MAD-HTLC: Because HTLC is Crazy-Cheap to Attack

Smart Contracts and transactions allow users to implement elaborate constructions on cryptocurrency blockchains like Bitcoin and Ethereum. Many of these constructions, including operational payment channels and atomic swaps, use a building block called Hashed Time-Locked Contract (HTLC).In this work, we distill from HTLC a specification (HTLC-Spec), and present an implementation called Mutual-Assured-Destruction Hashed Time-Locked Contract (MAD-HTLC). MAD-HTLC employs a novel approach of utilizing the existing blockchain operators, called miners, as part of the design. If a user misbehaves, MAD-HTLC incentivizes the miners to confiscate all her funds. We prove MAD-HTLC’s security using the UC framework and game-theoretic analysis. We demonstrate MAD-HTLC’s efficacy and analyze its overhead by instantiating it on Bitcoin’s and Ethereum’s operational blockchains.Notably, current miner software makes only little effort to optimize revenue, since the advantage is relatively small. However, as the demand grows and other revenue components shrink, miners are more motivated to fully optimize their fund intake. By patching the standard Bitcoin client, we demonstrate such optimization is easy to implement, making the miners natural enforcers of MAD-HTLC.Finally, we extend previous results regarding HTLC vulnerability to bribery attacks. An attacker can incentivize miners to prefer her transactions by offering high transaction fees. We demonstrate this attack can be easily implemented by patching the Bitcoin client, and use game-theoretic tools to qualitatively tighten the known cost bound of such bribery attacks in presence of rational miners. We identify bribe opportunities occurring on the Bitcoin and Ethereum main networks where a few dollars bribe could yield tens of thousands of dollars in reward (e.g., $2 for over $25K).

[1]  Uwe Zdun,et al.  Smart contracts: security patterns in the ethereum ecosystem and solidity , 2018, 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE).

[2]  T. Maugh Why buy when you can rent? , 1984, Science.

[3]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[4]  Stefan Dziembowski,et al.  Efficient Zero-Knowledge Contingent Payments in Cryptocurrencies Without Scripts , 2016, ESORICS.

[5]  S. Matthew Weinberg,et al.  Bitcoin: A Natural Oligopoly , 2018, ITCS.

[6]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[7]  Alexei Zamyatin,et al.  XCLAIM: Trustless, Interoperable, Cryptocurrency-Backed Assets , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[8]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[9]  Georg Fuchsbauer,et al.  WI Is Not Enough: Zero-Knowledge Contingent (Service) Payments Revisited , 2019, IACR Cryptol. ePrint Arch..

[10]  Emin Gün Sirer,et al.  Bitcoin Covenants , 2016, Financial Cryptography Workshops.

[11]  Yoav Shoham,et al.  Multiagent Systems - Algorithmic, Game-Theoretic, and Logical Foundations , 2009 .

[12]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[13]  Matthew Green,et al.  Bolt: Anonymous Payment Channels for Decentralized Currencies , 2017, CCS.

[14]  Maurice Herlihy,et al.  Atomic Cross-Chain Swaps , 2018, PODC.

[15]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[16]  Jérémy Briffaut,et al.  Extending Atomic Cross-Chain Swaps , 2019, DPM/CBT@ESORICS.

[17]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[18]  Giulio Malavolta,et al.  Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability , 2019, NDSS.

[19]  S. Hart,et al.  Handbook of Game Theory with Economic Applications , 1992 .

[20]  Prateek Saxena,et al.  Finding The Greedy, Prodigal, and Suicidal Contracts at Scale , 2018, ACSAC.

[21]  Chris Dannen,et al.  Introducing Ethereum and Solidity , 2017 .

[22]  Ittay Eyal,et al.  Multi-Party Timed Commitments , 2020, ArXiv.

[23]  Majid Khabbazian,et al.  Outpost: A Responsive Lightweight Watchtower , 2019, IACR Cryptol. ePrint Arch..

[24]  Stefan Dziembowski,et al.  General State Channel Networks , 2018, CCS.

[25]  Abhi Shelat,et al.  A Better Method to Analyze Blockchain Consistency , 2018, CCS.

[26]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[27]  Sarah Meiklejohn,et al.  Smart contracts for bribing miners , 2018, IACR Cryptol. ePrint Arch..

[28]  Edgar R. Weippl,et al.  Pay-To-Win: Incentive Attacks on Proof-of-Work Cryptocurrencies , 2019, IACR Cryptol. ePrint Arch..

[29]  Syed Taha Ali,et al.  Why Preventing a Cryptocurrency Exchange Heist Isn't Good Enough , 2018, Security Protocols Workshop.

[30]  A. Sonnino,et al.  State Machine Replication in the Libra Blockchain , 2019 .

[31]  Pedro Moreno-Sanchez,et al.  A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network , 2020, 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[32]  Elaine Shi,et al.  Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab , 2016, Financial Cryptography Workshops.

[33]  Stefan Dziembowski,et al.  FairSwap: How To Fairly Exchange Digital Goods , 2018, IACR Cryptol. ePrint Arch..

[34]  B. Bernheim Rationalizable Strategic Behavior , 1984 .

[35]  Ittay Eyal,et al.  The Gap Game , 2018, SYSTOR.

[36]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[37]  Tommaso Gagliardoni,et al.  The Wonderful World of Global Random Oracles , 2018, IACR Cryptol. ePrint Arch..

[38]  Rosario Gennaro,et al.  Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services , 2017, IACR Cryptol. ePrint Arch..

[39]  Blockchains Cannot Rely on Honesty , 2019 .

