3297",
 "maturityTime": "2025-10-10T00:00:00z",
 "maturityEvent": "9f33f577811da09fc90ad46586308e8c75acef9201fb1a66c",
 "borrowAmount": "20000",
 "vaultAddress": "bc1p6r4u4qlajya6feu337gtngksgeyf4nf0mf4q35gtcj5v0ja9m00q3eagh3",
 "Oracle": "86308e8c75acef9201fb1a66c9f33f577811da09fc90ad465",
 "currentPrice": "50000.00",
 "liquidate_price": "30000.00",
 "liquidate_price_event": "6586308e8c75acef9201fb1a66c9f33f577811da09fc90ad4",
 "collateralAmount": "1",
 "createAt": "2024-10-10T10:10:10z"
}

If the Borrower accepts the loan terms, they proceed by transferring the BTC collateral to the assigned Collateral Vault. Once the deposit is confirmed and verified on the Side Chain, the Lending Contract generates three CETs, which are then co-signed by both the Borrower and the DCM. These CETs correspond to the possible settlement outcomes of the loan agreement:

• Default Liquidation CET: executed if the loan reaches maturity without repayment.

• Price Liquidation CET: triggered if the attested BTC price falls below the liquidation threshold.

• Repayment CET: executed upon successful loan repayment, releasing the collateral back to the borrower.

In code, the adaptor signature generation process is as follows:

// hide CET's signature with adaptor point in the event announcement
let message = sig_hash(psbt);
let adaptor_signature = sign_adaptor(seckey, message, event.adaptor_point);
...
// Later, reveal CET's signature by oracle's signature
let redeem_signature = adaptor_signature.adapt(signature_of_attestation);

The Borrower then submits the CETs and corresponding adaptor signatures to the Lending Contract on the Side Chain in order to claim the loan assets (e.g., USDC).

At this point, the collateral is securely locked in the Collateral Vault, and the Borrower has successfully received the loan. The Borrower may choose to repay the loan at any time prior to the Maturity Date.