Paper 2024/881

pipeSwap: Forcing the Early Release of a Secret for Atomic Swaps Across All Blockchains

Peifang Ni
Anqi Tian
Jing Xu
Abstract

Atomic cross-chain swap, which allows users to exchange coins securely, is critical functionality to facilitate inter-currency exchange and trading. Although most classic atomic swap protocols based on Hash Timelock Contracts have been applied and deployed in practice, they are substantially far from universality due to the inherent dependence of rich scripting language supported by the underlying blockchains. The recently proposed Universal Atomic Swaps protocol [IEEE S\&P'22] takes a novel path to scriptless cross-chain swap, and it ingeniously delegates scripting functionality to cryptographic lock mechanisms, particularly the adaptor signature and timed commitment schemes designed to guarantee atomicity. However, in this work, we discover a new form of attack called double-claiming attack, such that the honest user would lose coins with overwhelming probability and atomicity is directly broken. Moreover, this attack is easy to carry out and can be naturally generalized to other cross-chain swap protocols as well as the payment channel networks, highlighting a general difficulty in designing universal atomic swap. We present pipeSwap, a cross-chain swap protocol that satisfies both security and practical universality. To avoid transactions of the same frozen coins being double-claimed to violate the atomicity property, pipeSwap proposes a novelly designed paradigm of pipelined coins flow by using two-hop swap and two-hop refund techniques. pipeSwap achieves universality by not relying on any specific script language, aside from the basic ability to verify signatures. Furthermore, we analyze why existing ideal functionality falls short in capturing the atomicity property of Universal Atomic Swaps, and define for the first time ideal functionality to guarantee atomicity. In addition to a detailed security analysis in the Universal Composability framework, we develop a proof-of-concept implementation of pipeSwap with Schnorr/ECDSA signatures, and conduct extensive experiments to evaluate the overhead. The experimental results show that pipeSwap can be performed in less than 1.7 seconds and requires less than 7 kb of communication overhead on commodity machines, which demonstrates its high efficiency.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Atomic SwapsStrong AtomicityUniversalityPipelined Coins FlowTwo-Hop Swap/Refund
Contact author(s)
peifang2020 @ iscas ac cn
anqi2021 @ iscas ac cn
xujing @ iscas ac cn
History
2024-06-05: approved
2024-06-03: received
See all versions
Short URL
https://ia.cr/2024/881
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/881,
      author = {Peifang Ni and Anqi Tian and Jing Xu},
      title = {{pipeSwap}: Forcing the Early Release of a Secret for Atomic Swaps Across All Blockchains},
      howpublished = {Cryptology ePrint Archive, Paper 2024/881},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/881}},
      url = {https://eprint.iacr.org/2024/881}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.