How might this affect privacy? Is Boltz able to associate swaps that use the same master key?
Say adiós to per-swap refund files 👋
Say hola to the Boltz Rescue Key 🛟
At boltz.exchange, we’re dramatically simplifying swap UX: instead of downloading a new refund file for every submarine or chain swap, you’ll now only need one Boltz Rescue Key—downloaded once—and we'll never bother with downloads again 🙏
How It Works
🔑 The Boltz Rescue Key functions as master refund key, deriving a new key for every swap
🖥️ It works on any device and lets you create refunds for all swaps created with it.
⚛️All without compromising the non-custodial characteristic of Boltz Swaps.
Why It Matters
The Boltz Rescue Key reduces the risk of users misplacing individual refund files and losing access to funds locked in swaps—especially critical for web-based swaps (like boltz.exchange) that require external key backups.
Related releases:
https://github.com/BoltzExchange/boltz-web-app/releases/tag/v1.7.0
https://github.com/BoltzExchange/boltz-backend/releases/tag/v3.10.0
Discussion
Good question! For full transparency:
In this scenario it can:
a) you used the same rescue key for all your swaps and then use the rescue key file on a different browser to scan your rescue key for refundable swaps
In these scenarios it can't:
b) you refund using the same browser (using local storage, not the rescue key file)
c) you download a new rescue key for every swap just like before which is the default behavior for privacy browsers on a fresh local storage (see https://x.com/kilrau/status/1899852590797488332)
For privacy-conscious users, option c) avoids potential linking.
Just to have said it: we launched this for a reason
The old approach of per-swap refund files didn't work in some very painful edge cases. The idea is that with option c) we can serve both needs - privacy for the privacy-focused and emergency rescue for those in need.
Please let us know what we can improve 🙏