OptiSwap: Fast Optimistic Fair Exchange

Selling digital commodities securely over the Internet is a challenging task when Seller and Buyer do not trust each other. With the advent of cryptocurrencies, one prominent solution for digital exchange is to rely on a smart contract as a trusted arbiter that fairly resolves disputes when Seller and Buyer disagree. Such protocols have an optimistic mode, where the digital exchange between the parties can be completed with only minimal interaction with the smart contract. In this work we present OptiSwap, a new smart contract based fair exchange protocol that significantly improves the optimistic case of smart contract based fair exchange protocols. In particular, OptiSwap has almost no overhead in communication complexity, and improves on the computational overheads of the parties compared to prior solutions. An additional feature of OptiSwap is a protection mechanism against so-called grieving attacks, where an adversary attempts to violate the financial fairness of the protocol by forcing the honest party to pay fees. We analyze OptiSwap's security in the UC model and provide benchmark results over Ethereum.

[1]  Tommaso Gagliardoni,et al.  The Wonderful World of Global Random Oracles , 2018, IACR Cryptol. ePrint Arch..

[2]  Rosario Gennaro,et al.  Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services , 2017, IACR Cryptol. ePrint Arch..

[3]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[4]  Jason Teutsch,et al.  A scalable verification solution for blockchains , 2019, ArXiv.

[5]  Jan Camenisch,et al.  Optimistic Fair Secure Computation , 2000, CRYPTO.

[6]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[7]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[8]  S. Matthew Weinberg,et al.  Arbitrum: Scalable, private smart contracts , 2018, USENIX Security Symposium.

[9]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[10]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[11]  Mathias Hall-Andersen FastSwap: Concretely Efficient Contingent Payments for Complex Predicates , 2019, IACR Cryptol. ePrint Arch..

[12]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[13]  Oded Goldreich,et al.  Foundations of Cryptography: Volume 2, Basic Applications , 2004 .

[14]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[15]  Iddo Bentov,et al.  Amortizing Secure Computation with Penalties , 2016, CCS.

[16]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[17]  Alptekin Küpçü,et al.  Usable optimistic fair exchange , 2010, Comput. Networks.

[18]  Vinod Vaikuntanathan,et al.  Improvements to Secure Computation with Penalties , 2016, CCS.

[19]  Ran Canetti,et al.  Practical UC security with a Global Random Oracle , 2014, CCS.

[20]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[21]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  N. Asokan,et al.  Optimistic Fair Exchange of Digital Signatures (Extended Abstract) , 1998, EUROCRYPT.

[23]  Stefan Dziembowski,et al.  PERUN: Virtual Payment Channels over Cryptographic Currencies , 2017, IACR Cryptol. ePrint Arch..

[24]  Klaus Wehrle,et al.  Dispute Resolution for Smart Contract-based Two-Party Protocols , 2019, 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC).

[25]  Stefan Dziembowski,et al.  FairSwap: How To Fairly Exchange Digital Goods , 2018, IACR Cryptol. ePrint Arch..

[26]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[27]  Henning Pagnia,et al.  On the Impossibility of Fair Exchange without a Trusted Third Party , 1999 .