Talks and Poster Presentations (with Proceedings-Entry):
G. Malavolta, P. Moreno-Sanchez, C. Schneidewind, A. Kate, M. Maffei:
"Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability";
Talk: Network and Distributed System Security Symposium (NDSS),
San Diego, CA, US;
2019-02-24
- 2019-02-27; in: "Proceedings of 2019 Network and Distributed System Security Symposium",
Reston
(2019),
ISBN: 1-891562-55-x;
1
- 15.
English abstract:
Tremendous growth in cryptocurrency usage is exposing the inherent scalability issues with permis- sionless blockchain technology. Payment-channel networks (PCNs) have emerged as the most widely deployed solution to mitigate the scalability issues, allowing the bulk of payments between two users to be carried out off-chain. Unfortunately, as reported in the literature and further demonstrated in this paper, current PCNs do not provide meaningful security and privacy guarantees [30], [40].
In this work, we study and design secure and privacy- preserving PCNs. We start with a security analysis of exist- ing PCNs, reporting a new attack that applies to all major PCNs, including the Lightning Network, and allows an attacker to steal the fees from honest intermediaries in the same payment path. We then formally define anonymous multi-hop locks (AMHLs), a novel cryptographic primitive that serves as a cornerstone for the design of secure and privacy-preserving PCNs. We present several provably secure cryptographic instantiations that make AMHLs compatible with the vast majority of cryptocurrencies. In particular, we show that (linear) homomorphic one-way functions suffice to construct AMHLs for PCNs supporting a script language (e.g., Ethereum). We also propose a construction based on ECDSA signatures that does not require scripts, thus solving a prominent open problem in the field.
AMHLs constitute a generic primitive whose useful- ness goes beyond multi-hop payments in a single PCN and we show how to realize atomic swaps and interoper- able PCNs from this primitive. Finally, our performance evaluation on a commodity machine finds that AMHL operations can be performed in less than 100 millisec- onds and require less than 500 bytes of communication overhead, even in the worst case. In fact, after acknowl- edging our attack, the Lightning Network developers have implemented our ECDSA-based AMHLs into their PCN. This demonstrates the practicality of our approach and its impact on the security, privacy, interoperability, and scalability of today´s cryptocurrencies.
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
http://dx.doi.org/10.14722/ndss.2019.23330
Electronic version of the publication:
https://publik.tuwien.ac.at/files/publik_278436.pdf
Created from the Publication Database of the Vienna University of Technology.