Anonymous Multi-Hop Payment for Payment Channel Networks

  1. School of Computer and Information Engineering, Zhejiang Gongshang University, Hangzhou, China 310018
  2. Shenzhen Research Institute, Nanjing University of Aeronautics and Astronautics, Shenzhen, China 518038
  3. Faculty of Computer Science, University of New Brunswick, Fredericton, Canada E3B 5A3
  4. School of Information and Electronic Engineering, Zhejiang Gongshang University, Hangzhou, China 310018

Abstract

The tremendous success of blockchain technology has been witnessed in recent years. Nevertheless, scalability is still the main criticism of using the blockchain. To alleviate this problem, many solutions with different properties have been put forth, and Payment Channel Networks (PCNs) have flourished as one of the most promising solutions due to the high TPS (transactions per second). Unfortunately, the existing PCN solutions either fail to provide path privacy guarantees or require the not-always-true All-Anonymous-Connected assumption (i.e., an anonymous communication channel always exists for any two participants). To alleviate these problems, we first present a new cryptographic primitive named anonymous multi-hop payment (AMHP), which is an improvement of anonymous multi-hop lock (AMHL). Using AMHP and payment channels together, we can have a new PCN solution with path privacy but removing the All-Anonymous-Connected assumption. After that, we present the first AMHP scheme, called AMHL+, by adapting the generic construction of AMHL, but at the cost of high communication overhead. To reduce the communication cost, we further present a new AMHP scheme (named EAMHL+) using the bilinear pairing. The communication cost of the EAMHL+ is reduced by 92.3% compared to the AMHL+. The rigorous security analysis demonstrates that the EAMHL+ holds consistency, balance security, and path privacy. Finally, we implement the proposed AMHP schemes using Java. The extensive experimental results show that, though the EAMHL+ requires more computational cost than the AMHL+, it is more efficient than the latter in terms of communication overhead.

Definition and Security Goals

Definition

  1. Setup: The payee $U_n$ generates a puzzle $Puzzle$ and sends it to the payer $U_0$ while keeping the corresponding solution $Solution$ secret.
  2. Lock: This phase starts from $U_0$, who takes $Puzzle$ and $sk_0$ as input and outputs a lock $L_0$ for $U_1$. For the user $U_i$, $i\in [1,n-1]$, he/she takes $(L_{i-1},sk_i)$ as input and outputs a lock $L_i$ for $U_{i+1}$, where $sk_i$, a random secret chosen by the user $U_i$, is an optional input.
  3. Release: This phase starts from $U_n$, who takes $L_{n-1}$ and $Solution$ as input and returns a release $R_n$ to $U_{n-1}$. For the user $U_i$, $i\in [n-1,1]$, he/she takes $(L_{i},R_{i+1},sk_i)$ as input and returns a release $R_i$ to $U_{i-1}$. As that in the Lock phase, $sk_i$ is also an optional input.

Security Goals

  1. Consistency: The lock $L_i$ can be released if its following lock $L_{i+1}$ has already been released.
  2. Balance security: An honest intermediate user does not lose coins, even if all other users are corrupted.
  3. Path privacy: All intermediate users only know the information of their neighboring nodes and cannot obtain information about all other nodes.

AMHL+ Scheme





EAMHL+ Scheme





Performance Evaluation

Demo download

The sourcecode of this project can be found at YiZhang0302/AMHP_DEMO.