Mercury is a new Bitcoin layer-2 scaling technology, based on the concept of statechains, that enables private keys for BTC deposits (UTXOs) to be transfered securely between owners without requiring an on-chain transaction. This enables users to transfer full cusody of an amount of BTC to anyone almost instantly, with increased privacy, and without having to pay miner fees.Read More →
A statechain is a cryptographic data structure that consists of a chain of digital signatures transfering ownership of a specific statecoin between owners. Similar to a blockchain or sidechain, the statechain acts as immutable cryptographic proof of ownership and a proof that a statecoin has not been double spent, however there are no scalability issues as users only need to verify statechains of the coins they own (which is done automatically by the Mercury wallet). The statechain entity compresses the chains of all of the statecoins it operates into a sparse Merkle tree which is committed to the Bitcoin blockchain.
A statecoin is a specific amount of Bitcoin that has been deposited to an address where the corresponding private key is split between the depositor and the Mercury server (or 'statechain entity') and the depositor holds a time-locked 'backup transaction' that allows them to claim full control of the coin after a specified locktime. The full private key of the statecoin is never known by any party, and both the owner and the statechain entity must cooperate to sign transactions.
The statecoin address (derived from a shared public key) is generated in a multi-party-computation (MPC) between the depositor and the statechain entity as part of the deposit process. Each party then holds a share of the full private key, but the full private key is never known to anyone, however they can both cooperate in a second MPC to generate a valid signature on a spending transaction.
The receiver of a statecoin generates a 'statecoin address' (which is a Bech32 encoded public key with an 'sc' prefix) from their Mercury wallet. The sender then enters this address into their wallet which cooperates with statechain entity to generate an encoded 'transfer message' which is then sent to the receiver. The transfer message includes a signed backup transaction that superceeds that of the previous owners (it becomes valid sooner), cryptographic proof of ownership, and a blinded key transfer value. The receiver then inputs this transfer message into their wallet and the transfer is completed with the server. The server private key share is updated via an MPC so that only the recievers new private key share can be used to sign valid transactions with the server, and the sender private key share becomes invalid.
Any statecoin can be withdrawn by the owner to any specified wallet address at any time from the Mercury wallet. The wallet and the statechain entity perform an MPC to sign a valid withdrawal transaction with their private key shares, spending the statecoin UTXO to the specified Bitcoin address.
In the Mercury protocol, the statechain entity must be trusted to operate honestly (by deleting expired private key shares) however it never has custody or control over deposits and cannot be compelled to confiscate or freeze funds. If the statechain entity disappears or is uncontactable then the owner will have to wait until the lock-time of their backup transaction to full control of the coin.
All statchain entity key shares and cryptographic MPC operations are performed within the Mercury Lockbox, which is run as a secure enclave on trusted hardware using the Intel SGX system. This means that even the statechain entity operators cannot view or determine the Lockbox private key shares, and they can be securely deleted once expired. The operation of the Lockbox can be independently verified via remote attestation via the Intel Attestation Service (IAS).
Equal value statecoins can be atomicly swapped with other users via a blinded swap protocol to increase privacy. The Mercury wallet can automtatically perform swaps with other anonymous users by joining swap pools via the Mercury server, and the Mercury wallet interface provides information on the privacy status of each statecoin in the wallet.