Paper 2022/546

He-HTLC: Revisiting Incentives in HTLC

Sarisht Wadhwa
Jannis Stoeter
Fan Zhang
Kartik Nayak

Hashed Time-Locked Contracts (HTLCs) are a widely used primitive in blockchain systems such as payment channels, atomic swaps, etc. Unfortunately, HTLC is incentive-incompatible and is vulnerable to bribery attacks. The state-of-the-art solution is MAD-HTLC (Oakland'21), which proposes an elegant idea that leverages miners' profit-driven nature to defeat bribery attacks. In this paper, we show that MAD-HTLC is still vulnerable as it only considers a somewhat narrow set of passive strategies by miners. Through a family of novel reverse-bribery attacks, we show concrete active strategies that miners can take to break MAD-HTLC and profit at the loss of MAD-HTLC users. For these attacks, we present their implementation and game-theoretical profitability analysis. Based on the learnings from our attacks, we propose a new HTLC realization, He-HTLC (Our specification is lightweight and inert to incentive manipulation attacks. Hence, we call it He-HTLC where He stands for Helium.) that is provably secure against all possible strategic manipulation (passive and active). In addition to being secure in a stronger adversary model, He-HTLC achieves other desirable features such as low and user-adjustable collateral, making it more practical to implement and use the proposed schemes. We implemented He-HTLC on Bitcoin and the transaction cost of He-HTLC is comparative to average Bitcoin transaction fees.

Available format(s)
Cryptographic protocols
Publication info
fair exchange blockchains HTLC
Contact author(s)
sarisht wadhwa @ duke edu
2022-08-02: last of 4 revisions
2022-05-10: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sarisht Wadhwa and Jannis Stoeter and Fan Zhang and Kartik Nayak},
      title = {He-HTLC: Revisiting Incentives in HTLC},
      howpublished = {Cryptology ePrint Archive, Paper 2022/546},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.