Despite the popularity of Hashed Time-Locked Contracts (HTLCs) because of their use in wide areas of applications such as payment channels, atomic swaps, etc, their use in exchange is still questionable. This is because of its incentive incompatibility and susceptibility to bribery attacks. State-of-the-art solutions such as MAD-HTLC (Oakland'21) and He-HTLC (NDSS'23) address this by leveraging miners' profit-driven behaviour to mitigate such attacks. The former is the mitigation against passive miners; however, the latter works against both active and passive miners. However, they consider only two bribing scenarios where either of the parties involved in the transfer collude with the miner. In this paper, we expose vulnerabilities in state-of-the-art solutions by presenting a miner-collusion bribery attack with implementation and game-theoretic analysis. Additionally, we propose a stronger attack on MAD-HTLC than He-HTLC, allowing the attacker to earn profits equivalent to attacking naive HTLC. Leveraging our insights, we propose \prot, a game-theoretically secure HTLC protocol resistant to all bribery scenarios. \prot\ employs a two-phase approach, preventing unauthorized token confiscation by third parties, such as miners. In Phase 1, parties commit to the transfer; in Phase 2, the transfer is executed without manipulation. We demonstrate \prot's efficiency in transaction cost and latency via implementations on Bitcoin and Ethereum.
翻译:尽管哈希时间锁定合约(HTLCs)因其在支付通道、原子交换等广泛应用领域的使用而广受欢迎,但它在交易所中的应用仍存疑问。这源于其激励不相容性以及对贿赂攻击的脆弱性。最先进的解决方案,如MAD-HTLC(Oakland'21)和He-HTLC(NDSS'23),通过利用矿工逐利行为来缓解此类攻击。前者针对被动矿工进行防御;而后者则能同时应对主动和被动矿工。然而,它们仅考虑了转账参与方之一与矿工合谋的两种贿赂场景。在本文中,我们通过提出一种矿工合谋贿赂攻击,并辅以实现和博弈论分析,揭示了现有最先进解决方案中的漏洞。此外,我们提出了对MAD-HTLC比He-HTLC更强的攻击,使攻击者能够获得与攻击原始HTLC相当的利润。基于我们的洞察,我们提出了\prot,一种博弈论安全的HTLC协议,能够抵御所有贿赂场景。\prot采用两阶段方法,防止第三方(如矿工)未经授权没收代币。在第一阶段,参与方承诺转账;在第二阶段,转账在无操纵的情况下执行。我们通过在比特币和以太坊上的实现,展示了\prot在交易成本和延迟方面的效率。
相关内容
微信扫码咨询专知VIP会员