ABSTRACT
Blockchains such as Bitcoin and Ethereum execute payment transactions securely, but their performance is limited by the need for global consensus. Payment networks overcome this limitation through off-chain transactions. Instead of writing to the blockchain for each transaction, they only settle the final payment balances with the underlying blockchain. When executing off-chain transactions in current payment networks, parties must access the blockchain within bounded time to detect misbehaving parties that deviate from the protocol. This opens a window for attacks in which a malicious party can steal funds by deliberately delaying other parties' blockchain access and prevents parties from using payment networks when disconnected from the blockchain.
We present Teechain, the first layer-two payment network that executes off-chain transactions asynchronously with respect to the underlying blockchain. To prevent parties from misbehaving, Teechain uses treasuries, protected by hardware trusted execution environments (TEEs), to establish off-chain payment channels between parties. Treasuries maintain collateral funds and can exchange transactions efficiently and securely, without interacting with the underlying blockchain. To mitigate against treasury failures and to avoid having to trust all TEEs, Teechain replicates the state of treasuries using committee chains, a new variant of chain replication with threshold secret sharing. Teechain achieves at least a 33X higher transaction throughput than the state-of-the-art Lightning payment network. A 30-machine Teechain deployment can handle over 1 million Bitcoin transactions per second.
- Syed Taha Ali, Dylan Clarke, and Patrick McCorry. 2017. The Nuts and Bolts of Micropayments: a Survey. Preprint arXiv:1710.02964.Google Scholar
- Amazon. 2019. https://www.amazon.com/.Google Scholar
- Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative Technology for CPU Based Attestation and Sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, HASP, Vol. 13.Google Scholar
- Elli Androulaki, Artem Barger, Vita Bortnikov, Christian Cachin, Konstantinos Christidis, Angelo De Caro, David Enyeart, Christopher Ferris, Gennady Laventman, Yacov Manevich, Srinivasan Muralidharan, Chet Murthy, Binh Nguyen, Manish Sethi, Gari Singh, Keith Smith, Alessandro Sorniotti, Chrysoula Stathakopoulou, Marko Vukolić, Sharon Weed Cocco, and Jason Yellick. 2018. Hyperledger Fabric: A Distributed Operating System for Permissioned Blockchains. In EuroSys.Google Scholar
- ARM Ltd. 2017. TrustZone. https://www.arm.com/products/security-on-arm/trustzone. Accessed May 2017.Google Scholar
- Iddo Bentov, Yan Ji, Fan Zhang, Yunqi Li, Xueyuan Zhao, Lorenz Breidenbach, Philip Daian, and Ari Juels. 2017. Tesseract: Real-Time Cryptocurrency Exchange using Trusted Hardware. IACR Cryptology ePrint Archive 2017, 1153.Google Scholar
- Iddo Bentov, Charles Lee, Alex Mizrahi, and Meni Rosenfeld. 2014. Proof of Activity: Extending Bitcoin's Proof of Work via Proof of Stake. ePrint Archive, Report 2014/452. http://eprint.iacr.org/2014/452.Google Scholar
- blockchain.info. 2018. Average Confirmation Time. https://blockchain.info/charts/avg-confirmation-time?timespan=all&daysAverageString=7. Accessed May 2018.Google Scholar
- Jean-Paul Boly, Antoon Bosselaers, Ronald Cramer, Rolf Michelsen, Stig Mjølsnes, Frank Muller, Torben Pedersen, Birgit Pfitzmann, Peter De Rooij, Berry Schoenmakers, et al. 1994. The ESPRIT project CAFE---High security digital payment systems. In European Symposium on Research in Computer Security. Springer, 217--230.Google ScholarCross Ref
- Marcus Brandenburger, Christian Cachin, Matthias Lorenz, and Rüdiger Kapitza. 2017. Rollback and forking detection for trusted execution environments using lightweight collective memory. In 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, 157--168.Google ScholarCross Ref
- Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software grand exposure: SGX cache attacks are practical. arXiv:1702.07521, 33.Google Scholar
