{"id":409,"date":"2016-04-25T15:00:49","date_gmt":"2016-04-25T14:00:49","guid":{"rendered":"https:\/\/blogs.ncl.ac.uk\/security\/?p=409"},"modified":"2016-04-25T15:03:28","modified_gmt":"2016-04-25T14:03:28","slug":"towards-bitcoin-payment-networks","status":"publish","type":"post","link":"https:\/\/blogs.ncl.ac.uk\/security\/2016\/04\/25\/towards-bitcoin-payment-networks\/","title":{"rendered":"Towards Bitcoin Payment Networks"},"content":{"rendered":"<p>The Newcastle University Bitcoin group was invited by the\u00a0<a href=\"http:\/\/nsclab.org\/acisp2016\/\">21st Australasian Conference on Information Security and Privacy (ACISP 2016<\/a><a href=\"http:\/\/nsclab.org\/acisp2016\/\">)<\/a>\u00a0to write a paper about Bitcoin security.<\/p>\n<p>Instead, in collaboration with Malte M\u00f6ser from the University of M\u00fcnster, we decided to summarise an upcoming field in Bitcoin. We call this field `Bitcoin Payment Networks\u2019 and we hope\u00a0<a href=\"http:\/\/homepages.cs.ncl.ac.uk\/patrick.mc-corry\/paymentnetworks.pdf\">that our paper<\/a>\u00a0will inspire other researchers to think about how to construct payment channels, how bitcoins can be routed across two or more channels using an overlay payment network, and what potential regulation (if any) is required if anyone can participate in routing payments?<\/p>\n<p>Now, I am sure you are thinking:<\/p>\n<p style=\"text-align: center\"><em>I thought Bitcoin already supported payments?<\/em><\/p>\n<p style=\"text-align: center\"><em>What is a payment channel?<\/em><\/p>\n<p style=\"text-align: center\"><em>And why do we need an overlay payment network for that matter?<\/em><\/p>\n<p>Yes, Bitcoin is a peer to peer electronic cash system, and yes, Bitcoin already has a peer to peer network.<\/p>\n<p>Unfortunately, Bitcoin as deployed today does not scale. The currency can support approximately 2-3 transactions per second and this is primarily due to an artificial cap of 1 MB blocks. Simply lifting the cap can alleviate the scalability problems in the short term, but<a href=\"http:\/\/fc16.ifca.ai\/bitcoin\/papers\/CDE+16.pdf\">\u00a0recent research at the 3rd Bitcoin Workshop<\/a>\u00a0demonstrates that the underlying peer to peer network can only handle up to 27 tps. As well, lifting the cap and re-parameterizing Bitcoin is arguably just kicking the can down the road.<\/p>\n<p>So how do we solve this problem? Research has focused in two directions:<\/p>\n<ol>\n<li>New types of Blockchain protocols such as <a href=\"https:\/\/eprint.iacr.org\/2013\/881.pdf\">GHOST <\/a>and <a href=\"http:\/\/hackingdistributed.com\/2015\/10\/14\/bitcoin-ng\/\">Bitcoin-NG<\/a>,<\/li>\n<li>Facilitating\u00a0Bitcoin transactions `off-chain&#8217; and only using the Blockchain if an adjudicator is required.<\/li>\n<\/ol>\n<p><a href=\"http:\/\/homepages.cs.ncl.ac.uk\/patrick.mc-corry\/paymentnetworks.pdf\">In our paper,<\/a>\u00a0we focus on the second approach that requires a payment channel that facilitates bi-directional payments. These channels can be\u00a0established when one or both parties deposit bitcoins into a multi-signature address controlled by both parties. Sending a payment then requires the authorisation of both parties, and essentially re-allocates the channel&#8217;s bitcoins to both parties. For example, if the channel has 1 BTC, then 0.5 BTC can be sent to Alice and 0.5 sent to Bob. If Alice sends 0.1 BTC to Bob, then the channel is updated to send 0.4 BTC to Alice, and 0.6 BTC to Bob. To close the channel, both parties can cooperate and settle using a single transaction, or when cooperation is not possible, either party can raise a dispute (requiring two or more transactions) on the Blockchain to settle the final balance.<\/p>\n<p>Why are these channels useful?<\/p>\n<ul>\n<li>The channel can be set up in such a way that the depositors are guaranteed to have their bitcoins returned if no payments occur,<\/li>\n<li>The channel supports bidirectional activity and thousands of transactions can happen without the need to inform the Bitcoin network,<\/li>\n<li>The channel prevents double-spending as each payment requires the authorization of the counterparty.<\/li>\n<\/ul>\n<p>The prominent schemes proposed in the community are <a href=\"http:\/\/www.tik.ee.ethz.ch\/file\/716b955c130e6c703fac336ea17b1670\/duplex-micropayment-channels.pdf\">Duplex Micropayment Channels<\/a> by Christian Decker and Roger Wattenhofer, and <a href=\"https:\/\/lightning.network\/lightning-network-paper.pdf\">Lightning Channels<\/a> by Joseph Poon and Thaddeus Dryja. We provide a comparison of both schemes to better understand their suitability for payment networks. Overall, we found that both schemes are primarily suited for different network topologies. Duplex is suited for a regulated hub-and-spoke model with highly reliable hubs, whereas Lightning is suited for a mesh network in which anyone can become a hub.<\/p>\n<p>Now that we have a channel that can accept deposits from both parties and send bidirectional payments \u2013 what exactly is a payment network? A network consists of a set of channels, and allows two parties to find a route of channels that connects them. Then, both parties can send bi-directional payments across the network.