Bitcontracts: Adding Expressive Smart Contracts to Legacy Cryptocurrencies

In contrast to traditional contracts, cryptocurrencybased smart contracts can provide improved business automation and more transparency. However, not all cryptocurrencies support expressive contracts. For example, Bitcoin only supports a restricted scripting language that is not expressive enough to realize many contracts. Ethereum supports a Turing-complete programming language, but the types of contracts that can be implemented are still severely constrained due to gas limits. Recent research has explored ways to add contract support to legacy currencies like Bitcoin or enable more complex contracts on systems like Ethereum, but such previous solutions have significant security and functional limitations. In this paper we propose Bitcontracts, a novel solution to enable generic and expressive smart contracts on legacy cryptocurrencies. The starting point of our solution is a common off-chain execution model, where the contract’s issuers appoints a set of service providers to execute the contract’s code; the contract’s execution results are accepted if a quorum of service providers reports the same result; and clients are free to choose which such contracts they trust and use. The main technical challenge of this paper is how to realize such a trust model securely and efficiently without modifying the underlying blockchain. Bitcontracts achieves this using two main techniques. First, the state of each contract is stored on the chain which avoids the need to run expensive consensus protocols between the service providers. Second, the validity of each execution result is bound to the latest state of the chain to prevent double-spending attacks. Bitcontracts can be used to retrofit contracts to currencies like Bitcoin or to extend the contract execution capabilities of systems like Ethereum. We also identify a set of generic properties that a blockchain system must support so that expressive smart contracts can be added safely and efficiently, and analyze existing blockchains based on these criteria.

[1]  Carl A. Gunter,et al.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX , 2017, CCS.

[2]  Arthur Gervais,et al.  Do you Need a Blockchain? , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[3]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[4]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[5]  Sourav Das,et al.  YODA: Enabling computationally intensive contracts on blockchains with Byzantine and Selfish nodes , 2018, NDSS.

[6]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[7]  Arthur Gervais,et al.  Ethereum Eclipse Attacks , 2016 .

[8]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[9]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[10]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[11]  Srdjan Capkun,et al.  ACE: Asynchronous and Concurrent Execution of Complex Smart Contracts , 2020, IACR Cryptol. ePrint Arch..

[12]  S. Matthew Weinberg,et al.  Arbitrum: Scalable, private smart contracts , 2018, USENIX Security Symposium.

[13]  Tommaso Frassetto,et al.  FastKitten: Practical Smart Contracts on Bitcoin , 2019, IACR Cryptol. ePrint Arch..

[14]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[15]  Yuan Xiao,et al.  SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution , 2018, ArXiv.

[16]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[17]  Stefan Dziembowski,et al.  PERUN: Virtual Payment Channels over Cryptographic Currencies , 2017, IACR Cryptol. ePrint Arch..

[18]  Patrick McCorry,et al.  You Sank My Battleship! A Case Study to Evaluate State Channels as a Scaling Solution for Cryptocurrencies , 2019, Financial Cryptography Workshops.

[19]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[20]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[21]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[22]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[23]  Stefan Dziembowski,et al.  General State Channel Networks , 2018, CCS.

[24]  Christian Decker,et al.  A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels , 2015, SSS.

[25]  Iddo Bentov,et al.  Sprites and State Channels: Payment Networks that Go Faster Than Lightning , 2017, Financial Cryptography.

[26]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[27]  Yongge Wang,et al.  The limit of blockchains , 2018, IACR Cryptol. ePrint Arch..

[28]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[29]  Nick Szabo,et al.  Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[30]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[31]  Forrest Stonedahl,et al.  Data Insertion in Bitcoin's Blockchain , 2018, Ledger.

[32]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).