- Conrad Burchert, Christian Decker, and Roger Wattenhofer. 2017. Scalable Funding of Bitcoin Micropayment Channel Networks. In International Symposium on Stabilization, Safety, and Security of Distributed Systems. Springer, 361--377.Google Scholar
- Ran Canetti. 2001. Universally composable security: A new paradigm for cryptographic protocols. In Foundations of Computer Science, 2001. Proceedings. 42nd IEEE Symposium on. IEEE, 136--145.Google ScholarDigital Library
- Miguel Castro, Barbara Liskov, et al. 1999. Practical Byzantine Fault Tolerance. In OSDI, Vol. 99. 173--186.Google ScholarDigital Library
- Raymond Cheng, Fan Zhang, Jernej Kos, Warren He, Nicholas Hynes, Noah Johnson, Ari Juels, Andrew Miller, and Dawn Song. 2018. Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution. Preprint arXiv:1804.05141.Google Scholar
- Eric K Clemons, David C Croson, and Bruce W Weber. 1996. Reengineering money: the Mondex stored value card and beyond. International Journal of Electronic Commerce 1, 2, 5--31.Google ScholarDigital Library
- Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal hardware extensions for strong software isolation. In 25th USENIX Security Symposium (USENIX Security 16). 857--874.Google Scholar
- Christian Decker and Roger Wattenhofer. 2015. A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels. In Stabilization, Safety, and Security of Distributed Systems - 17th International Symposium. Google ScholarDigital Library
- John R Douceur. 2002. The sybil attack. In International workshop on peer-to-peer systems. Springer, 251--260.Google ScholarDigital Library
- Tadge Dryja. 2015. Scalability of lightning with different bips and some back-of-the-envelope calculations. http://diyhpl.us/wiki/transcripts/scalingbitcoin/hong-kong/overview-of-bips-necessary-for-lightning/.Google Scholar
- Thaddeus Dryja. 2016. Unlinkable outsourced channel monitoring. https://youtu.be/Gzg_u9gHc5Q?t=2875.Google Scholar
- DwarfPool. 2016. Why DwarfPool mines mostly empty blocks and only few ones with transactions. https://www.reddit.com/r/ethereum/comments/57c1yn/why_dwarfpool_mines_mostly_empty_blocks_and_only/. Accessed Feb 2018.Google Scholar
- Joan G Dyer, Mark Lindemann, Ronald Perez, Reiner Sailer, Leendert Van Doorn, and Sean W Smith. 2001. Building the IBM 4758 secure coprocessor. Computer 34, 10, 57--66.Google ScholarDigital Library
- Stefan Dziembowski, Sebastian Faust, and Kristina Hostáková. 2018. General state channel networks. In Proceedings of 2018 SIGSAC Conference on Computer and Communications Security. ACM, 949--966.Google ScholarDigital Library
- Ebay. 2019. https://www.ebay.com/.Google Scholar
- Ittay Eyal, Adem Efe Gencer, Emin Gün Sirer, and Robbert Van Renesse. 2016. Bitcoin-NG: A Scalable Blockchain Protocol. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2016).Google Scholar
- Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. 2017. Algorand: Scaling byzantine agreements for cryptocurrencies. In Proceedings of the 26th Symposium on Operating Systems Principles. ACM, 51--68.Google ScholarDigital Library
- Gideon Greenspan. 2015. MultiChain private blockchain---White paper. http://www.multichain.com/download/MultiChain-White-Paper.pdf.Google Scholar
- Lewis Gudgeon, Pedro Moreno-Sanchez, Stefanie Roos, Patrick McCorry, and Arthur Gervais. 2019. SoK: Off The Chain Transactions. ePrint Archive, Report 2019/360. https://eprint.iacr.org/2019/360.Google Scholar
- Mike Hearn and Jeremy Spilman. 2015. Rapidly-adjusted micropayments to a pre-determined party. https://en.bitcoin.it/wiki/Contract.Google Scholar
- Ethan Heilman, Alison Kendler, Aviv Zohar, and Sharon Goldberg. 2015. Eclipse Attacks on Bitcoin's Peer-to-Peer Network. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12--14, 2015. 129--144. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/heilmanGoogle Scholar
- Hex-Five Security. 2018. Multizone: The first Trusted Execution Environment for RISC-V. https://hex-five.com/.Google Scholar
