An Illustrated Primer on Cross Currency Swaps in HTLCs
Hello everyone! HTLCs are sooo in right now, so lease meet our friends Grandma Ethel Ethereum and Bitsy Bitcoin who will take us through the world of cross currency swaps with HTLCs. (Adapted from my ETHIS.io presentation).
HTLC stands for Hashed Timelock Contract and is most known for its usage in atomic swap implementations as well as in the Lightning Network. They can enable payment routing through multiple hops and various types of conditional payments that can embed other triggers as well!
HTLCs are typically defined by their usage of the following:
Hashlocks to restrict the spending of a contract until the preimage of the hash is revealed. A preimage is a random number that’s used to create the hash: a is a preimage of b if H(a) = b. The SHA256 hash of “we love cryptoeconomics.study” hashes to 85a9bc68a22963785f82d4410fe38807b4c11452af593e81c3ad114e7510f824
Timelocks to restrict the transfer of cryptocurrency until a specified time or blockheight, and as a failsafe in an emergency. For example, if Bitsy and Ethel are transacting but Ethel gets hit by a bus, then Bitsy knows that the funds will be returned to her at the end of the timeout.
But first, Ethel and Bitsy must agree to some terms off-chain:
Along with the exchange rate, timeout, and hash, they must also select a lead to generate the preimage.
Exchange rate: 10 ETH for 1 BTC
Timeout: 1 day
Hash: 85a9bc68a22963785f82d4410fe38807b4c11452af593e81c3ad114e7510f824
Our computer savvy Ethereum grandmother Ethel takes the lead in generating the preimage for the hash.
Ethel then gives this hash to Bitsy for her to use in her contract.
Deploying contracts:
Bitsy deploys a contract to the Bitcoin network with the hash, the timelock, and 1 BTC.
Ethel deploys a contract to the Ethereum network with the hash, the timelock, and 10 ETH.
Ethel must present her preimage “we love cryptoeconomics.study” in order to claim her BTC from Bitsy’s contract. In doing so, Ethel reveals the preimage to Bitsy who can then use it to claim her ETH from Ethel’s contract. Sounds pretty dope.
BUT WAIT!
Holy shit!!!
ETHEL’S BETRAYAL
Ethel has decided that instead of revealing her preimage immediately she will wait up until the end of the timeout, so she can see if the exchange rate has fluctuated in her favor. If it has, then she will reveal the preimage in order to obtain the BTC and then flip it on the open market for a profit. If the exchange rate fluctuates in favor of Bitsy instead, then Ethel will simply withhold the preimage until the end of the timeout, at which point the funds will be returned to each party.
Concerns with Incentives
Popular claim 1: “Griefing in this manner affects your reputation. If you do this all the time, people will choose not to transact with you.”
Concern: As anonymity increases, this becomes more tenuous. As the cost of creating new identities becomes cheaper, this also becomes more tenuous.
Popular claim 2: “If the timeouts are really short, the exchange rate fluctuations are trivial, and thus there is no free option problem.”
Concern: Ethereum and Bitcoin are independent systems that process time relatively and asynchronously, so long timeouts are required to make sure there is enough overlap in time for players to publish proofs on each chain, even in adversarial conditions.
So what’s the solution?
There don’t seem to be many from what I’ve found, except for streaming micropayments as proposed by Interledger. Instead of sending one lump sum payment, Ethel and Bitsy would send micropayments back and forth that adjust as the exchange rate fluctuates. In this case the new problem would be having only partially filled payments, but depending on who you are and the payment type, that might be sufficient.
Is this an interesting problem to you? Check out the forum and resources on https://cryptoeconomics.study/ to learn more about mechanism design for decentralized blockchains, analyzing incentives, and much much more. Maybe you’ll be the one to stop Ethel once and for all.
Acknowledgements
Thanks to Evan Schwartz, Dan Robinson, and Jeremy Rubin for the analyses on HTLCs. For more information on streaming micropayments please visit Interledger’s website: https://interledger.org/about.html. For more a more in-depth analysis on the security of HTLCs please keep an eye out for Dan Robinson’s upcoming blog post.
