Paper 2024/881

PipeSwap: Forcing the Timely Release of a Secret for Atomic Cross-Chain Swaps

Peifang Ni, Institute of Software, Chinese Academy of Sciences
Anqi Tian, Institute of Software, Chinese Academy of Sciences
Jing Xu, Institute of Software, Chinese Academy of Sciences
Abstract

Atomic cross-chain swaps mitigate the interoperability challenges faced by current cryptocurrencies, thereby facilitating inter-currency exchange and trading between the distrusting users. Although numerous atomic swaps protocols utilizing Hash Timelock Contracts have been deployed and put into practice, they are substantially far from universality due to their inherent dependence of rich scripting language supported by the underlying blockchains. The recently proposed Universal Atomic Swaps protocol [IEEE S&P'22] represents a significant advancement in the field of scriptless cross-chain swaps by ingeniously delegating scripting functionalities to cryptographic locking mechanisms, particularly the adaptor signatures and timed commitment schemes. However, we identify a new form of attack termed the double-claiming attack that leverages these scriptless functionalities to undermine atomicity with a high probability. This attack is inherent to the designs adopted by the existing scriptless cross-chain swaps protocols as well as the payment channel networks. We further quantify the severity of this attack based on real-word swap transactions processed by the most widely deployed decentralized exchange platforms, highlighting the critical challenges in designing universal atomic swaps. To address the double-claiming attack while ensuring both security and practical universality, we also present a cross-chain swaps protocol called \textup{PipeSwap}. Specifically, PipeSwap protects the frozen coins from being double-claimed by a novelly designed paradigm of pipelined coins flow that utilizes the techniques of two-hop swap and two-hop refund. In addition to a comprehensive security analysis in the Universal Composability framework, we develop a proof-of-concept implementation of PipeSwap with Schnorr/ECDSA signatures, and conduct extensive experiments to evaluate the overhead. The experimental results show that PipeSwap can be performed in less than 1.7 seconds while maintaining less than 7 kb of communication overhead on commodity machines.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. S&P 2025
Keywords
Atomic SwapsUniversalityPipelined Coins FlowTwo-Hop SwapTwo-Hop Refund
Contact author(s)
peifang2020 @ iscas ac cn
anqi2021 @ iscas ac cn
xujing @ iscas ac cn
History
2025-04-14: last of 2 revisions
2024-06-03: received
See all versions
Short URL
https://ia.cr/2024/881
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/881,
      author = {Peifang Ni and Anqi Tian and Jing Xu},
      title = {{PipeSwap}: Forcing the Timely Release of a Secret for Atomic Cross-Chain Swaps},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/881},
      year = {2024},
      url = {https://eprint.iacr.org/2024/881}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.