<\/p>\n<p>In the simplest case, Alice and Bob share a channel with Caroline (A-&gt;C, C-&gt;B), and Alice can send bitcoins to Bob using both of Caroline\u2019s channels.<\/p>\n<p>However, in the more interesting case, we can have more than one intermediary and still route payments:<\/p>\n<p>Alice to Caroline, A-&gt;C<\/p>\n<p>Caroline to Dave, C-&gt;D<\/p>\n<p>Dave to Eugene, D-&gt;E<\/p>\n<p>Eugene to Bob, E-&gt;B<\/p>\n<p>Alice can send bitcoins to Bob via Caroline, Dave and Eugene. Most importantly, all routed bitcoins are sent without trusting any intermediary, and this relies upon the Hashed Time-Locked Contract (HTLC) technique proposed by Joseph Poon and Thaddeus Dryja for the Lightning Network.<\/p>\n<p><a href=\"http:\/\/homepages.cs.ncl.ac.uk\/patrick.mc-corry\/paymentnetworks.pdf\">In our paper<\/a>, we detail how HTLC works for both Duplex Micropayment Channels and the Lightning Network. We highlight the potential limitations that HTLC imposes on the channels. For example, in Duplex Micropayment Channels, the routed bitcoins are potentially locked into the transfer for the channel\u2019s entire lifetime, while in Lightning, the time allocated for the transfer determines how frequently each party must monitor the Blockchain for the remaining lifetime of their channel which is a potential burden for low-resourced participants.<\/p>\n<p>One of the most important\u00a0remaining challenges for payment networks\u00a0is assessing\u00a0the feasibility of different underlying topologies for the network. For instance, the community\u2019s vision is that a mesh network will exist in which anyone can route bitcoins.<\/p>\n<p>However, to achieve a mesh network, we need to decide how users can find payment routes on the network. Is there a gossip network for hubs to advertise their services? Do hubs reveal their channels (and leak their financial privacy) using Bitcoin&#8217;s blockchain? Are routing fees fixed or dynamic per route? Finally, are hubs on the mesh network considered money transmitters and need to be regulated?\u00a0In the final section of our paper, we provide a brief discussion on some of these challenges.<\/p>\n<p>We hope our blood, sweat and tears (yes blood, I somehow managed to cut myself while stapling a copy of the paper) will help both researchers and the community understand how\u00a0cryptocurrencies can\u00a0scale using payment networks. Furthermore, we hope to highlight that payment networks as a scaling solution can also potentially maintain the open-membership and self-enforcing properties that we have grown to love about Bitcoin.<\/p>\n<p>Just in case,\u00a0<a href=\"http:\/\/homepages.cs.ncl.ac.uk\/patrick.mc-corry\/paymentnetworks.pdf\">our paper can be found here.\u00a0<\/a>Also,\u00a0just below you will find a selfie of the first two authors <a href=\"http:\/\/homepages.cs.ncl.ac.uk\/patrick.mc-corry\/\">Patrick <\/a>and <a href=\"https:\/\/maltemoeser.de\/\">Malte<\/a>, alongside Rasheed from Bitt.com while attending Financial Cryptography 2016 this year.<\/p>\n<div id=\"attachment_434\" style=\"width: 310px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/blogs.ncl.ac.uk\/security\/files\/2016\/04\/selfie.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-434\" class=\"size-medium wp-image-434\" src=\"https:\/\/blogs.ncl.ac.uk\/security\/files\/2016\/04\/selfie-300x225.jpg\" alt=\"Malte, Patrick and Rasheed\" width=\"300\" height=\"225\" srcset=\"https:\/\/blogs.ncl.ac.uk\/security\/files\/2016\/04\/selfie-300x225.jpg 300w, https:\/\/blogs.ncl.ac.uk\/security\/files\/2016\/04\/selfie-768x576.jpg 768w, https:\/\/blogs.ncl.ac.uk\/security\/files\/2016\/04\/selfie-400x300.jpg 400w, https:\/\/blogs.ncl.ac.uk\/security\/files\/2016\/04\/selfie.jpg 960w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-434\" class=\"wp-caption-text\">Malte, Patrick and Rasheed<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The Newcastle University Bitcoin group was invited by the\u00a021st Australasian Conference on Information Security and Privacy (ACISP 2016)\u00a0to write a paper about Bitcoin security. Instead, in collaboration with Malte M\u00f6ser from the University of M\u00fcnster, we decided to summarise an &hellip; <a href=\"https:\/\/blogs.ncl.ac.uk\/security\/2016\/04\/25\/towards-bitcoin-payment-networks\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":5472,"featured_media":434,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-409","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-academic-paper-2"],"_links":{"self":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts\/409","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/users\/5472"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/comments?post=409"}],"version-history":[{"count":31,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts\/409\/revisions"}],"predecessor-version":[{"id":441,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/posts\/409\/revisions\/441"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/media\/434"}],"wp:attachment":[{"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/media?parent=409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/categories?post=409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.ncl.ac.uk\/security\/wp-json\/wp\/v2\/tags?post=409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}