Abstract
Security and privacy issues with centralized exchange services have motivated the design of atomic swap protocols for decentralized trading across currencies. These protocols follow a standard blueprint similar to the 2-phase commit in databases: (i) both users first lock their coins under a certain (cryptographic) condition and a timeout; (ii-a) the coins are swapped if the condition is fulfilled; or (ii-b) coins are released after the timeout. The quest for these protocols is to minimize the requirements from the scripting language supported by the swapped coins, thereby supporting a larger range of cryptocurrencies. The recently proposed universal atomic swap protocol [IEEE S &P’22] demonstrates how to swap coins whose scripting language only supports the verification of a digital signature on a transaction. However, the timeout functionality is cryptographically simulated with verifiable timelock puzzles, a computationally expensive primitive that hinders its use in battery-constrained devices such as mobile phones. In this state of affairs, we question whether the 2-phase commit paradigm is necessary for atomic swaps in the first place. In other words, is it possible to design a secure atomic swap protocol where the timeout is not used by (at least one of the two) users?
In this work, we present LightSwap, the first secure atomic swap protocol that does not require the timeout functionality (not even in the form of a cryptographic puzzle) by one of the two users. LightSwap is thus better suited for scenarios where a user, running an instance of LightSwap on her mobile phone, wants to exchange coins with an online exchange service running an instance of LightSwap on a computer. We show how LightSwap can be used to swap Bitcoin and Monero, an interesting use case since Monero does not provide any scripting functionality support other than linkable ring signature verification.
A full version of our paper is available in [2].
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Tiernolan. Technical report (2013). https://github.com/TierNolan
Anonymous. Lightswap: An atomic swap does not require timeouts at both blockchains (full version) (2022). https://anonymous.4open.science/r/LightSwap-7C07/Final-LongversionXMR_lock_then_BTC.pdf
Team Ark. Ark ecosystem whitepaper (2019). https://ark.io/Whitepaper.pdf
Aumayr, L., et al.: Generalized bitcoin-compatible channels. IACR Cryptology ePrint Archive 2020:476 (2020)
Aumayr, L., Moreno-Sanchez, P., Kate, A., Maffei, M.: Blitz: secure multi-hop payments without two-phase commits. In: USENIX Security 2021 (2021)
Bentov, I., Ji, Y., Zhang, F., Breidenbach, L., Daian, P., Juels, A.: Tesseract: real-time cryptocurrency exchange using trusted hardware. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) CCS 2019, London, UK, 11–15 November 2019, pp. 1521–1538. ACM (2019)
Borkowski, M., Sigwart, M., Frauenthaler, P., Hukkinen, T., Schulte, S.: DeXTT: deterministic cross-blockchain token transfers. IEEE Access 7, 111030–111042 (2019)
Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 315–334. IEEE (2018)
Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_4
Chvojka, P., Jager, T., Slamanig, D., Striecks, C.: Versatile and sustainable timed-release encryption and sequential time-lock puzzles (extended abstract). In: Bertino, E., Shulman, H., Waidner, M. (eds.) ESORICS 2021. LNCS, vol. 12973, pp. 64–85. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88428-4_4
Amazon Elastic Compute Cloud. Amazon web services. Retrieved November 9(2011), 2011 (2011)
Dai, B., Jiang, S., Zhu, M., Lu, M., Li, D., Li, C.: Research and implementation of cross-chain transaction model based on improved hash-locking. In: Zheng, Z., Dai, H.-N., Fu, X., Chen, B. (eds.) BlockSys 2020. CCIS, vol. 1267, pp. 218–230. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-9213-3_17
Deshpande, A., Herlihy, M.: Privacy-preserving cross-chain atomic swaps. In: Bernhard, M., et al. (eds.) FC 2020. LNCS, vol. 12063, pp. 540–549. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-54455-3_38
Eizinger, T., Hoenisch, P., del Pino, L.S.: Open problems in cross-chain protocols. arXiv preprint arXiv:2101.12412 (2021)
