TxChain: Efficient Cryptocurrency Light Clients via Contingent Transaction Aggregation

Cryptocurrency lightor simplified payment verification (SPV) clients allow nodes with limited resources to efficiently verify execution of payments. Instead of downloading the entire blockchain, only block headers and selected transactions are stored. Still, the storage and bandwidth cost, linear in blockchain size, remain non-negligible, especially for smart contracts and mobile devices: as of April 2020, these amount to 50 MB in Bitcoin and 5 GB in Ethereum. Recently, two improved sublinear light clients were proposed: to validate the blockchain, NIPoPoWs and FlyClient only download a polylogarithmic number of block headers, sampled at random. The actual verification of payments, however, remains costly: for each verified transaction, the corresponding block must too be downloaded. This yields NIPoPoWs and FlyClient only effective under low transaction volumes. We present TXCHAIN, a novel mechanism to maintain efficiency of light clients even under high transaction volumes. Specifically, we introduce the concept of contingent transaction aggregation, where proving inclusion of a single contingent transaction implicitly proves that n other transactions exist in the blockchain. To verify n payments, TXCHAIN requires a only single transaction in the best (n ≤ c), and d c + logc(n)e transactions in the worst case (n > c). We deploy TXCHAIN on Bitcoin without consensus changes and implement a soft fork for Ethereum. To demonstrate effectiveness in the cross-chain setting, we implement TXCHAIN as a smart contract on Ethereum to efficiently verify Bitcoin payments.

[1]  Jacob Eberhardt,et al.  zkRelay: Facilitating Sidechains using zkSNARK-based Chain-Relays , 2020, 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[2]  Edgar R. Weippl,et al.  (Short Paper) A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice , 2018, IACR Cryptol. ePrint Arch..

[3]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[4]  Hubert Ritzdorf,et al.  On the Security and Performance of Proof of Work Blockchains , 2016, IACR Cryptol. ePrint Arch..

[5]  Benjamin Livshits,et al.  Broken Metre: Attacking Resource Metering in EVM , 2019, NDSS.

[6]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[7]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[8]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[9]  Aggelos Kiayias,et al.  Non-Interactive Proofs of Proof-of-Work , 2020, IACR Cryptol. ePrint Arch..

[10]  Alexei Zamyatin,et al.  XCLAIM: Trustless, Interoperable, Cryptocurrency-Backed Assets , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[11]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[12]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[13]  Pieter Wuille,et al.  Enabling Blockchain Innovations with Pegged Sidechains , 2014 .

[14]  Dario Fiore,et al.  Vector Commitments and Their Applications , 2013, Public Key Cryptography.

[15]  Aggelos Kiayias,et al.  SoK: Communication Across Distributed Ledgers , 2019, IACR Cryptol. ePrint Arch..

[16]  Loi Luu,et al.  FlyClient: Super-Light Clients for Cryptocurrencies , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[17]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[18]  Ethan Buchman,et al.  Tendermint: Byzantine Fault Tolerance in the Age of Blockchains , 2016 .

[19]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[20]  Aggelos Kiayias,et al.  Proof-of-Work Sidechains , 2019, IACR Cryptol. ePrint Arch..

[21]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[22]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[23]  Hubert Ritzdorf,et al.  Tampering with the Delivery of Blocks and Transactions in Bitcoin , 2015, IACR Cryptol. ePrint Arch..

[24]  Rachele Fuzzati,et al.  A formal approach to fault tolerant distributed consensus , 2008 .