Teechain: A Secure Asynchronous Blockchain Payment Network

Blockchain protocols exchange payment transactions securely, but their performance is limited by the need to achieve global consensus. Payment networks, as a second layer on top of blockchains, allow more efficient payments between parties. Existing payment networks, however, are fundamentally insecure: they assume synchronous blockchain access, i.e., that participants can write transactions to the blockchain within bounded time. As shown recently, attackers can delay transactions with current blockchains, which only offer best-effort write latencies, and thus steal funds. We describe Teechain, the first layer-two payment network that only requires asynchronous blockchain access. Teechain exploits trusted execution environments (TEEs) in modern CPUs: Teechain constructs a decentralised network of TEEs and uses TEEs to secure collateral funds in payment channels without further interaction with the blockchain. Since TEEs provide no availability guarantees and may be compromised themselves, Teechain mitigates against Byzantine TEE failures through a novel combination of chain replication and threshold secret sharing. Teechain achieves at least 33x higher transaction throughput than the Lightning Network with similar latencies, while placing 75% fewer transactions on the blockchain in the common case. A Teechain deployment with 30 machines can handle over 1 million Bitcoin transactions per second.

[1]  Elaine Shi,et al.  The Honey Badger of BFT Protocols , 2016, CCS.

[2]  Syed Taha Ali,et al.  The Nuts and Bolts of Micropayments: A Survey , 2017, ArXiv.

[3]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[4]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[5]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[6]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[7]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[8]  David M. Eyers,et al.  Glamdring: Automatic Application Partitioning for Intel SGX , 2017, USENIX Annual Technical Conference.

[9]  Bogdan Warinschi,et al.  Foundations of Hardware-Based Attested Computation and Application to SGX , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[10]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[11]  Bryan Ford,et al.  Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[12]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[13]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[14]  Frank Piessens,et al.  Ariadne: A Minimal Approach to State Continuity , 2016, USENIX Security Symposium.

[15]  Prateek Saxena,et al.  Obscuro: A Bitcoin Mixer using Trusted Execution Environments , 2018, IACR Cryptol. ePrint Arch..

[16]  Elaine Shi,et al.  Hybrid Consensus: Efficient Consensus in the Permissionless Model , 2016, DISC.

[17]  Aviv Zohar,et al.  Accelerating Bitcoin's Transaction Processing. Fast Money Grows on Trees, Not Chains , 2013, IACR Cryptol. ePrint Arch..

[18]  Christian Decker,et al.  A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels , 2015, SSS.

[19]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions: EPID Provisioning and Attestation Services , 2016 .

[20]  Leslie Lamport,et al.  Paxos Made Simple , 2001 .

[21]  Christian Cachin,et al.  Architecture of the Hyperledger Blockchain Fabric , 2016 .

[22]  Fan Zhang,et al.  Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware , 2017, IACR Cryptol. ePrint Arch..

[23]  Conrad Burchert,et al.  Scalable funding of Bitcoin micropayment channel networks , 2017, Royal Society Open Science.

[24]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[25]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[26]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[27]  Emin Gün Sirer,et al.  Bitcoin-NG: A Scalable Blockchain Protocol , 2015, NSDI.

[28]  Andrew Miller,et al.  Sprites: Payment Channels that Go Faster than Lightning , 2017, ArXiv.

[29]  David Mazières The Stellar Consensus Protocol : A Federated Model for Internet-level Consensus , 2015 .

[30]  Snowflake to Avalanche : A Novel Metastable Consensus Protocol Family for Cryptocurrencies Team Rocket , 2018 .

[31]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[32]  Giulio Malavolta,et al.  Concurrency and Privacy with Payment-Channel Networks , 2017, IACR Cryptol. ePrint Arch..

[33]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[34]  A. Narayanan,et al.  Securing Bitcoin wallets via a new DSA / ECDSA threshold signature scheme , 2015 .

[35]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[36]  Emin Gün Sirer,et al.  Teechan: Payment Channels Using Trusted Execution Environments , 2016, ArXiv.

[37]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[38]  Yoad Lewenberg,et al.  Inclusive Block Chain Protocols , 2015, Financial Cryptography.