Cryptology ePrint Archive: Report 2018/472

Privacy-preserving Multi-hop Locks for Blockchain Scalability and Interoperability

Giulio Malavolta and Pedro Moreno-Sanchez and Clara Schneidewind and Aniket Kate and Matteo Maffei

Abstract: Tremendous growth in cryptocurrency usage is exposing the inherent scalability issues with permissionless blockchain technology. Payment-channel networks (PCNs) have emerged as the most practically deployed solution to mitigate the scalability issues, allowing the bulk of payments between two users to be carried out off-chain. Unfortunately, as reported in the literature and further demonstrated in this paper, current PCNs do not provide meaningful security and privacy guarantees.

In this work, we study and design secure and privacy-preserving PCNs. We start with a security analysis of existing PCNs, reporting a new attack that applies to all major PCNs, including the Lightning Network, and allows an attacker to steal the fees from honest intermediaries in the same payment path. We then formally define privacy-preserving multi-hop locks (PrivMuLs), a novel cryptographic primitive that serves as a cornerstone for the design of secure and privacy-preserving PCNs. We present several provably secure cryptographic instantiations that make PrivMuLs compatible with the vast majority of cryptocurrencies. In particular, we show that (linear) homomorphic one-way functions suffice to construct PrivMuLs for PCNs supporting such functions in their script language (e.g., Ethereum). We also propose a construction based on ECDSA signatures that does not require scripts, thus solving a prominent open problem in the field. PrivMuLs constitute a generic primitive whose usefulness goes beyond multi-hop payments in a single PCN and we show how to realize atomic swaps and interoperable PCNs from this primitive. Finally, our performance evaluation on a commodity machine finds that PrivMuLs operations can be performed in less than 100 milliseconds and require less than 500 bytes of communication overhead, even in the worst case. In fact, after acknowledging our attack, the Lightning Network developers are right now integrating ECDSA-based PrivMuLs into their PCN. This demonstrates the practicality of our approach and its impact on the security, privacy, interoperability, and scalability of today’s cryptocurrencies.

Category / Keywords: cryptographic protocols / smart contracts, security, privacy, interoperability, Bitcoin, Lightning Network

Date: received 17 May 2018, last revised 23 Oct 2018

Contact author: pedro sanchez at tuwien ac at

Available format(s): PDF | BibTeX Citation

Version: 20181023:131601 (All versions of this report)

Short URL: ia.cr/2018/472


[ Cryptology ePrint archive ]