1. M. Andrychowicz, S. Dziembowski, D. Malinowski, and Ł. Mazurek. Fair Two-Party Computations via the BitCoin Deposits. Cryptology ePrint Archive, 2013.

2. M. Andrychowicz, S. Dziembowski, D. Malinowski, and Ł. Mazurek. Secure Multiparty Computations on BitCoin. Cryptology ePrint Archive, 2013. http://eprint.iacr.org/2013/784.

3. Adam Back and Iddo Bentov. Note on fair coin toss via bitcoin, 2013. http://www.cs.technion.ac.il/˜idddo/cointossBitcoin.pdf.

4. S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system, 2008.

1. A holds the key pair A and B holds the key pair B.

2. A knows the secret sA, B knows the secret sB , both players know the hashes hsA = H (sA) and hsB = H (sB).

3. There are four unredeemed transactions T1A, T2A and T1B , T2B, which can be redeemed with the keys A and B respectively, each having the value of d B.

1. A draws a random string rA and B draws a random string rB.

2. The parties execute CS.Commit(A, B, d, t, rA) and CS.Commit(B, A, d, t, rB) using T1A and T1B respectively. The former execution will be denoted CSA and the latter CSB . Recall that the parties quit the whole NewSCS protocol if they detect the misbehavior of the other party during one of the CS.Commit executions.

3. Both players compute the body of the transaction Commit using T2A and T2B as inputs.