[40]  Daniel Deudney Whole Earth Security: A Geopolitics of Peace , 1983 .

[41]  L. Shapley,et al.  Stochastic Games* , 1953, Proceedings of the National Academy of Sciences.

[42]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[43]  Klaus Wehrle,et al.  Dispute Resolution for Smart Contract-based Two-Party Protocols , 2019, 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC).

[44]  Andrew Miller,et al.  Pisa: Arbitration Outsourcing for State Channels , 2019, IACR Cryptol. ePrint Arch..

[45]  Bhaskar Krishnamachari,et al.  Solving the Buyer and Seller’s Dilemma: A Dual-Deposit Escrow Smart Contract for Provably Cheat-Proof Delivery and Payment for a Digital Good without a Trusted Mediator , 2018, 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC).

[46]  Stefan Dziembowski,et al.  PERUN: Virtual Payment Channels over Cryptographic Currencies , 2017, IACR Cryptol. ePrint Arch..

[47]  Reinhard Selten Spieltheoretische Behandlung eines Oligopolmodells mit Nachfrageträgheit , 2016 .

[48]  Aggelos Kiayias,et al.  A Composable Security Treatment of the Lightning Network , 2020, 2020 IEEE 33rd Computer Security Foundations Symposium (CSF).

[49]  Alexander Spiegelman,et al.  HEB: Hybrid Expenditure Blockchain. , 2019 .

[50]  Rami Khalil,et al.  Revive: Rebalancing Off-Blockchain Payment Networks , 2017, IACR Cryptol. ePrint Arch..

[51]  R. Aumann Backward induction and common knowledge of rationality , 1995 .

[52]  Ron van der Meyden,et al.  On the specification and verification of atomic swap smart contracts , 2018, ArXiv.

[53]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[54]  Pedro Moreno-Sanchez,et al.  SoK: Off The Chain Transactions , 2019, IACR Cryptol. ePrint Arch..

[55]  Yiyang Bian,et al.  Smart Contract Security: A Software Lifecycle Perspective , 2019, IEEE Access.

[56]  Ran Canetti,et al.  Practical UC security with a Global Random Oracle , 2014, CCS.

[57]  Andrew Jobbings Parity , 2021, Encyclopedia of Evolutionary Psychological Science.

[58]  Jun Sun,et al.  Security Assurance for Smart Contract , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[59]  Steve Kremer,et al.  Contingent payments on a public ledger: models and reductions for automated verification , 2019, IACR Cryptol. ePrint Arch..

[60]  A. Park,et al.  Market Design with Blockchain Technology , 2016 .

[61]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[62]  Sebastian Faust,et al.  Temporary Censorship Attacks in the Presence of Rational Miners , 2019, 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[63]  Jeremy Clark,et al.  SoK: Transparent Dishonesty: Front-Running Attacks on Blockchain , 2019, Financial Cryptography Workshops.

[64]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[65]  Mahdi H. Miraz,et al.  Atomic Cross-Chain Swaps: Development, Trajectory and Potential of Non-Monetary Digital Token Swap Facilities , 2019, SSRN Electronic Journal.

[66]  Fan Zhang,et al.  Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware , 2017, IACR Cryptol. ePrint Arch..

[67]  Joel Watson,et al.  Strategy : An Introduction to Game Theory , 2001 .

[68]  Or Sattath,et al.  Redesigning Bitcoin’s Fee Market , 2017, ACM Trans. Economics and Comput..

[69]  Pedro Moreno-Sanchez,et al.  Generalized Bitcoin-Compatible Channels , 2020, IACR Cryptol. ePrint Arch..

[70]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[71]  Iddo Bentov,et al.  Sprites and State Channels: Payment Networks that Go Faster Than Lightning , 2017, Financial Cryptography.

[72]  Ari Juels,et al.  Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[73]  Feng Hao,et al.  Towards Bitcoin Payment Networks , 2016, ACISP.

[74]  M. Kaminski BACKWARD INDUCTION: MERITS AND FLAWS , 2017 .

[75]  Maureen O'Hara,et al.  From Mining to Markets: The Evolution of Bitcoin Transaction Fees , 2018, Journal of Financial Economics.

[76]  Josef Kittler,et al.  Financial Cryptography and Data Security , 2012, Lecture Notes in Computer Science.

[77]  Aviv Zohar,et al.  Congestion Attacks in Payment Channel Networks , 2020, Financial Cryptography.

[78]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[79]  Ari Juels,et al.  BDoS: Blockchain Denial-of-Service , 2020, CCS.

[80]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[81]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[82]  Marilda Sotomayor Game Theory, Introduction to , 2009, Encyclopedia of Complexity and Systems Science.

[83]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[84]  M. Dufwenberg Game theory. , 2011, Wiley interdisciplinary reviews. Cognitive science.

[85]  R. Rosenthal Games of perfect information, predatory pricing and the chain-store paradox , 1981 .

[86]  Roger Wattenhofer,et al.  Cerberus Channels: Incentivizing Watchtowers for Bitcoin , 2020, IACR Cryptol. ePrint Arch..

[87]  Aviv Zohar,et al.  Flood & Loot: A Systemic Attack on The Lightning Network , 2020, AFT.

[88]  S. Matthew Weinberg,et al.  On the Instability of Bitcoin Without the Block Reward , 2016, CCS.

[89]  Harris Brakmić,et al.  Bitcoin Script , 2019, Bitcoin and Lightning Network on Raspberry Pi.

[90]  Christian Decker,et al.  A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels , 2015, SSS.