Abstract
Bitcoin, among other blockchain-based cryptocurrencies, has become increasingly popular. The expensive consensus process, however, severely limits the throughput of these systems. Allowing majority of the payment transactions to be settled off-chain, Payment channels (PC) have become a promising approach to address the scalability problem. Payment channel network (PCN) enables the payment between two users who do not have a direct PC through multi-hop payment across several payment channels. Lightning Network (LN), which handles around one trillion transactions per day, is the most well-known PCN deployed in practice. Improving the security and privacy of payment via PCN is an active research area. Recently, Malavolta et al. formalised a new cryptographic primitive known as anonymous multi-hop locks (AMHL) and demonstrated how it can be used to build a secure and privacy-preserving PCN. In this paper, we give a new construction of AMHL with the following features: (1) LN-compatible, i.e., it can be deployed into LN seamlessly; (2) secure in the universal composable framework; (3) highly efficient. Using our AMHL, a multi-hop payment with 5 users requires only 1458 bytes of off-chain communication. It compares favorably to state-of-the-art LN-compatible solutions, e.g., Fulgor and AMHL based on ECDSA, which requires 5 MB and 1.8 MB respectively. Furthermore, our solution is round-efficient. Specifically, the sender only needs to send one message to each node along the payment route.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We only require the NIZK to be weak UC-secure. A weak UC-secure NIZK allows an adversary to maul an existing proof to a new proof for the same statement. Looking ahead, it suffices for our construction since we merely require witness to be extracted in the UC setting. Thus we use the basic lifting technique of [8] which only achieve this weak version of UC security.
- 2.
We recommend \(\lambda _1=256\) and \(\lambda _2=168\) for 128-bit security.
- 3.
In our implementation, we use SHA256. In the security analysis, we require that H is collision-resistant.
- 4.
Looking ahead, existence of such \(k_{i+1}\) is not sufficient. We must ensure that the simulator is able to extract the witness. This, in combination with the collision-resistance property of H, ensures \(U_i\) that if the right lock is released, he/she will be able to release its left lock.
- 5.
For simplicity, the off-chain pseodrandom generator G is also instantiated using SHA-256.
References
Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_4
Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better—how to make bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_29
Blum, M., Feldman, P., Micali, S.: Non-interactive zero-knowledge and its applications (extended abstract). In: Simon, J. (ed.) Proceedings of the 20th Annual ACM Symposium on Theory of Computing, 2–4 May 1988, Chicago, Illinois, USA, pp. 103–112. ACM (1988). https://doi.org/10.1145/62212.62222
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, 14–17 October 2001, Las Vegas, Nevada, USA, pp. 136–145. IEEE Computer Society (2001). https://doi.org/10.1109/SFCS.2001.959888
Decker, C., Wattenhofer, R.: A fast and scalable payment network with bitcoin duplex micropayment channels. In: Pelc, A., Schwarzmann, A.A. (eds.) SSS 2015. LNCS, vol. 9212, pp. 3–18. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21741-3_1
Green, M., Miers, I.: Bolt: anonymous payment channels for decentralized currencies. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–03 November 2017, pp. 473–489. ACM (2017). https://doi.org/10.1145/3133956.3134093
Heilman, E., Alshenibr, L., Baldimtsi, F., Scafuro, A., Goldberg, S.: TumbleBit: an untrusted bitcoin-compatible anonymous payment hub. In: 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, 26 February–1 March 2017. The Internet Society (2017). https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/tumblebit-untrusted-bitcoin-compatible-anonymous-payment-hub/
Kosba, A., et al.: C0C0: a framework for building composable zero-knowledge proofs. Cryptology ePrint Archive (2015)
Kosba, A.E., Papamanthou, C., Shi, E.: xJsnark: a framework for efficient verifiable computation. In: Proceedings of the 2018 IEEE Symposium on Security and Privacy, SP 2018, 21–23 May 2018, San Francisco, California, USA, pp. 944–961. IEEE Computer Society (2018). https://doi.org/10.1109/SP.2018.00018