- Intel. 2015. Product Change Notification. https://qdms.intel.com/dm/i.aspx/5A160770-FC47-47A0-BF8A-062540456F0A/PCN114074-00.pdf. Accessed May 2018.Google Scholar
- Intel. 2017. Intel SGX SDK for Linux. https://download.01.org/intel-sgx/linux-1.8/docs/Intel_SGX_SDK_Developer_Reference_Linux_1.8_Open_Source.pdf. Accessed May 2017.Google Scholar
- Intel Corp. 2014. Software Guard Extensions Programming Reference, Ref. 329298-002US. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdfGoogle Scholar
- Intel Inc. 2016. Intel Software Guard Extensions Remote Attestation End-to-End Example. https://software.intel.com/en-us/articles/intel-software-guard-extensions-remote-attestation-end-to-end-example. Accessed May 2017.Google Scholar
- Intel Inc. 2017. sgx_create_monotonic_counter. https://software.intel.com/en-us/node/709160. Accessed May 2017.Google Scholar
- Johnson, Simon et al. 2016. Intel® Software Guard Extensions: EPID Provisioning and Attestation Services. https://software.intel.com/en-us/blogs/2016/03/09/intel-sgx-epid-provisioning-and-attestation-services.Google Scholar
- Jordan Pearson. 2015. WikiLeaks Is Now a Target In the Massive Spam Attack on Bitcoin. https://motherboard.vice.com/en_us/article/ezvw7z/wikileaks-is-now-a-target-in-the-massive-spam-attack-on-bitcoin. Accessed Feb 2018.Google Scholar
- Joseph Young. 2017. Analyst: Suspicious Bitcoin Mempool Activity, Transaction Fees Spike to 16. https://cointelegraph.com/news/analyst-suspicious-bitcoin-mempool-activity-transaction-fees-spike-to-16. Accessed Feb 2018.Google Scholar
- JP Buntinx. 2017. F2Pool Allegedly Prevented Users From Investing in Status ICO. https://themerkle.com/f2pool-allegedly-prevented-users-from-investing-in-status-ico/. Accessed Feb 2018.Google Scholar
- David Kaplan, Jeremy Powell, and Tom Woller. 2016. AMD Memory Encryption. White paper.Google Scholar
- Keystone Project. 2018. Keystone: Open-source Secure Hardware Enclave. https://keystone-enclave.org/.Google Scholar
- Rami Khalil and Arthur Gervais. 2017. Revive: Rebalancing Off-Blockchain Payment Networks. Gas 200, 400.Google Scholar
- Eleftherios Kokoris Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Khoffi, Linus Gasser, and Bryan Ford. 2016. Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing. In 25th USENIX Security Symposium (USENIX Security 16).Google ScholarDigital Library
- Eleftherios Kokoris-Kogias, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ewa Syta, and Bryan Ford. 2018. Omniledger: A secure, scale-out, decentralized ledger via sharding. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 583--598.Google ScholarCross Ref
- Hugo Krawczyk. 2003. SIGMA: The 'SIGn-and-MAc' approach to authenticated Diffie-Hellman and its use in the IKE protocols. In Annual International Cryptology Conference. Springer, 400--425.Google ScholarCross Ref
- Leslie Lamport et al. 2001. Paxos made simple. ACM Sigact News. Dec 2001 32, 4, 18--25.Google Scholar
- Yoad Lewenberg, Yonatan Sompolinsky, and Aviv Zohar. 2015. Inclusive Block Chain Protocols. In Financial Cryptography. Puerto Rico.Google Scholar
- Lightning Network community. 2017. Lightning Network Daemon. https://github.com/lightningnetwork/lnd. Accessed May 2017.Google Scholar
- Linaro. 2014. Open Portable Trusted Execution Environment. https://www.op-tee.org/.Google Scholar
- Joshua Lind, Ittay Eyal, Peter Pietzuch, and Emin Gün Sirer. 2016. Teechan: Payment channels using trusted execution environments. Preprint arXiv:1612.07766.Google Scholar
- Joshua Lind, Oded Naor, Florian Kelbert, Ittay Eyal, Emin Gün Sirer, and Peter Pietzuch. 2019. Teechain Technical Report. https://arxiv.org/abs/1707.05454.Google Scholar
- Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, and Srivatsan Ravi. 2017. Concurrency and privacy with payment-channel networks.Google Scholar
- Yuval Marcus, Ethan Heilman, and Sharon Goldberg. 2018. Low-Resource Eclipse Attacks on Ethereum's Peer-to-Peer Network. IACR Cryptology ePrint Archive 2018, 236.Google Scholar
