Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability

Tremendous growth in cryptocurrency usage is exposing the inherent scalability issues with permissionless blockchain technology. Payment-channel networks (PCNs) have emerged as the most widely deployed solution to mitigate the scalability issues, allowing the bulk of payments between two users to be carried out off-chain. Unfortunately, as reported in the literature and further demonstrated in this paper, current PCNs do not provide meaningful security and privacy guarantees [30], [40]. In this work, we study and design secure and privacypreserving PCNs. We start with a security analysis of existing PCNs, reporting a new attack that applies to all major PCNs, including the Lightning Network, and allows an attacker to steal the fees from honest intermediaries in the same payment path. We then formally define anonymous multi-hop locks (AMHLs), a novel cryptographic primitive that serves as a cornerstone for the design of secure and privacy-preserving PCNs. We present several provably secure cryptographic instantiations that make AMHLs compatible with the vast majority of cryptocurrencies. In particular, we show that (linear) homomorphic one-way functions suffice to construct AMHLs for PCNs supporting a script language (e.g., Ethereum). We also propose a construction based on ECDSA signatures that does not require scripts, thus solving a prominent open problem in the field. AMHLs constitute a generic primitive whose usefulness goes beyond multi-hop payments in a single PCN and we show how to realize atomic swaps and interoperable PCNs from this primitive. Finally, our performance evaluation on a commodity machine finds that AMHL operations can be performed in less than 100 milliseconds and require less than 500 bytes of communication overhead, even in the worst case. In fact, after acknowledging our attack, the Lightning Network developers have implemented our ECDSA-based AMHLs into their PCN. This demonstrates the practicality of our approach and its impact on the security, privacy, interoperability, and scalability of today’s cryptocurrencies. ∗Both contributed equally and are considered to be co-first authors. ¶ This work was done while this author was at Purdue University.

[1]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[2]  Emin Gün Sirer,et al.  Teechan: Payment Channels Using Trusted Execution Environments , 2016, ArXiv.

[3]  Ian Miers,et al.  Charm: a framework for rapidly prototyping cryptosystems , 2013, Journal of Cryptographic Engineering.

[4]  Stefan Thomas,et al.  A Protocol for Interledger Payments , 2016 .

[5]  Abhi Shelat,et al.  Secure Two-party Threshold ECDSA from ECDSA Assumptions , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[6]  Aniket Kate,et al.  AnoA: A Framework for Analyzing Anonymous Communication Protocols , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[7]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[8]  Rami Khalil,et al.  Revive: Rebalancing Off-Blockchain Payment Networks , 2017, IACR Cryptol. ePrint Arch..

[9]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[10]  Christian Decker,et al.  A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels , 2015, SSS.

[11]  Yehuda Lindell,et al.  Fast Secure Two-Party ECDSA Signing , 2017, Journal of Cryptology.

[12]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[13]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[14]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[15]  I. Damgård,et al.  The protocols. , 1989, The New Zealand nursing journal. Kai tiaki.

[16]  Sonia Fahmy,et al.  Mind Your Credit: Assessing the Health of the Ripple Credit Network , 2017, WWW.

[17]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[18]  Fan Zhang,et al.  Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware , 2017, IACR Cryptol. ePrint Arch..

[19]  Emin Gün Sirer,et al.  Teechain: Reducing Storage Costs on the Blockchain With Offline Payment Channels , 2018, SYSTOR.

[20]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[21]  Giulio Malavolta,et al.  Privacy-preserving Multi-hop Locks for Blockchain Scalability and Interoperability ∗ , 2018 .

[22]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[23]  Stefan Dziembowski,et al.  Perun: Virtual Payment Hubs over Cryptocurrencies , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[24]  Jan Camenisch,et al.  A Formal Treatment of Onion Routing , 2005, CRYPTO.

[25]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[26]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[27]  Matthew Green,et al.  Bolt: Anonymous Payment Channels for Decentralized Currencies , 2017, CCS.

[28]  Giulio Malavolta,et al.  Concurrency and Privacy with Payment-Channel Networks , 2017, IACR Cryptol. ePrint Arch..

[29]  Feng Hao,et al.  Towards Bitcoin Payment Networks , 2016, ACISP.

[30]  Ethan Heilman,et al.  TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub , 2017, NDSS.

[31]  Ian Goldberg,et al.  Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions , 2017, NDSS.

[32]  Andrew Miller,et al.  Sprites: Payment Channels that Go Faster than Lightning , 2017, ArXiv.

[33]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[34]  Prateek Saxena,et al.  A Secure Sharding Protocol For Open Blockchains , 2016, CCS.

[35]  Stefan Dziembowski,et al.  General State Channel Networks , 2018, CCS.