Atomic swaps are a fundamental primitive for the trustless exchange of digital assets across blockchains: they guarantee that either both parties receive the agreed assets or neither party transfers. While this all-or-nothing guarantee is powerful, it also imposes an inherent determinism that rules out exchanges whose intended outcome is probabilistic. As a result, existing atomic swaps cannot realize trustless exchanges in which one party pays for a fixed chance of receiving a larger asset or reward, as in lotteries, randomized allocation mechanisms, and probabilistic cross-chain trades. We introduce probabilistic swaps, a new cryptographic primitive that extends atomic swaps to the probabilistic setting. In a probabilistic swap, one party's transfer is executed with a fixed, publicly specified probability embedded in the protocol and cannot be biased by either party. This yields a trustless mechanism for randomized exchange with verifiable odds and no trusted intermediary. Our construction combines adaptor signatures with oblivious pseudorandom functions (OPRFs) to realize the desired probabilistic outcome while ensuring that neither party can predict or bias it in advance. Along the way, we introduce a new mechanism for the atomic exchange of OPRF evaluations for payments, which may be of independent interest. A key feature of our approach is that it preserves the minimal on-chain footprint of modern atomic-swap protocols. The protocol relies only on standard Bitcoin scripts, such as digital signatures and timelocks, and is deployable on any blockchain that already supports atomic swaps. Consequently, probabilistic swaps are indistinguishable from ordinary on-chain transactions, which helps preserve privacy and fungibility. We provide formal security foundations and demonstrate practicality through a probabilistic swap in the Bitcoin testnet and in the Lightning Network.

翻译：原子交换是实现跨区块链数字资产无信任交换的基本原语：它能保证要么双方都收到约定的资产，要么双方都不进行转移。尽管这种“全有或全无”的保证功能强大，但它也强加了固有的确定性，从而排除了预期结果为概率性的交换。因此，现有的原子交换无法实现无信任的交换，例如一方支付固定费用以获取获得更大资产或奖励的概率性机会，这体现在彩票、随机分配机制和概率性跨链交易中。我们引入了概率性交换，这是一种新的密码学原语，将原子交换扩展到概率性场景。在概率性交换中，一方的转移以协议中嵌入的、公开指定的固定概率执行，且任何一方都无法偏倚该概率。这产生了一种无需可信中介、具备可验证几率的随机交换无信任机制。我们的构造将适配器签名与不经意伪随机函数（OPRF）相结合，以实现所需的概率性结果，同时确保任何一方都无法提前预测或偏倚该结果。在此过程中，我们引入了一种用于支付交换OPRF评估的原子交换新机制，这可能具有独立的研究价值。我们方法的一个关键特性是保留了现代原子交换协议最小的链上足迹。该协议仅依赖标准的比特币脚本，如数字签名和时间锁，并且可以部署在任何已支持原子交换的区块链上。因此，概率性交换与普通链上交易难以区分，这有助于保护隐私和可互换性。我们提供了形式化的安全基础，并通过在比特币测试网和闪电网络中的概率性交换演示了其实用性。