- Sinisa Matetic, Mansoor Ahmed, Kari Kostiainen, Aritra Dhar, David Sommer, Arthur Gervais, Ari Juels, and Srdjan Capkun. 2017. ROTE: Rollback Protection for Trusted Execution. Cryptology ePrint Archive, Report 2017/048. http://eprint.iacr.org/2017/048.Google Scholar
- David Mazieres. 2015. The Stellar Consensus Protocol: A Federated Model for Internet-level Consensus. https://www.stellar.org/papers/stellar-consensus-protocol.pdf.Google Scholar
- Patrick McCorry, Surya Bakshi, Iddo Bentov, Andrew Miller, and Sarah Meiklejohn. 2018. Pisa: Arbitration Outsourcing for State Channels. IACR Cryptology ePrint Archive 2018, 582.Google Scholar
- Patrick McCorry, Chris Buckland, Surya Bakshi, Karl Wüst, and Andrew Miller. 2018. You sank my battleship! A case study to evaluate state channels as a scaling solution for cryptocurrencies.Google Scholar
- Andrew Miller, Iddo Bentov, Ranjit Kumaresan, and Patrick McCorry. 2017. Sprites: Payment channels that go faster than lightning. CoRR abs/1702.05812.Google Scholar
- Andrew Miller, Yu Xia, Kyle Croman, Elaine Shi, and Dawn Song. 2016. The Honey Badger of BFT Protocols. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.Google ScholarDigital Library
- Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. 2017. CacheZoom: How SGX amplifies the power of cache attacks. In International Conference on Cryptographic Hardware and Embedded Systems. Springer, 69--90.Google ScholarCross Ref
- Satoshi Nakamoto. 2008. Bitcoin: A Peer-to-Peer Electronic Cash System. http://www.bitcoin.org/bitcoin.pdf.Google Scholar
- Open Enclave SDK Community. 2018. Open Enclave SDK. https://openenclave.io/sdk/.Google Scholar
- Dan O'Keeffe, Divya Muthukumaran, Pierre-Louis Aublin, Florian Kelbert, Christian Priebe, Josh Lind, Huanzhou Zhu, and Peter Pietzuch. 2018. Spectre attack against SGX enclave.Google Scholar
- Rafael Pass, Lior Seeman, and Abhi Shelat. 2017. Analysis of the blockchain protocol in asynchronous networks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 643--673.Google ScholarCross Ref
- Rafael Pass and Elaine Shi. 2016. Hybrid Consensus: Efficient Consensus in the Permissionless Model. ePrint Archive, Report 2016/917.Google Scholar
- Rafael Pass and Elaine Shi. 2018. Thunderella: Blockchains with optimistic instant confirmation. In International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 3--33.Google ScholarCross Ref
- Rafael Pass, Elaine Shi, and Florian Tramer. 2017. Formal abstractions for attested execution secure processors. In Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 260--289.Google ScholarCross Ref
- Joseph Poon and Vitalik Buterin. 2017. Plasma: Scalable autonomous smart contracts.Google Scholar
- Joseph Poon and Thaddeus Dryja. 2016. The Bitcoin Lightning Network: Scalable off-chain instant payments. Technical Report (draft 0.5.9.1). https://lightning.network. Accessed May 2017.Google Scholar
- Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, EranTromer, and Madars Virza. 2014. Zerocash: Decentralized anonymous payments from bitcoin. In Security and Privacy (SP), 2014 IEEE Symposium on. IEEE, 459--474.Google ScholarDigital Library
- SECBIT. 2018. How the winner got Fomo3D prize --- A Detailed Explanation. https://medium.com/coinmonks/how-the-winner-got-fomo3d-prize-a-detailed-explanation-b30a69b7813f. Accessed Sep 2018.Google Scholar
- István András Seres, László Gulyás, Dániel A Nagy, and Péter Burcsi. 2019. Topological Analysis of Bitcoin's Lightning Network. Preprint arXiv:1901.04972.Google Scholar
- Alex Shamis, Amaury Chamayou, Christine Avanessians, Christoph M. Wintersteiger, Edward Ashton, Felix Schuster, Cédric Fournet, Julien Maffre, Kartik Nayak, Mark Russinovich, Matthew Kerner, Miguel Castro, Thomas Moscibroda, Olga Vrousgou, Roy Schwartz, Sid Krishna, Sylvan Clebsch, and Olya Ohrimenko. 2019. CCF: A Framework for Building Confidential Verifiable Replicated Services. Technical Report MSR-TR-2019-16. Microsoft. https://www.microsoft.com/en-us/research/publication/ccf-a-framework-for-building-confidential-verifiable-replicated-services/Google Scholar
