The Building Blocks of Secure Cross-Chain Options"

cover
24 Dec 2024
  1. Abstract and Introduction

  2. Preliminaries

  3. Overview

  4. Protocol

    4.1 Efficient Option Transfer Protocol

    4.2 Holder Collateral-Free Cross-Chain Options

  5. Security Analysis

    5.1 Option Transfer Properties

    5.2 Option Properties

  6. Implementation

  7. Related Work

  8. Conclusion and Discussion, and References

A. Codes

B. Proofs

2 PRELIMINARIES

Blockchain, Smart Contract, and Asset. A blockchain is a tamperproof distributed ledger that records asset balances for each address. An asset can be a cryptocurrency, a token, or any item transactable on-chain. A party can be an individual, organization, or any entity capable of interacting with the blockchain. A smart contract (simply as "contract") is an agreement written in code. Parties can create contracts, call functions, and check contract code and state. ฮ” represents the time period sufficient for parties to release, broadcast, and confirm transactions on the blockchain.

Cryptographic Primitives. A secret is known exclusively to its generator, and ๐ป(ยท) represents a collision-resistant hash function. In asymmetric encryption, the private key ๐‘ ๐‘˜ is used confidentially for signing, and the public key ๐‘๐‘˜ is shared openly.

In this paper, Double-Authentication-Preventing Signatures (DAPS) [35] is a key component in our protocol design. Initially, DAPS are designed to inhibit the reuse of a single private key for signing two different messages, where a message consists of a pair of message address and message payload in the form of (๐‘Ž, ๐‘). DAPS ensures that a particular secret key ๐‘ ๐‘˜ cannot sign the same address ๐‘Ž with different payloads ๐‘. This property can be used for preventing double spending in blockchains. Two messages ๐‘š1 = (๐‘Ž1, ๐‘1) and ๐‘š2 = (๐‘Ž2, ๐‘2) are considered colliding if ๐‘Ž1 = ๐‘Ž2 and ๐‘1 โ‰  ๐‘2. Any two signatures with the identical address but different contents will disclose the secret key. Given a security parameter ๐œ†, DAPS can be delineated as follows.

โ€ข Key Generation: KeyGen(1 ๐œ† ) โ†’ (๐‘๐‘˜, ๐‘ ๐‘˜)

โ€ข Signature: Sign(๐‘ ๐‘˜,๐‘š) โ†’ ๐œŽ๐‘š, where ๐‘š = (๐‘Ž, ๐‘)

โ€ข Verification: Verify(๐‘๐‘˜,๐‘š, ๐œŽ๐‘š) โ†’ True/False

โ€ข Extraction: Extract(๐‘๐‘˜,๐‘š1, ๐œŽ๐‘š1 ,๐‘š2, ๐œŽ๐‘š2 ) โ†’ ๐‘ ๐‘˜/โŠฅ

Hashed TimeLock Contracts (HTLCs). The Hashed TimeLock Contract (HTLC) is a cryptographic contract utilized to facilitate secure and trustless transactions. In an vanilla HTLC, funds are locked in a contract and can only be accessed by the designated recipient upon fulfillment of predetermined conditions within a specified time frame ๐‘‡ . The condition is expressed as the presentation of a preimage of the hash. For example, the contract asks the designated recipient to present the preimage ๐ด for the hash ๐ป(๐ด). If ๐ด is not provided before ๐‘‡ , the funds are refunded after ๐‘‡.

Authors:

(1) Zifan Peng, The Hong Kong University of Science and Technology (Guangzhou) Guangzhou, Guangdong, China ([email protected]);

(2) Yingjie Xue, The Hong Kong University of Science and Technology (Guangzhou) Guangzhou, Guangdong, China ([email protected]);

(3) Jingyu Liu, The Hong Kong University of Science and Technology (Guangzhou) Guangzhou, Guangdong, China ([email protected]).


This paper is available on arxiv under CC BY 4.0 license.