Abstract
The increasing use of blockchain-based cryptocurrencies like Bitcoin has run into inherent scalability limitations of blockchains. Payment channel networks, or PCNs, promise to greatly increase scalability by conducting the vast majority of transactions outside the blockchain while leveraging it as a final settlement protocol. Unfortunately, first-generation PCNs have significant privacy flaws. In particular, even though transactions are conducted off-chain, anonymity guarantees are very weak. In this work, we present Astrape, a novel PCN construction that achieves strong security and anonymity guarantees with simple, black-box cryptography, given a blockchain with flexible scripting. Existing anonymous PCN constructions often integrate with specific, often custom-designed, cryptographic constructions. But at a slight cost to asymptotic performance, Astrape can use any generic public-key signature scheme and any secure hash function, modeled as a random oracle, to achieve strong anonymity, by using a unique construction reminiscent of onion routing. This allows Astrape to achieve provable security that is “generic” over the computational hardness assumptions of the underlying primitives. Astrape’s simple cryptography also lends itself to more straightforward security proofs compared to existing systems.
Furthermore, we evaluate Astrape’s performance, including that of a concrete implementation on the Bitcoin Cash blockchain. We show that despite worse theoretical time complexity compared to state-of-the-art systems that use custom cryptography, Astrape operations on average have a very competitive performance of less than 10 ms of computation and 1 KB of communication on commodity hardware. Astrape explores a new avenue to secure and anonymous PCNs that achieves similar or better performance compared to existing solutions.
An extended version of this paper, and its accompanying source code, is available [12].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In particular, the ability for any party, given any public key, to generate new public keys that correspond to the same private key yet are unlinkable to the previous public key. This is crucial to the “stealth addresses” that Blitz’s pseudonymous privacy rests upon.
- 2.
Greek for “lightning”, pronounced “As-trah-pee”.
- 3.
In a sense then, Astrape has “pseudo-optimistic” anonymity. Its design superficially suggests an optimistic construction with an anonymous “happy path” and a non-anonymous “unhappy path”, but the latter non-anonymity is illusory—the sender can always prevent the “unhappy” path from deanonymizing the transaction even if all other parties are malicious.
- 4.
|| denotes concatenation. In our case, it is possible to unambiguously separate concatenated values, since we only ever concatenate \(\lambda \)-bit values.
References
Lightning Network Daemon (2019). https://github.com/lightningnetwork/lnd
Blockchain Charts (2021). https://www.blockchain.com/charts. Accessed 1 Apr 2022
Aumasson, J.-P., Neves, S., Wilcox-O’Hearn, Z., Winnerlein, C.: BLAKE2: simpler, smaller, fast as MD5. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 119–135. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38980-1_8
Aumayr, L., et al.: Bitcoin-compatible virtual channels. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 901–918. IEEE (2021)
Aumayr, L., Monero-Sanchez, P., Maffei, M.: Blitz: secure multi-hop payments without two-phase commits. In: 30th USENIX Security Symposium (2021)
Backes, M., Kate, A., Manoharan, P., Meiser, S., Mohammadi, E.: AnoA: a framework for analyzing anonymous communication protocols. In: 2013 IEEE 26th Computer Security Foundations Symposium, pp. 163–178. IEEE (2013)
Camenisch, J., Drijvers, M., Gagliardoni, T., Lehmann, A., Neven, G.: The wonderful world of global random oracles. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 280–312. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_11
Croman, K., et al.: On scaling decentralized blockchains. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 106–125. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_8
Danezis, G., Goldberg, I.: Sphinx: a compact and provably secure mix format. In: 30th IEEE Symposium on Security and Privacy, pp. 269–282. IEEE (2009)
Decker, C., Russell, R., Osuntokun, O.: eltoo: a simple layer2 protocol for bitcoin (2018). https://blockstream.com/eltoo.pdf
Decker, C., Wattenhofer, R.: A fast and scalable payment network with bitcoin duplex micropayment channels. In: Pelc, A., Schwarzmann, A.A. (eds.) SSS 2015. LNCS, vol. 9212, pp. 3–18. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21741-3_1
Dong, Y., Goldberg, I., Gorbunov, S., Boutaba, R.: Astrape: anonymous payment channels with boring cryptography (2022). https://github.com/nullchinchilla/astrape-paper/
Engelmann, F., Kopp, H., Kargl, F., Glaser, F., Weinhardt, C.: Towards an economic analysis of routing in payment channel networks. In: Proceedings of the 1st Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers, pp. 1–6 (2017)
Green, M., Miers, I.: Bolt: anonymous payment channels for decentralized currencies. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 473–489. ACM (2017)
Heilman, E., Alshenibr, L., Baldimtsi, F., Scafuro, A., Goldberg, S.: TumbleBit: an untrusted bitcoin-compatible anonymous payment hub. In: Network and Distributed System Security Symposium (2017)
Josefsson, S., Liusvaara, I.: Edwards-Curve Digital Signature Algorithm (EdDSA). RFC 8032, January 2017. https://doi.org/10.17487/RFC8032, https://rfc-editor.org/rfc/rfc8032.txt
Lai, R.W.F., Cheung, H.K.F., Chow, S.S.M., So, A.M.-C.: Another look at anonymous communication. In: Phan, R.C.-W., Yung, M. (eds.) Mycrypt 2016. LNCS, vol. 10311, pp. 56–82. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-61273-7_4
Malavolta, G., Moreno-Sanchez, P., Kate, A., Maffei, M., Ravi, S.: Concurrency and privacy with payment-channel networks. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 455–471. ACM (2017)
Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., Maffei, M.: Anonymous multi-hop locks for blockchain scalability and interoperability. In: NDSS (2019)
McCorry, P., Möser, M., Shahandasti, S.F., Hao, F.: Towards bitcoin payment networks. In: Liu, J.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9722, pp. 57–76. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40253-6_4
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (2010)
Tairi, E., Moreno-Sanchez, P., Maffei, M.: A2L: anonymous atomic locks for scalability and interoperability in payment channel hubs. In: 42nd IEEE Symposium on Security and Privacy (2021)
Van Wirdum, A.: How the lightning network layers privacy on top of bitcoin (2016). https://bitcoinmagazine.com/articles/how-the-lightning-network-layers-privacy-on-top-of-bitcoin-1482183775. Accessed 1 Apr 2022
Yousaf, H., et al.: An empirical analysis of privacy in the lightning network (2021)
Acknowledgement
We thank the reviewers and Sherman Chow for helping to improve this paper. We thank NSERC for Discovery Grant RGPIN-07014 and Create 498002-2017. This research was undertaken, in part, thanks to funding from the Canada Research Chairs program.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Dong, Y., Goldberg, I., Gorbunov, S., Boutaba, R. (2022). Astrape: Anonymous Payment Channels with Boring Cryptography. In: Ateniese, G., Venturi, D. (eds) Applied Cryptography and Network Security. ACNS 2022. Lecture Notes in Computer Science, vol 13269. Springer, Cham. https://doi.org/10.1007/978-3-031-09234-3_37
Download citation
DOI: https://doi.org/10.1007/978-3-031-09234-3_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-09233-6
Online ISBN: 978-3-031-09234-3
eBook Packages: Computer ScienceComputer Science (R0)