- Yonatan Sompolinsky and Aviv Zohar. 2015. Accelerating Bitcoin's Transaction Processing. Fast Money Grows on Trees, Not Chains. In Financial Cryptography. Puerto Rico.Google Scholar
- Susan Stepney, David Cooper, and Jim Woodcock. 2000. An electronic purse: Specification, refinement and proof. Oxford University.Google Scholar
- Raoul Strackx and Frank Piessens. 2016. Ariadne: A Minimal Approach to State Continuity. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 875--892. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/strackxGoogle Scholar
- superfreek. 2017. BTC Spam attack. 200,000 unconfirmed transactions halts bitcoin. https://steemit.com/cryptocurrency/@superfreek/btc-spam-attack-200-000-unconfirmed-transactions-halts-bitcoin. Accessed Feb 2018.Google Scholar
- NickSzabo. 1997. The idea of smart contracts. Nick Szabo's Papers and Concise Tutorials 6.Google Scholar
- Team Rocket. 2018. Snowflake to Avalanche: A Novel Metastable Consensus Protocol Family for Cryptocurrencies. https://ipfs.io/ipfs/QmUy4jh5mGNZvLkjies1RWM4YuvJh5-o2FYopNPVYwrRVGV.Google Scholar
- The Bitcoin Community. 2013. libsecp256k1. https://github.com/bitcoin-core/secp256k1.Google Scholar
- The Bitcoin Community. 2016. Bitcoin Core version 0.13.1 released. https://bitcoin.org/en/release/v0.13.1. Accessed May 2017.Google Scholar
- The Bitcoin community. 2017. M-of-N Multisig, Multisig Output. https://bitcoin.org/en/glossary/multisig. Accessed May 2017.Google Scholar
- The Ethereum community. 2017. Ethereum White Paper. https://github.com/ethereum/wiki/wiki/White-Paper. Accessed May 2017.Google Scholar
- The Linux-SGX community. 2016. Intel(R) Software Guard Extensions for Linux OS. https://github.com/intel/linux-sgx.Google Scholar
- The Raiden Network community. 2017. The Raiden Network. https://raiden.network/. Accessed October 2017.Google Scholar
- Florian Tramer, Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels, and Elaine Shi. 2016. Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge. Cryptology ePrint Archive, Report 2016/635. http://eprint.iacr.org/2016/635.Google Scholar
- Muoi Tran, Loi Luu, Min Suk Kang, Iddo Bentov, and Prateek Saxena. 2017. Obscuro: A Bitcoin Mixer using Trusted Execution Environments. IACR Cryptology ePrint Archive 2017, 974.Google Scholar
- Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F Wenisch, Yuval Yarom, and Raoul Strackx. 2018. FORESHADOW: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In 27th USENIX Security Symposium (USENIX Security 18).Google ScholarDigital Library
- Robbert Van Renesse and Fred B Schneider. 2004. Chain Replication for Supporting High Throughput and Availability.. In 6th Symposium on Operating Systems Design and Implementation, Vol. 4. 91--104.Google Scholar
- Marko Vukolić. 2015. The quest for scalable blockchain fabric: Proof-of-Work vs. BFT replication. In International Workshop on Open Problems in Network Security. Springer, 112--125.Google Scholar
- Gavin Wood. 2016. Ethereum: A Secure Decentralised Generalised Transaction Ledger (EIP-150). http://gavwood.com/Paper.pdf.Google Scholar
- Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, and Elaine Shi. 2016. Town crier: An authenticated data feed for smart contracts. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 270--282.Google ScholarDigital Library
- Fan Zhang, Philip Daian, Gabriel Kaptchuk, Iddo Bentov, Ian Miers, and Ari Juels. 2017. Paralysis Proofs: Secure Dynamic Access Structures for Cryptocurrencies and More.Google Scholar
Index Terms
- Teechain: a secure payment network with asynchronous blockchain access
Recommendations
Teechain: Reducing Storage Costs on the Blockchain With Offline Payment Channels
SYSTOR '18: Proceedings of the 11th ACM International Systems and Storage Conference
Comments