Goodell, B., Noether, S.: Thring signatures and their applications to spender-ambiguous digital currencies. Cryptology ePrint Archive 2018:774 (2018)
Gugger, J.: Bitcoin-Monero cross-chain atomic swap. Cryptology ePrint Archive, Report 2020/1126 (2020). https://eprint.iacr.org/2020/1126
Han, R., Lin, H., Yu, J.: On the optionality and fairness of atomic swaps. In: ACM AFT 2019, pp. 62–75 (2019)
Herlihy, M.: Atomic cross-chain swaps. In: Newport, C., Keidar, I. (eds.) PODC 2018, Egham, UK, 23–27 July 2018, pp. 245–254. ACM (2018)
Hoenisch, P., del Pino, L.S.: Atomic swaps between bitcoin and Monero. CoRR, abs/2101.12332 (2021)
Hopwood, D., Bowe, S., Hornby, T., Wilcox, N.: Zcash protocol specification
Kiayias, A., Zindros, D.: Proof-of-work sidechains. In: Bracciali, A., Clark, J., Pintore, F., Rønne, P.B., Sala, M. (eds.) FC 2019. LNCS, vol. 11599, pp. 21–34. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-43725-1_3
Komodo. Komodo (advanced blockchain technology, focused on freedom) (2018). https://cryptorating.eu/whitepapers/Komodo/2018-02-14-Komodo-White-Paper-Full.pdf
Kwon, J., Buchman, E.: Cosmos whitepaper. A Netw. Distrib. Ledgers (2019)
Lan, R., Upadhyaya, G., Tse, S., Zamani, M.: Horizon: a gas-efficient, trustless bridge for cross-chain transactions. arXiv preprint arXiv:2101.06000 (2021)
Lucas. How to build a Monero transaction (2021). https://comit.network/blog/2021/05/19/monero-transaction/
Lys, L., Micoulet, A., Potop-Butucaru, M.: R-SWAP: relay based atomic cross-chain swap protocol. Ph.D. thesis, Sorbonne Université (2021)
Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., Maffei, M.: Anonymous multi-hop locks for blockchain scalability and interoperability. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, 24–27 February 2019. The Internet Society (2019)
Miraz, M.H., Donald, D.C.: Atomic cross-chain swaps: development, trajectory and potential of non-monetary digital token swap facilities. Ann. Emerg. Technol. Comput. (AETiC) 3 (2019)
Moreno-Sanchez, P., Blue, A., Le, D.V., Noether, S., Goodell, B., Kate, A.: DLSAG: non-interactive refund transactions for interoperable payment channels in Monero. In: Bonneau, J., Heninger, N. (eds.) FC 2020. LNCS, vol. 12059, pp. 325–345. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51280-4_18
Narayanam, K., Ramakrishna, V., Vinayagamurthy, D., Nishad, S.: Generalized HTLC for cross-chain swapping of multiple assets with co-ownerships. arXiv preprint arXiv:2202.12855 (2022)
Noether, S.: Ring signature confidential transactions for Monero. Cryptology ePrint Archive, Report 2015/1098 (2015). https://eprint.iacr.org/2015/1098
Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9
Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto. Technical report (1996)
Stone, D.: Trustless, privacy-preserving blockchain bridges. arXiv preprint arXiv:2102.04660 (2021)
Tairi, E., Moreno-Sanchez, P., Maffei, M.: A\(^2\)l: anonymous atomic locks for scalability and interoperability in payment channel hubs. IACR Cryptology ePrint Archive 2019:589 (2019)
Thomas, S., Schwartz, E.: A protocol for interledger payments (2015). https://interledger.org/interledger.pdf
Thyagarajan, S.A.K., Bhat, A., Malavolta, G., Döttling, N., Kate, A., Schröder, D.: Verifiable timed signatures made practical. In: Ligatti, J., Ou, X., Katz, J., Vigna, G. (eds.) CCS 2020, USA, 9–13 November 2020, pp. 1733–1750. ACM (2020)
Thyagarajan, S.A.K., Malavolta, G., Schmidt, F., Schröder, D.: PayMo: payment channels for Monero. IACR Cryptology ePrint Archive 2020:1441 (2020)
Thyagarajan, S.A.K., Malavolta, G., Moreno-Sánchez, P.: Universal atomic swaps: secure exchange of coins across all blockchains. Cryptology ePrint Archive (2021)
Tian, H., et al.: Enabling cross-chain transactions: a decentralized cryptocurrency exchange protocol. IEEE Tran. Inf. Forensics Secur. 16, 3928–3941 (2021)
Verdian, G., Tasca, P., Paterson, C., Mondelli, G.: Quant overledger whitepaper (2018). https://uploads-ssl.webflow.com/6006946fee85fda61f666256/60211c93f1cc59419c779c42_Quant_Overledger_Whitepaper_Sep_2019.pdf
