Atomic Swaps for Distributed Ledgers

Tommy Koens
Oct 29, 2019 · 6 min read

Hi, my name is Tommy Koens and I’m a member of ING’s Distributed Ledger Team. We focus on Distributed Ledger Technologies (DLTs) of which blockchain is the most famous example. Here at ING we build, research and share all kinds of interesting and relevant DLT solutions. There is an increasing need for these solutions to talk to each other, and various types of interoperability solutions have been proposed. In this post I’d like to introduce you to one of these types, of interoperability called atomic swaps.

Ledger interoperability

Distributed ledgers can be divided, in general, in two types. First, there are public ledgers (also known as blockchain) such as Bitcoin and Ethereum. Second, there are private ledgers, for example Corda and Hyperledger Fabric.

There are many projects that use one of these ledger types. Also, in ING we use Corda and Hyperledger. For example, Corda is used to build the HQLAx, Hyperledger Fabric is used for building the MineHub, and Quorum is used for Komgo. However, most of these ledgers are siloed and the need for these ledgers to interoperate is becoming more urgent. Ledger interoperability in essence means that two separate ledgers are able to communicate.

For example, assume that two ledgers exist, a MineHub ledger containing mined commodity assets (asset M), and a Komgo ledger containing letter of credits (asset L). In this scenario Alice wishes to exchange asset M for asset L with Bob. A simple approach would be that Alice creates an account (A’) on the ledger where Bob’s account (B) resides, and Bob creates an account (B’) on the ledger where Alice’ s account (A) resides. Then Alice transfers (t) her asset M to Bob’s account (t:AB’), after which Bob transfers his asset L to Alice’s account (t:BA’). But there is a problem in this scenario, as Bob can decide not to send asset L after Alice sends her asset M. This would leave Bob with both assets M and L. Fortunately, atomic swaps provide a means to a fair exchange.

A fair exchange: Atomic swaps

Atomic Cross Chain Swaps (ACCS), atomic swaps for short and also known as hashlocks, is a type of ledger interoperability that guarantees that both transactions (t:A→B’ and t:B→A’) either both succeed or both fail. The nice thing about atomic swaps is that it is both used in practice and also is an active field of research. Now, how does this work? Although there are several ways to explain ACCS, the following diagram from sums it up quite nicely.

The following text explains the above diagram (Source):

1.Alice creates an account (A) on Bob’s ledger.

2. Bob creates an account (B) on Alice’s ledger.

3.Alice creates a smart contract (SA) on Bob’s ledger. This smart contract contains:

  • The asset M that Alice wishes to transfer to Bob.
  • This asset is locked for a period of time (f).
  • A timer. When this timer ends, the smart contract returns the asset M to Alice.
  • A hash (h) of a secret that currently only Alice knows
  • A statement that when the secret is revealed, the asset M is transferred to Bob.

4.Alice sends the hash (h) to Bob.

5. Bob creates a smart contract (SB) on Alice’s ledger. This smart contract contains:

  • Asset L which Bob wishes to transfer to Alice.
  • This asset is locked for a period of time (f+n).
  • A timer that, when it ends, returns asset L to Bob.
  • The similar hash (h) which is stored in Alice’s smart contract (SA).
  • A statement that upon revealing the secret of the hash, asset L is transferred to Alice.

6. Alice then reveals her secret to Bob’s contract, after which she can redeem asset M.

7. However, now Bob also knows the secret. Bob invokes The smart contract (SA), after which asset L is transferred to Bob ‘s account.

8. And so, both Alice and Bob have atomically exchanged their assets inter-ledger.

Note that each time Alice and Bob wish to exchange assets an interaction with the ledger occurs. This is why it’s called an on-chain atomic swap. If a ledger charges fees for such interactions, this may become a very expensive exercise if Alice and Bob transact, say, a thousand times.

Improving atomic swaps: Off-chain atomic swaps

A solution to transacting multiple times without a significant transaction cost increase is off-chain atomic swaps, also known as payment channels. In the following scenario Alice and Bob both know that they are going to transact many (say thousands of) times. Assume in this scenario that Alice and Bob share accounts on the same ledger, and also interact only on that ledger. This can be, of course, extended to multiple ledgers. The idea is that both Alice and Bob lock their assets in a smart contract. Each time they wish to make an exchange, their accounts are updated. Settling the final account balance can be achieved with a single transaction to the ledger (instead of thousands).

Main open challenges

Although atomic swaps are a useful technique, there are several issues. I’ll discuss three.

  1. Denial of Assets

A simple attack is that Bob denies Alice the use of her assets for time (t). After Alice locks her assets, Bob may decide to not to lock his assets. This means that Alice is not able to use her assets for time (t).

2. User lag

Suppose Alice redeems asset L. Now the secret is known to Bob. However, if Bob does not act within time (n), asset M is returned to Alice which leaves Alice with both asset M and L.

3. Race conditions

Suppose Bob is a miner who creates new states for Bob’s ledger. Assume that Alice sends her transaction (t:A’→B). Bob picks up this transaction and now knows the secret. Bob, as a participant, redeems asset M with Alice’s secret on Alice’s ledger. Bob, as a miner (assume in this scenario that Bob’s ledger contains miners instead of validators), only proposes new ledger states on Bob’s ledger that do not include Alice’s transaction, until time (f+n) expires. This would return asset L to Bob, since there was no approved transaction that redeemed Bob’s asset M.

These issues are more likely to happen on public ledgers than private ledgers. In private ledgers parties are usually known, malicious behaviour can be easily detected, and measures can be taken against the malicious party. Although these are known issues, ACCS are a serious candidate for ledger interoperability in some of our projects.

Conclusion

As distributed ledger technology becomes more mature and ledger-based projects become production-ready, the need for interoperability between these ledgers rises. Atomic swaps are one way of achieving ledger interoperability. In this blog post I introduced one of the techniques to achieve ledger interoperability. However, several critical issues remain which is why atomic swaps are an active and interesting field of research and this interoperability technique is already applied in practise in both public and private ledgers.

In the next blog post we will introduce another interoperability solution, namely relay schemes.

Feel free to reach out if you have any comments or questions!

Tommy

ING Blog

Blogs from ING employees