Paper 2024/881
PipeSwap: Forcing the Timely Release of a Secret for Atomic Swaps Across All Blockchains
Abstract
Atomic cross-chain swap, which allows users to exchange coins securely, is critical functionality to facilitate inter-currency exchange and trading. Although most classic atomic swap protocols based on Hash Timelock Contracts have been applied and deployed in practice, they are substantially far from universality due to the inherent dependence of rich scripting language supported by the underlying blockchains. The recently proposed Universal Atomic Swaps protocol [IEEE S\&P'22] takes a novel path to scriptless cross-chain swap, and it ingeniously delegates scripting functionality to cryptographic lock mechanisms, particularly the adaptor signature and timed commitment schemes designed to guarantee atomicity. However, in this work, we discover a new form of attack called double-claiming attack, such that the honest user would lose coins with overwhelming probability and atomicity is directly broken. Moreover, this attack is easy to carry out and can be naturally generalized to other cross-chain swap protocols as well as the payment channel networks, highlighting a general difficulty in designing universal atomic swap. We present pipeSwap, a cross-chain swap protocol that satisfies both security and practical universality. To avoid transactions of the same frozen coins being double-claimed to violate the atomicity property, pipeSwap proposes a novelly designed paradigm of pipelined coins flow by using two-hop swap and two-hop refund techniques. pipeSwap achieves universality by not relying on any specific script language, aside from the basic ability to verify signatures. Furthermore, we analyze why existing ideal functionality falls short in capturing the atomicity property of Universal Atomic Swaps, and define for the first time ideal functionality to guarantee atomicity. In addition to a detailed security analysis in the Universal Composability framework, we develop a proof-of-concept implementation of pipeSwap with Schnorr/ECDSA signatures, and conduct extensive experiments to evaluate the overhead. The experimental results show that pipeSwap can be performed in less than 1.7 seconds and requires less than 7 kb of communication overhead on commodity machines, which demonstrates its high efficiency.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- Atomic SwapsStrong AtomicityUniversalityPipelined Coins FlowTwo-Hop Swap/Refund
- Contact author(s)
-
peifang2020 @ iscas ac cn
anqi2021 @ iscas ac cn
xujing @ iscas ac cn - History
- 2024-09-27: revised
- 2024-06-03: received
- See all versions
- Short URL
- https://ia.cr/2024/881
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/881, author = {Peifang Ni and Anqi Tian and Jing Xu}, title = {{PipeSwap}: Forcing the Timely Release of a Secret for Atomic Swaps Across All Blockchains}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/881}, year = {2024}, url = {https://eprint.iacr.org/2024/881} }