Grief-free Atomic Swaps

Atomic Swaps enable exchanging crypto-assets without trusting a third party. To enable these swaps, both parties lock funds and let their counterparty withdraw them in exchange for a secret. This leads to the so-called griefing attack, or the emergence of an American Call option, where one party stops participating in the swap, thereby making their counterparty wait for a timelock to expire before they can withdraw their funds. The standard way to mitigate this attack is to make the attacker pay a premium for the emerging American Call option. In these premium-paying approaches, the premium itself ends up being locked for possibly an even longer duration than the swap amount itself. We propose a new Atomic Swap construction, where neither party exposes itself to a griefing attack by their counterparty. Notably, unlike previous constructions, ours can be implemented in Bitcoin as is. Our construction also takes fewer on-chain transactions and has a lower worst-case timelock

Timelocked Bribing

A Hashed Time Lock Contract (HTLC) is a central concept in cryptocurrencies where some value can be spent either with the preimage of a public hash by one party (Bob) or after a timelock expires by another party (Alice). We present a bribery attack on HTLC\u27s where Bob\u27s hash-protected transaction is censored by Alice\u27s timelocked transaction. Alice incentivizes miners to censor Bob\u27s transaction by leaving almost all her value to miners in general. Miners follow (or refuse) this bribe if their expected payoff is better (or worse). We explore conditions under which this attack is possible, and how HTLC participants can protect themselves against the attack. Applications like Lightning Network payment channels and Cross-Chain Atomic Swaps use HTLC\u27s as building blocks and are vulnerable to this attack. Our proposed solution uses the hashpower share of the weakest known miner to derive parameters that make these applications robust against this bribing attack

TWAP Oracle Attacks: Easier Done than Said?

Blockchain ``on-chain\u27\u27 oracles are critical to the functioning of many Decentralized Finance (DeFi) protocols. We analyze these oracles for manipulation resistance. Specifically, we analyze the cost of manipulating on-chain time-weighted average price (TWAP) oracles that use the arithmetic mean. It has been assumed that manipulating a TWAP oracle with the well-known multi-block attack is expensive and scales linearly with the length of the TWAP. We question this assumption with two novel results. First, we describe a single-block attack that works under the same setting as the multi-block attack but costs less to execute. Second, we describe a multi-block MEV (MMEV) style attack where the attacker colludes with a miner/proposer who can mine/propose two blocks in a row. This MMEV style attack makes oracle manipulation orders of magnitude cheaper than previously known attacks. In the proof-of-work setting, MMEV can be done by selfish mining even with very low shares of hashpower

Improving Censorship-Resistance, Privacy, and Scalability of the Bitcoin Ecosystem

In January 2009, Satoshi Nakamoto created Bitcoin. As a new form of money not issued or controlled by nation states, Bitcoin makes trade-offs along many axes: survival, decentralization, censorship-resistance, scalability, privacy, and more. Along each of these axes, over the years, researchers have asked many questions of Bitcoin and it seems that Bitcoin should not work in theory. Against all odds though, it seems to be working in practice - generating a block every 10 minutes. We believe that answering a small fraction of these research questions will give some relief to Bitcoin-ers, who believe that Bitcoin will change the world for the better. We might even nudge honest skeptics towards asking deeper questions. Bitcoin claims to offer a censorship-resistant monetary system. In this thesis, we show that a certain class of transactions are vulnerable to censorship, but are not actually getting censored. Our work answers why, and points to an intrinsic relationship between weak miners and Alice’s (in)ability to incentivize the censorship of Bob’s transaction. Users can increase their privacy in Bitcoin by swapping their coins with each other. Coin swapping protocols tend to lock up coins, leading to opportunity cost. In this thesis, we propose grief-free atomic swaps, which minimizes this opportunity cost. The Lightning Network scales Bitcoin as a payment system by having a network of channels. In this thesis, we propose a new channel structure that makes the network more robust. Payment channels depend on users being online to enforce the channel contract on the blockchain in case someone cheats. Offline users employ a third party, called a watchtower, to monitor their channels and prevent cheating. Our new lightning channel structure enables efficient watchtowers by dramatically reducing their storage costs. Bitcoin is a closed self-governing system where extrinsic data input is minimized. Stateful blockchains like Ethereum have smart contracts that rely on extrinsic data like market price of assets. These are trivially subjected to attacks by oracles who control the data-source. These can be mitigated by using an intrinsic source of external data, like an automated market maker’s price of an asset. In this thesis, we show that such intrinsic data-sources can be manipulated cheaply leading to bad outcomes for their users. These kind of attacks highlight Bitcoin’s conservative culture of minimal, but safer smart contracts - as opposed to rich, but vulnerable smart contracts in other platforms. Bitcoin, by keeping its smart contracts free of global state and external data sources, optimizes for long term survival