payment channels - corelabpayment channels 8 1 alice 5btc bob 4btc 1 1 5 4 alice 2btc bob 7btc 2 2...
Post on 23-Oct-2020
3 Views
Preview:
TRANSCRIPT
-
ETH Zurich – Distributed Computing – www.disco.ethz.ch
Zeta Avarikioti
Payment Channels Designing Secure Watchtowers
-
Can cryptocurrencies scale?
7 tx/s 20 tx/s 65.000 tx/s
-
Payment Channels
-
Payment Channels
-
Payment Channels
Alice 5btc
Bob 4btc
Funding transaction
1
1
-
Payment Channels
Alice 5btc
Bob 4btc
1
1
5 4
Funding transaction
-
Payment Channels
Alice 5btc
Bob 4btc
1
1
5 4
Alice 2btc
Bob 7btc
2
2
2 7
Funding transaction Alice sends 3btc
-
Payment Channels
8 1
Alice 5btc
Bob 4btc
1
1
5 4
Alice 2btc
Bob 7btc
2
2
Alice 8btc
Bob 1btc
3
3
2 7
Funding transaction Bob sends 6btcAlice sends 3btc
-
Payment Network
-
Funding CommitmentDispute period
Lightning Channels
Revocation
-
Funding CommitmentDispute period
Attack
-
Funding CommitmentDispute period
Watchtowers
Revocation
-
Why be a Watchtower?
-
Assuming rational parties and watchtowers…
- Will a party commit fraud?
- Will a watchtower get paid?
- Will a party commit fraud?
- Will a watchtower get paid?
- Will a party commit fraud? ...
Why be a Watchtower?
-
Watchtowers → Parties ↓
Active Inactive
Fraud
No Fraud
Why be a Watchtower?
-
Premiums
Watchtowers → Parties ↓
Active Inactive
Fraud
No Fraud
Why be a Watchtower?
-
Collateral
Why be an active Watchtower?
-
➔ UTXO-based (Unspent Transaction Output)
➔ Transaction: consumes & produces UTXOs
➔ Multi-signatures: σAB
➔ Timelocks: Δt
Bitcoin
-
a
σB
ai
ai+1
bi+1
a
b
(σA⋀Δt)⋁σABCommitment(1)Published by A
Funding
On-chain
Commitment (i)Published by A
Commitment (i+1)Published by A
Revocation
Published by B, W
σAB
#σA
#σB
b
a+b
(σA⋀Δt)⋁σAB
σB
(σA⋀Δt)⋁σAB
σB
ai
σAB
bi
σB
Lightning Channels
-
a
σBW
#σWc
ai
bi
ai+1
bi+1
a
b
(σA⋀Δt)⋁σAWCommitment(1)Published by A
Funding
On-chain
Collateral
On-chain
Commitment (i)Published by A
Commitment (i+1)Published by A
Revocation
Published by B, W
Penalty 1
Published by B
Reclaim
Published by W
σAB
#σA
#σB
b
a+b
σBW
(σA⋀Δt)⋁σAW
σBW
(σA⋀Δt)⋁σAW
σB
ai +bi
σB
c +bi
σBW
c
σAW
Cerberus Channels
σW
c
-
a
(σB ⋀ Δt)⋁σBW
#σWc
ai
bi
ai+1
bi+1
a
b
(σA⋀Δt)⋁σAWCommitment(1)Published by A
Funding
On-chain
Collateral
On-chain
Commitment (i)Published by A
Commitment (i+1)Published by A
Revocation
Published by B, W
Penalty 1
Published by B
Reclaim
Published by W
σAB
#σA
#σB
b
a+b
(σA⋀Δt)⋁σAW
(σA⋀Δt)⋁σAW
σB
ai +bi
σB
c +bi
σBW
c
σAW
(σB⋀Δt)⋁σBW
(σB⋀Δt)⋁σBW
σB⋀Δt
σBW
Cerberus Channels
σW
c
-
a
σB⋀Δt
(σW⋀ΔΤ)⋁σBW
(σB ⋀ Δt)⋁σBW
#σWc
ai
bi
ai+1
bi+1
a
b
c
(σA⋀Δt)⋁σAWCommitment(1)Published by A
Funding
On-chain
Collateral
On-chain
Commitment (i)Published by A
Commitment (i+1)Published by A
Revocation
Published by B, W
Penalty 1
Published by B
Penalty 2
Published by B
Reclaim
Published by W
σAB
#σA
#σB
b
a+b
(σB⋀Δt)⋁σBW
(σA⋀Δt)⋁σAW
(σB⋀Δt)⋁σBW
(σA⋀Δt)⋁σAW
σB
ai +bi
σB
c +bi
σB
c +bi
σBW
c
σBW
σB⋀Δt
σBW
σAW
Cerberus Channels
[Avarikioti, Tyfronitis-Litos, Wattenhofer. Cerberus Channels: Incentivizing Watchtowers for Bitcoin.]
-
Fundamentals of Channels
-
Funding CommitmentDispute period
Fundamentals of Channels
-
Funding CommitmentDispute period
➔ Eclipse➔ Censor➔ Congestion
Fundamentals of Channels
-
Time = CryptoMoney!
-
Time = CryptoMoney!
Asynchronou
s channels?
-
Be proactive, not reactive
-
Funding CloseSignatures of Alice & Bob ORSignatures of ⅔ WT & (Alice or Bob)
Be proactive, not reactive
-
1) Consensus is costly
2) Privacy is important
3) Incentives are critical
Challenges
-
➔ O(n) communication complexity for state updates
➔ Verification of consensus between Alice & Bob
➔ No liveness guarantees, if Alice & Bob both misbehave
➔ Consensus needed only for closing, if there is a dispute
Consistent Broadcast
-
H( )
H( )
➔ Privacy preserving
➔ Alice/Bob cannot publish a previous transaction
H( )
Encrypted State
-
H( )
(1) Update
H( )(2) Consistent Broadcast
(2) Consistent Broadcast
(3) Execute
(3) Execute
H( )
Brick Architecture
-
➔ Unilateral channel for fees:Repeated game lifts fair exchange impossibility
➔ Collateral for anti-bribing:Reduction to fair-exchangeWT Committee size ↑ → per WT collateral ↓
Incentives
-
➔ Asynchronous channels
➔ Security even under L1 failure
➔ Privacy
➔ Incentive-compatible
➔ Embarrassingly parallel
➔ Linear communication
[Avarikioti, Kokoris-Kogias, Wattenhofer. Brick: Asynchronous State Channels.]
Brick Advantages
-
Thank you!
Questions?
ETH Zurich – Distributed Computing Group – www.disco.ethz.ch
➔ Avarikioti, Tyfronitis-Litos, Wattenhofer. Cerberus Channels: Incentivizing Watchtowers for Bitcoin. Financial Cryptography and Data Security 2020.
➔ Avarikioti, Kokoris-Kogias, Wattenhofer. Brick: Asynchronous State Channels.
top related