You are looking at a specific version 20191111:210005 of this paper. See the latest version.

Paper 2019/1296

FastSwap: Concretely Efficient Contingent Payments for Complex Predicates

Mathias Hall-Andersen

Abstract

FastSwap is a simple and concretely efficient contingent payment scheme for complex predicates, inspired by FairSwap. FastSwap only relies on symmetric primitives (in particular symmetric encryption and cryptographic hash functions) and avoids `heavy-weight' primitives such as general ZKP systems. FastSwap is particularly well-suited for applications where the witness or predicate is large (on the order of MBs / GBs) or expensive to calculate. Additionally FastSwap allows predicates to be implemented using virtually any computational model (including branching execution), which e.g. enables practitioners to express the predicate in smart contract languages already familiar to them, without an expensive transformation to satisfiability of arithmetic circuits. The cost of this efficiency during honest execution is a logarithmic number of rounds during a dispute resolution in the presence of a corrupted party (compared to constant round complexity for existing schemes). Let the witness be of size $|w|$ and the predicate of size $|P|$, where computing $P(w)$ takes $n$ steps. In the honest case the off-chain communication complexity is $|w| + |P| + c$ for a small constant $c$, the on-chain communication complexity is $c'$ for a small constant $c'$. In the malicious case the on-chain communication complexity is $O(\log n)$ with small constants. Concretely with suitable optimizations the number of rounds (on-chain transactions) for a computation of $2^{30}$ steps can be brought to $2$ in the honest case with an estimated cost of $\approx 2$ USD on the Ethereum blockchain and to $14$ rounds with an estimated cost of $\approx 4$ USD in case of a dispute.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
Contingent paymentsConcrete efficiencyFair exchangeSmart contractsProvable securityUniversal composabilityAuthenticated data structures.
Contact author(s)
mathias @ hall-andersen dk
History
2020-01-05: revised
2019-11-11: received
See all versions
Short URL
https://ia.cr/2019/1296
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.