Cryptology ePrint Archive: Report 2022/546

He-HTLC: Revisiting Incentives in HTLC

Sarisht Wadhwa and Jannis Stoeter and Fan Zhang and Kartik Nayak

Abstract: Hashed Time-Locked Contracts (HTLCs) are a widely used primitive in blockchain systems. Unfortunately, HTLC is incentive-incompatible and is vulnerable to bribery attacks. MAD-HTLC (Oakland'21) is an elegant solution aiming to address the incentive incompatibility of HTLC.

In this paper, we show that MAD-HTLC is also incentive-incompatible. The crux of the issue is that MAD-HTLC only considers passively rational miners. We argue that such a model fails to capture active rational behaviors. We demonstrate the importance of taking actively rational behaviors into consideration by showing three novel reverse-bribery attacks against MAD-HTLC that can be implemented using Trusted Execution Environments (TEEs) or zero-knowledge proofs (ZKPs). We further show that reverse bribery can be combined with original delaying attacks to render MAD-HTLC insecure regardless of the relationship between collateral and deposit. Based on the learnings from our attacks, we devise a new smart contract specification, He-HTLC, which is lightweight and inert to incentive manipulation attacks. HE-HTLC, according to us, is the first specification to meet the HTLC specification even in the presence of actively rational miners.

Category / Keywords: cryptographic protocols / fair exchange, blockchains, HTLC

Date: received 5 May 2022, last revised 20 May 2022

Contact author: sarisht wadhwa at duke edu, fan zhang at duke edu, kartik at cs duke edu, jannis stoeter at alumni duke edu

Available format(s): PDF | BibTeX Citation

Version: 20220520:005552 (All versions of this report)

Short URL: ia.cr/2022/546


[ Cryptology ePrint archive ]