
Mercury Layer
Overview
Status
Mainnet
Type
Statechain
Fee Token
BTC
BTC Supply
Unavailable
Mercury Layer is an implementation of the statechain protocol. Statechains enable the offchain transfer of UTXO ownership by transferring key shares from one entity to the next with support of a trusted third party, the statechain entity. A statecoin owner can unilaterally exit back to Bitcoin’s L1 network, given the statechain entity doesn’t collude with a previous statecoin owner. Mercury Layer utilizes an HSM server that leverages blind co-signing and key share updates. The system relies entirely on client-side software to manage the statechain transfer history and handle transaction validation.
CUSTODY
DATA AVAILABILITY
OPERATORS
FINALITY ASSURANCE
Risk Summary
Users trust the statechain entity with key deletion
If the statechain entity does not delete the keyshare it held with the previous owner, they can collude and immediately spend funds. This effectively results in the current owner's funds being stolen.
Users must watch for previous owners' unilateral exit transactions
If a previous owner of the UTXO broadcasts their unilateral exit transaction, and the current owner does not broadcast their own, the previous owner can steal funds.
Trust Assumption Review
BTC Custody
Low
✅
A locked UTXO is collaboratively managed between a trusted server and the statecoin owner, with full L1 UTXO ownership enforceable after a timelock expiry
The statechain setup involves locking a UTXO onchain with the private key shared between the operator and the current statecoin owner. Although the Mercury Layer server acts as a trusted entity, users are safeguarded against potential unresponsiveness by having the ability to unilaterally exit and enforce their UTXO ownership onchain as each transfer is secured by a decrementing timelock mechanism and a series of backup transactions.
Data Availability
Low
✅
Transaction verification and data transmission happens via a client-side validation model
Transaction data is self-hosted. The operator blindly signs and timestamps the individual statechain states and the transfer history gets passed on between clients. Due to the use of blind signing, the operator remains unaware of the transfer history.
Network Operators
Very High
🛑
The network operator is a single server
The system employs a statechain entity that generates and updates key shares in addition to offering a blind signing service. The statechain entity is a centralized server.
Finality Guarantees
Very High
🛑
There is no way to prove key deletion from the statechain entity
Finality is provided by the statechain entity deleting the keyshare that it held with the previous owner. This implementation's statechain entity is a single signer.
If the entity does not delete the keyshare, then it can collude with a previous owner and double spend the new owner.
There is no way to prove that the entity deleted its previous keyshare. Users are unable to have any finality assurances in this set up.
If the entity does not delete the keyshare, then it can collude with a previous owner and double spend the new owner.
There is no way to prove that the entity deleted its previous keyshare. Users are unable to have any finality assurances in this set up.
Bitcoin Security
Bitcoin finalizes statechain initiation and closures
The protocol enables users to unilaterally exit. Users only need to interact with the bitcoin network to exit the protocol.
The protocol does not enable MEV on bitcoin. Transaction verification happens via a client-side validation mechanism
Due to transaction sequencing being offchain, the protocol does not enable MEV on the Layer 1.
No alternative token is being introduced
The protocol does not need another token for transaction fees or other use cases.
Mercury Layer does not contribute to the security budget
Statechains do not interact with the base layer outside of uses unilaterally exiting with their funds. Unilateral exit transactions pay L1 transaction fees.
Additional considerations
Statechains only allow for fixed-value transfers
Mercury Layer facilitates the offline transfer of UTXO ownership through the transfer of private key shares. Ownership transfer and not involving Bitcoin L1 interaction implies that UTXOs cannot be split and must always be transferred as a whole.
Withdrawals
Users can unilaterally exit given the statechain entity doesn’t collude with a previous statecoin owner
Mercury Layer permits unilateral exits. To reclaim full UTXO ownership on bitcoin L1, the current owner can close the statechain by creating an onchain transaction that spends the UTXO. In an orderly closure, the statechain operator co-signs this transaction with its key share. In an uncooperative scenario, the statecoin owner can use their backup transaction to reclaim the UTXO onchain after a timelock expiry.
Technology
Blind signing server
Mercury Layer employs a blind signing server that has two functions. One, it can create partial blind signatures to co-sign statechain transfers together with the user using a variant of MuSig2. Second, the Mercury Layer server can update the key shares needed for co-signing.
The operator uses an HSM for key handling and key deletion after cosigning each new holder's withdrawal transaction.
The operator uses an HSM for key handling and key deletion after cosigning each new holder's withdrawal transaction.
Adding a decrementing timelock to the backup transaction
In the absence of covenants, which could invalidate old transactions, Mercury Layer employs nLocktime with decrementing timelocks to ensure users can reclaim their bitcoin L1 funds in case of server failure or attempted misbehavior of previous owners. Each time a statechain is transferred to a new owner, the timelock on the backup transaction is reduced. By progressively decreasing the timelock, Mercury Layer enables the current owner to claim the L1 funds before a previous owner can do so by publishing an old backup transaction.
Use Cases
Enhanced privacy with blind statechains
The blinding feature of MuSig2 prevents the statechain entity from learning about transaction details, such as the TxID, the full shared public key, the final signature it co-generates, or any information about statechain closure transactions.
Source Code
Code is open-source
Mercury Layer code is open-source available under the terms of the GNU General Public License.
Knowledge Bits
Learn more
Statechains are L2s, by the Bitcoin Layers team
Statechains Whitepaper, by Ruben Somsen
Statechains: Non-custodial Off-chain Bitcoin Transfer, by Ruben Somsen
Mercury Layer's Lightning Latch Swap Protocol by Shinobi (BM, Mar 2024)
Nicholas Gregory on Mercury Layer, Lightning Network, and More | Bitfinex Talk (Youtube, May 2024)
Statechains Whitepaper, by Ruben Somsen
Statechains: Non-custodial Off-chain Bitcoin Transfer, by Ruben Somsen
Mercury Layer's Lightning Latch Swap Protocol by Shinobi (BM, Mar 2024)
Nicholas Gregory on Mercury Layer, Lightning Network, and More | Bitfinex Talk (Youtube, May 2024)