Wang, G.: SoK: exploring blockchains interoperability
Wood, G.: Polkadot: vision for a heterogeneous multi-chain framework. White Pap. 21, 2327–4662 (2016)
Zakhary, V., Agrawal, D., El Abbadi, A.: Atomic commitment across blockchains. arXiv preprint arXiv:1905.02847 (2019)
Zamyatin, A., Harz, D., Lind, J., Panayiotou, P., Gervais, A., Knottenbelt, W.J.: XCLAIM: trustless, interoperable, cryptocurrency-backed assets. In: IEEE S & P 2019, San Francisco, CA, USA, 19–23 May 2019, pp. 193–210. IEEE (2019)
Acknowledgments
This work was partially supported by the European Research Council (ERC) under the European Union’s Horizon 2020 research (grant agreement 771527-BROWSEC), by the Austrian Science Fund (FWF) through the projects PROFET (grant agreement P31621) and the project W1255-N23, by the Austrian Research Promotion Agency (FFG) through COMET K1 SBA and COMET K1 ABC, by the Vienna Business Agency through the project Vienna Cybersecurity and Pri- vacy Research Center (VISP), by the Austrian Federal Ministry for Digital and Economic Affairs, the National Foundation for Research, Technology and Development and the Christian Doppler Research Association through the Christian Doppler Laboratory Blockchain Technologies for the Internet of Things (CDL-BOT). This work has been partially supported by Madrid regional government as part of the program S2018/TCS-4339 (BLOQUES-CM) co-funded by EIE Funds of the European Union, by SCUM Project (RTI2018-102043-B-I00) MCIN/AEI/10.13039/501100011033/ERDF A way of making Europe, by grant IJC2020-043391-I/MCIN/AEI/10.13039/501100011033 and European Union NextGenerationEU/PRTR, and by grant N00014-19-1-2292 from ONR.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Detailed Comparison with Gugger Protocol
A Detailed Comparison with Gugger Protocol
Gugger proposed a protocol for swapping B’s bitcoins for A’s monero without using timelocks at the Monero side [16]. A locks her monero in an address, whose one half of the private spend key is with A and other half with B. On the other hand, B locks bitcoin in a 2-of-2 multi-sig address having two outputs, one is redeemed and one is for refunding. The redeem script uses a hashlock where the preimage of the hash must be used for claiming Bitcoins. Initially B locks bitcoin and upon confirmation, A locks her monero. After A has verified that B has locked bitcoin, she sends the preimage of the hash defined in the redeem script. Using it, B publishes the redeem transaction and releases his part of the private spend key to A. The latter uses it to construct the private spend key and claim monero. A is at risk of losing her deposit forever if B refuses to collaborate while refunding. There is no way A can refund her coins without B’s secret. The schematic diagram of the protocol is shown in Fig. 3.
To address these problems, we propose a protocol that allows A to refund instead of depending on B. With this guarantee, she can always move first by locking XMR before B locks BTC. We use the adaptor ring signature for the refund transaction of Monero. But making this minor change in [16] won’t help since providing freedom to A puts B at risk of losing money. It is quite possible that A publishes the refund transaction first and then claims bitcoins. To prevent such a situation, A will be allowed to claim bitcoins only after B has redeemed monero. Thus once A publishes the redeem transaction, the money cannot be spent immediately. A contest period is added before she can claim bitcoins.
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hoenisch, P., Mazumdar, S., Moreno-Sanchez, P., Ruj, S. (2023). LightSwap: An Atomic Swap Does Not Require Timeouts at both Blockchains. In: Garcia-Alfaro, J., Navarro-Arribas, G., Dragoni, N. (eds) Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM CBT 2022 2022. Lecture Notes in Computer Science, vol 13619. Springer, Cham. https://doi.org/10.1007/978-3-031-25734-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-25734-6_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-25733-9
Online ISBN: 978-3-031-25734-6
eBook Packages: Computer ScienceComputer Science (R0)