...by Daniel Szego
"Simplicity is the ultimate sophistication."
Leonardo da Vinci

Sunday, May 12, 2019

Timing attacks against naive atomic swaps

Naive atomic swaps are asymmetrical games. In a standard atomic swap two HTLC-s are created with the h secret and T time lock and the idea is that either each party reveals the h secret or the timeout expires and all transactions are reverted. However the game is a little bit asymmetric, because one party, let we call it Alice creates and knows the h secret value so she can choose the exact time when she reveals this secret. If she chooses to activate that h secret right before the expiry of the T timelock, she has the chance that her counterparty, let we call Bob misses the time windows, so Alice gets the money from both blockchain. She might as well influence the chance of Bob to miss the time window with trying to force the counterparty blockchain, or with bribing some of the miners in the counterparty blockchain to delay the transaction.     

It is an open question, if modified swaps with HTLC contracts can be defined in a way that they reflect the assymetric behaviour of information sharing.