Paper 2022/499
Cryptographic Oracle-Based Conditional Payments
Abstract
We consider a scenario where two mutually distrustful parties, Alice and Bob, want to perform a payment conditioned on the outcome of some real-world event. A semi-trusted oracle (or a threshold number of oracles, in a distributed trust setting) is entrusted to attest that such an outcome indeed occurred, and only then the payment is successfully made. Such oracle-based conditional (ObC) payments are ubiquitous in many real-world applications, like financial adjudication, pre-scheduled payments or trading, and are a necessary building block to introduce information about real-world events into blockchains. In this work we show how to realize ObC payments with provable security guarantees and efficient instantiations. To do this, we propose a new cryptographic primitive that we call verifiable witness encryption based on threshold signatures (VweTS): Users can encrypt signatures on payments that can be decrypted if a threshold number of signers (e.g., oracles) sign another message (e.g., the description of an event outcome). We require two security notions: (1) one-wayness that guarantees that without the threshold number of signatures, the ciphertext hides the encrypted signature, and (2) verifiability, that guarantees that a ciphertext that correctly verifies can be successfully decrypted to reveal the underlying signature. We present provably secure and efficient instantiations of VweTS where the encrypted signature can be some of the widely used schemes like Schnorr, ECDSA or BLS signatures. Our main technical innovation is a new batching technique for cut-and-choose, inspired by the work of Lindell-Riva on garbled circuits. Our VweTS instantiations can be readily used to realize ObC payments on virtually all cryptocurrencies of today in a fungible, cost-efficient, and scalable manner. The resulting ObC payments are the first to support distributed trust (i.e., multiple oracles) without requiring any form of synchrony or coordination among the users and the oracles. To demonstrate the practicality of our scheme, we present a prototype implementation and our benchmarks in commodity hardware show that the computation overhead is less than 25 seconds even for a threshold of 4-of-7 and a payment conditioned on 1024 different real-world event outcomes, while the communication overhead is below 2.3 MB
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Network and Distributed System Security (NDSS)
- DOI
- 10.14722/ndss.2023.23024
- Keywords
- oracle contractsthreshold cryptographywitness encryptionverifiable encryptionblockchain
- Contact author(s)
-
vrmadath @ ncsu edu
t srikrishnan @ gmail com
dimitrios vasilopoulos @ imdea org
lloyd fourn @ gmail com
giulio malavolta @ hotmail it
pedro moreno @ imdea org - History
- 2023-01-18: last of 5 revisions
- 2022-04-28: received
- See all versions
- Short URL
- https://ia.cr/2022/499
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/499, author = {Varun Madathil and Sri AravindaKrishnan Thyagarajan and Dimitrios Vasilopoulos and Lloyd Fournier and Giulio Malavolta and Pedro Moreno-Sanchez}, title = {Cryptographic Oracle-Based Conditional Payments}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/499}, year = {2022}, doi = {10.14722/ndss.2023.23024}, url = {https://eprint.iacr.org/2022/499} }