Decentralized Exchange that Mitigate a Bribery Attack

TL;DR

This paper identifies vulnerabilities in existing HTLC-based decentralized exchanges to bribery attacks, introduces a stronger attack, and proposes extit{ extbf{Prot}}, a secure protocol resistant to all bribery scenarios with demonstrated efficiency on Bitcoin and Ethereum.

Contribution

The paper exposes vulnerabilities in current HTLC solutions, presents a stronger attack, and introduces extit{ extbf{Prot}}, a game-theoretically secure protocol resistant to bribery attacks.

Findings

extit{ extbf{Prot}} resists all bribery scenarios.

Implementation shows efficiency on Bitcoin and Ethereum.

Stronger attack surpasses previous solutions in profitability.

Abstract

Despite the popularity of Hashed Time-Locked Contracts (HTLCs) because of their use in wide areas of applications such as payment channels, atomic swaps, etc, their use in exchange is still questionable. This is because of its incentive incompatibility and susceptibility to bribery attacks. State-of-the-art solutions such as MAD-HTLC (Oakland'21) and He-HTLC (NDSS'23) address this by leveraging miners' profit-driven behaviour to mitigate such attacks. The former is the mitigation against passive miners; however, the latter works against both active and passive miners. However, they consider only two bribing scenarios where either of the parties involved in the transfer collude with the miner. In this paper, we expose vulnerabilities in state-of-the-art solutions by presenting a miner-collusion bribery attack with implementation and game-theoretic analysis. Additionally, we propose a stronger attack on MAD-HTLC than He-HTLC, allowing the attacker to earn profits equivalent to attacking naive HTLC. Leveraging our insights, we propose \prot, a game-theoretically secure HTLC protocol resistant to all bribery scenarios. \prot\ employs a two-phase approach, preventing unauthorized token confiscation by third parties, such as miners. In Phase 1, parties commit to the transfer; in Phase 2, the transfer is executed without manipulation. We demonstrate \prot's efficiency in transaction cost and latency via implementations on Bitcoin and Ethereum.