Deposit Address Structure
Each user deposit address is a Pay-to-Taproot (P2TR) output with three spend paths:Key-Path: 2-of-2 MuSig2
- The internal key is a MuSig2 aggregate of the user’s key and the platform’s key.
- Both parties must participate in the two-round MuSig2 signing protocol to produce a valid signature.
- On-chain, a cooperative spend is indistinguishable from a single-sig Taproot payment (Taproot privacy).
Script-Path Leaf U: User Recovery
- Requires the user’s signature and a CSV timelock of approximately 30 days.
- Allows the user to recover funds unilaterally if the platform becomes unavailable.
- No third-party intervention is needed.
Script-Path Leaf P: Platform Recovery
- Requires the platform’s signature and a CSV timelock of approximately 60 days.
- Allows the platform to recover dormant funds after a longer waiting period.
- Only activates well after the user’s own recovery window.
Pool Address Structure
Pool addresses are single-sig, controlled by the platform key. They are not MuSig2 addresses. The platform signs pool-side inputs directly during swap execution. Only user deposit addresses use the 2-of-2 MuSig2 scheme.Spend Scenarios
| Scenario | Spend Path | Requirement |
|---|---|---|
| Normal operation (swap, withdraw, LP) | Key-path MuSig2 | Both user and platform sign cooperatively |
| Platform offline | Script-path Leaf U | User waits for the CSV timelock, then spends unilaterally |
| User offline | No spend possible | Platform cannot spend alone (2-of-2 requirement) |
| Both offline | Locked | Funds remain locked until either party returns or a CSV timelock expires |
Security Properties
- No unilateral platform spend. The 2-of-2 MuSig2 key-path requires both parties. The platform cannot move user deposits without user participation.
- User self-rescue. If the platform disappears, the user recovers funds after the CSV timelock. No third-party intervention is needed.
- Platform dormant recovery. If the user abandons funds, the platform can recover them after a longer CSV timelock.
- On-chain privacy. Cooperative key-path spends reveal no script structure. Observers cannot distinguish Bitrune deposits from ordinary single-sig Taproot payments.
- No guardian multisig. Pool and platform keys are single-sig. Only user deposit addresses use MuSig2.