Koshy, P., Koshy, D., McDaniel, P.: An analysis of anonymity in bitcoin using P2P network traffic. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 469–485. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_30
Li, P., Miyazaki, T., Zhou, W.: Secure balance planning of off-blockchain payment channel networks. In: 39th IEEE Conference on Computer Communications, INFOCOM 2020, Toronto, ON, Canada, 6–9 July 2020, pp. 1728–1737. IEEE (2020). https://doi.org/10.1109/INFOCOM41043.2020.9155375
Malavolta, G., Moreno-Sanchez, P., Kate, A., Maffei, M., Ravi, S.: Concurrency and privacy with payment-channel networks. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–03 November 2017, pp. 455–471. ACM (2017). https://doi.org/10.1145/3133956.3134096
Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., Maffei, M.: Anonymous multi-hop locks for blockchain scalability and interoperability. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, 24–27 February 2019. The Internet Society (2019). https://www.ndss-symposium.org/ndss-paper/anonymous-multi-hop-locks-for-blockchain-scalability-and-interoperability/
McCorry, P., Möser, M., Shahandasti, S.F., Hao, F.: Towards bitcoin payment networks. In: Liu, J.K., Steinfeld, R. (eds.) ACISP 2016. LNCS, vol. 9722, pp. 57–76. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40253-6_4
Meiklejohn, S., Orlandi, C.: Privacy-enhancing overlays in bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 127–141. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48051-9_10
Meiklejohn, S., et al.: A fistful of bitcoins: characterizing payments among men with no names. In: Papagiannaki, K., Gummadi, P.K., Partridge, C. (eds.) Proceedings of the 2013 Internet Measurement Conference, IMC 2013, Barcelona, Spain, 23–25 October 2013, pp. 127–140. ACM (2013). https://doi.org/10.1145/2504730.2504747
Poon, J., Dryja, T.: The bitcoin lightning network: scalable off-chain instant payments (2016)
Prihodko, P., Zhigulin, S., Sahno, M., Ostrovskiy, A., Osuntokun, O.: Flare: an approach to routing in lightning network. White Paper, 144 (2016)
Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system. In: 2011 IEEE 3rd International Conference on Privacy, Security, Risk and Trust (PASSAT), PASSAT/SocialCom 2011, and 2011 IEEE 3rd International Conference on Social Computing (SocialCom), Boston, MA, USA, 9–11 October 2011, pp. 1318–1326. IEEE Computer Society (2011). https://doi.org/10.1109/PASSAT/SocialCom.2011.79
Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems (reprint). Commun. ACM 26(1), 96–99 (1983). https://doi.org/10.1145/357980.358017
Sivaraman, V., et al.: High throughput cryptocurrency routing in payment channel networks. In: Bhagwan, R., Porter, G. (eds.) 17th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2020, Santa Clara, CA, USA, 25–27 February 2020, pp. 777–796. USENIX Association (2020). https://www.usenix.org/conference/nsdi20/presentation/sivaraman
Spagnuolo, M., Maggi, F., Zanero, S.: BitIodine: extracting intelligence from the bitcoin network. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 457–468. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_29
Tairi, E., Moreno-Sanchez, P., Maffei, M.: A\({}^{\text{2}}\)l: anonymous atomic locks for scalability in payment channel hubs. In: 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24–27 May 2021, pp. 1834–1851. IEEE (2021). https://doi.org/10.1109/SP40001.2021.00111
Tang, W., Wang, W., Fanti, G.C., Oh, S.: Privacy-utility tradeoffs in routing cryptocurrency over payment channel networks. Proc. ACM Meas. Anal. Comput. Syst. 4(2), 29:1–29:39 (2020). https://doi.org/10.1145/3392147
Tripathy, S., Mohanty, S.K.: MAPPCN: multi-hop anonymous and privacy-preserving payment channel network. In: Bernhard, M., et al. (eds.) FC 2020. LNCS, vol. 12063, pp. 481–495. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-54455-3_34
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, M., Au, M.H. (2022). Practical Anonymous Multi-hop Locks for Lightning Network Compatible Payment Channel Networks. In: Yuan, X., Bai, G., Alcaraz, C., Majumdar, S. (eds) Network and System Security. NSS 2022. Lecture Notes in Computer Science, vol 13787. Springer, Cham. https://doi.org/10.1007/978-3-031-23020-2_31
Download citation
DOI: https://doi.org/10.1007/978-3-031-23020-2_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-23019-6
Online ISBN: 978-3-031-23020-2
eBook Packages: Computer ScienceComputer Science (R0)