Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Multisignatures for Cryptocurrency-backed Tokens


Published on

Poster presentation at the 2nd International Workshop on Cryptocurrencies and Blockchain Technology - CBT'18, Barcelona, Spain, 2018.

Published in: Science
  • Login to see the comments

  • Be the first to like this

Multisignatures for Cryptocurrency-backed Tokens

  1. 1. Multisignatures for Cryptocurrency-backed Tokens* Alexei Zamyatin, Dominik Harz, Joshua Lind, Panayiotis Panayiotou, Arthur Gervais, William Knottenbelt *An extension of the XCLAIM protocol.
  2. 2. XCLAIM: Cryptocurrency-backed Tokens: 1) Lock with Issuer 2) Prove lock to Chain relay 3) Issue tokens ISSUER (Non-trusted & collateralized 3rd party) h7 = H(h5,h6) h5 = H(h1,h2) h6 = H(h3,h4) h4h3h2LOCK TX Chain relay verifies TX inclusion proof and informs treasury Treasury contract issues Bitcoin-backed ERC20 tokens In three steps to interoperability (E.g. Bitcoin-backed tokens on Ethereum)
  3. 3. Multisignature Locks: Improving Safety Multisig Lock Prove Confirm Issue Lock Use e.g. Bitcoin 2-of-2 multisignatures to make theft by the Issuer impossible
  4. 4. State of Development Working paper: „XCLAIM: Interoperability with Cryptocurrency-backed Tokens“ Implementation: Alpha version deployed on Ethereum Ropsten Testnet 3 Versions (without multisignatures): • Trustless using custom implementation of BTC Relay • 2 performance optimizations via Intel SGX First demo @ Scaling Bitcoin 2018!
  5. 5. Challenges Fungibility of tokes cannot be guaranteed Substantial amount of data stored on Ethereum Fund freeze still possible! 1.0 1.0 2.0 + vs. X + 1.01.0 Optimizations Issuer signs all TX only when token is redeemed (P2WSH - BIP141 Segregated Witness required) Reduce Waiting Times Reduce Costs / Transactions UTXO grouping scheme: optimistic reduction of required TX to O(1). However: interactive protocol! (A, I) (A, I) (B, I) (C, I)(B, I)(D, I) 1.01.0 1.0 0.70.3 2.0 (A, I) (D, I) (B, I) 0.31.0 2.0 (C, I) 0.7 BTC transactions = 3 BTC transactions = 1 BUT: Requires additional signature from A! Improve Incentives against fund freezing Additional collateral on Bitcoin: | start Collateralized commit Issue aborted Insufficient collateral btc locked in HTLC btc locked with Issuer Trade tokens Redeem requested btc released Redeem failed, eth reimbursed Token States NONE PENDING ISSUE REIMBURSED REDEEMED PENDING REDEEM ISSUED Trade Ethereum Chain Relay Treasury Contract 2) Bob creates and signs 𝑇𝑟𝑒𝑑𝑒𝑒𝑚 𝑏𝑡𝑐 , which pays him the correct amount of btc from the multisig 6) Issuer signs and publishes 𝑇𝑥 𝑟𝑒𝑑𝑒𝑒𝑚 (𝐵𝐼) 𝑏𝑡𝑐 spending from 𝑇𝑥𝑙𝑜𝑐𝑘 (𝐵𝐼) 𝑏𝑡𝑐 paying Bob the correct amount of btc 4) The contract burns the 𝑏𝑡𝑐 𝑒𝑡ℎ and emits an “unlock” event BOB ISSUER 3) Bob publishes 𝑇𝑏𝑢𝑟𝑛 𝑒𝑡ℎ in which he marks his 𝑏𝑡𝑐 𝑒𝑡ℎ for redemption and provides 𝑇𝑟𝑒𝑑𝑒𝑒𝑚 𝑏𝑡𝑐 𝑝𝑘𝐼 𝑏𝑡𝑐𝑝𝑘 𝐵 𝑏𝑡𝑐 𝑝𝑘𝐼 𝑒𝑡ℎ 𝑝𝑘 𝐵 𝑒𝑡ℎ 1) Bob generates Bitcoin key pair 5) Issuer sees unlock event X X XEthereum Bitcoin Chain Relay Treasury Contract Result: Bob replaces Alice in a new mutilsig with the Issuer, spending from the old multisig output. State not yet updated publicly. 4) Contract makes Bob owner of 𝑏𝑡𝑐 𝑒𝑡ℎ and allows Alice to withdraw the locked eth ALICE BOB 5) Alice publishes 𝑇 𝑤𝑖𝑡 ℎ𝑑𝑟𝑎𝑤 𝑒𝑡ℎ withdrawing 𝑒𝑡ℎ 𝑝𝑘 𝐵 𝑏𝑡𝑐𝑝𝑘 𝐴 𝑏𝑡𝑐 𝑝𝑘 𝐵 𝑒𝑡ℎ 𝑝𝑘 𝐴 𝑒𝑡ℎ 1) Alice creates and signs 𝑇𝑙𝑜𝑐𝑘 (𝐵𝐼) 𝑏𝑡𝑐 , which replaces herself by Bob in the multisig lock 2) Alice publishes 𝑇𝑜𝑓𝑓𝑒𝑟 𝑒𝑡ℎ , which invokes the token transfer in the treasury contract. 3) Bob publishes 𝑇𝑡𝑟𝑎𝑑𝑒 𝑒𝑡ℎ , locking 𝑒𝑡ℎ in the treasury Ethereum Bitcoin Chain Relay Treasury Contract 3) Alice publishes 𝑇𝑝𝑟𝑜𝑜𝑓 𝑒𝑡ℎ , submitting 𝑇𝑙𝑜𝑐𝑘 𝑏𝑡𝑐 for verification to the chain relay functionality of the contract 2) Alice publishes 𝑇𝑥𝑙𝑜𝑐𝑘 (𝐴𝐼) 𝑏𝑡𝑐 which locks btc in a multisig with the Issuer 4) The chain relay verifies 𝑇𝑙𝑜𝑐𝑘 𝑏𝑡𝑐 is included in Bitcoin’s main chain for at least 𝑡 𝑐𝑜𝑛𝑡𝑒𝑠𝑡 5) Confirms inclusion to treasury ALICE ISSUER 6) Contract issues 𝑏𝑡𝑐 𝑒𝑡ℎand declares Alice as owner 𝑝𝑘𝐼 𝑏𝑡𝑐 𝑝𝑘 𝐴 𝑏𝑡𝑐 𝑝𝑘𝐼 𝑒𝑡ℎ𝑝𝑘 𝐴 𝑒𝑡ℎ 1) Alice generates Ethereum key pair Precond.: Issuer has collateral locked in treasury RedeemIssue Protocols Bitcoin More details on the poster… …and in the paper! Cryptology eprint archive 2018/643