peaceBridge: Connecting Ethereum Classic and Ethereum

Ying Tong Lai
Aug 24, 2018 · 4 min read

Building off Loi Luu’s BTC — ETH relay-less bridge described in “Bringing Bitcoin to Ethereum”, peaceBridge is an ETC — ETH bridge that uses co-signed chains of custody to verify transactions across the two chains. By introducing a challenge game and imposing staking requirements, our design addresses the high gas cost issues and employs a trustless Custodian.

The peaceBridge is best illustrated through example. Consider, without loss of generality, a transfer in the ETC → ETH direction:

Staking, minting, and depositing on the peaceBridge. Alice mints TETC-A on the foreign Ethereum chain and deposits an equivalent amount of real ETC on her home Ethereum Classic chain.

Staking, Minting, and Depositing

The peaceBridge is initiated by a Custodian who sets up DepositContract on the home chain (here, Ethereum Classic) and TokenContract on the foreign chain (here, Ethereum).

1a. Custodian stakes α ETC in DepositContract on the Ethereum Classic chain. DepositContract is where users will deposit home currency (here, ETC) in order to transact on the foreign chain. α will define depositCap, a limit on the amount of ETC that can be deposited in DepositContract.

1b. Custodian sets up TokenContract on the Ethereum chain, where users can mint ERC721 TETC tokens. Each separate mint will produce an ERC721 token with a unique tokenId that cannot be split.

Once both DepositContract and TokenContract are set up, and depositCap is established, exchanges from ETC to TETC may begin.

Each user of the bridge mints on TokenContract simultaneously or prior to depositing on DepositContract. This prevents malicious actors from stealing someone else's publicly published deposit and using it to mint tokens they didn't pay for. The process of minting and depositing is detailed as below:

2a. Alice wishes to exchange X ETC for TETC tokens to be used on the ETH main chain. To do so, she mints X TETC-A in TokenContract (on the ETH chain). Note that TETC-A is an ERC721 token that has a unique tokenId and cannot be split.

2b. Alice deposits X ETC in DepositContract (on the ETC chain) claiming her mint.

Transferring, co-signing, and chain of custody. Each token transfer on peaceBridge is numbered by a nonce and requires both the Custodian and transferrer to sign, thus establishing a chain of custody for each token.

Transferring, Co-signing, and Chain of Custody

In the time before Custodian approves Alice’s transfer request, Alice is free to revert the transaction, should she change her mind about transferring her TETC-A to Bob.

Withdrawing and Challenging

A withdrawal must be staked and opens up a challenge period.

A Withdrawer can use TETC-A to withdraw() from DepositContract , i.e. withdraw Alice's original ETC deposit. She does this by submitting the following information to DepositContract:

  • uint256 _tokenId, the unique tokenId of the TETC-A token she is trying to redeem
  • bytes32[] _rawTxBundle, a bundle containing information about _withdrawalTx, _lastTx, _custodianTx
  • bytes32[] _txMsgHashes, the hashes of the values in _rawTxBundle
  • uint256 _declaredNonce, the number of transfers of TETC-A

If the withdrawal request is signed by the Custodian and the penultimate owner of the token, DepositContract opens up a challenge period, during which anyone can submit a proof that the Withdrawer is making a fraudulent withdrawal. A successful Challenger is rewarded with the Withdrawer's stake.

We can reason about the possible fraudulent withdrawals and their corresponding challenge responses by considering the chronology of the withdrawal’s declaredNonce:

Fraudulent withdrawal and challenge response

To initiate a challenge, a Challenger is required to stake a value equivalent to 20% of Withdrawer’s stake, on top of covering the gas costs borne by the Withdrawer in responding to the challenge. This prevents griefing attacks and trigger-happy challenges that slow down the bridge.

At any point, the existence of more than one Custodian-signed transaction at the same nonce and for the same token can be submitted to DepositContract to prove the Custodian's illegal double-sign. The punishment is as such:

For a token, say TETC-A, with corresponding deposit X, we slash TETC-A's deposit as well as X-equivalent ETC from the Custodian's stake. Here, the Custodian's penalty increases as a linear function of discovered double-signing instances, thus disincentivising him from double-signing.

Authors: Ben, Zhen, Ying Tong

We thank Dave Appleton (Akomba Labs), Anthony Lusardi (ETC Cooperative), and Loi Luu and Desmond (Kyber Network) for helpful discussions.

Akomba

Akomba Labs is a blockchain technology research and…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store