Modern distributed data management systems face a new challenge: how can autonomous, mutually-distrusting parties cooperate safely and effectively? Addressing this challenge brings up questions familiar from classical distributed systems: how to combine multiple steps into a single atomic action, how to recover from failures, and how to synchronize concurrent access to data. Nevertheless, each of these issues requires rethinking when participants are autonomous and potentially adversarial.
We propose the notion of a *cross-chain deal*, a new way to structure complex distributed computations that manage assets in an adversarial setting. Deals are inspired by classical atomic transactions, but are necessarily different, in important ways, to accommodate the decentralized and untrusting nature of the exchange. We describe novel safety and liveness properties, along with two alternative protocols for implementing cross-chain deals in a system of independent blockchain ledgers. One protocol, based on synchronous communication, is fully decentralized, while the other, based on semi-synchronous communication, requires a globally shared ledger.

The value of cryptocurrencies is highly volatile and investors require fast and reliable exchange systems. In cross-chain transactions, multiple parties exchange assets across multiple blockchains which can be represented as a directed graph G with vertexes V as parties and edges E as asset transfers. In a simple form, cross-chain transactions are cross-chain swaps where each edge e transfers an asset that the head of e already owns. However, in general, a cross-chain transaction includes a sequence of exchanges at each blockchain. Further, transactions may have off-chain steps and hence may not be strongly connected. Given a transaction, protocols are desired that guarantee the following property called uniformity. If all parties conform to the protocol, all the assets should be transferred. Further, if any party deviates from the protocol, the conforming parties should not experience any loss. Previous work introduced a uniform protocol for strongly connected cross-chain swaps and showed that no uniform protocol exists for transactions that are not strongly connected. We present a uniform protocol for general cross-chain transactions with sequenced and off-chain steps when a few certain parties are conforming. Further, we prove a new property called end-to-end that guarantees that if the source parties pay, the sink parties are paid. We present a synthesis tool called XChain that given a high-level description of a cross- transaction can automatically generate smart contracts in Solidity for all the parties.

The General Purpose Atomic Crosschain Transaction protocol allows composable programming across multiple Ethereum blockchains. It allows for inter-contract and inter- blockchain function calls that are both synchronous and atomic: if one part fails, the whole call graph of function calls is rolled back. The protocol operates on existing Ethereum blockchains without modification. It works for both public permissioned and consortium blockchains. Additionally, the protocol is expected to work across heterogeneous blockchains other than Ethereum.

In this talk, I will describe Harmony’s gas-efficient light client technology and its application to cross-chain in the form of HarmonyEthereum two-way bridging. Harmony is a sharded, Proof of Stake, Byzantine consensus based layer-1 blockchain with 2s block finality and a network of 1000 decentralized nodes. Harmony’s cross-chain infrastructure is based on its novel design of gas-efficient light client. The gas efficiency is important especially when the light client is deployed cross-chain, like Ethereum.
Harmony produces blocks at a very fast rate (every 2 seconds), making it impossible for an SPV style light client to be cost effective for cross-chain application. Harmony light client employs several innovations to be efficient for cross-chain application. First, the epoch-based syncing. A light client is a program that downloads and verifies blockchain headers. A simple light client is SPV light client that downloads and verifies every block header. A Light client of a Proof of Stake blockchain only needs to verify the signatures of the validators who signed the blocks. Since the validator set does not change within an epoch (which is nearly 1 day), the light client only needs to download 1 block header that contains the validator set per epoch. This in itself reduces the light client complexity substantially (1/32768 blocks). Next, the BLS signature aggregation. Harmony’s consensus mechanism requires a quorum of 2/3 or more validators to sign each block to commit it to the blockchain. Harmony validators use BLS signatures to sign the blocks. Instead of having each of these signatures be separately stored on-chain, one aggregated signature is stored on-chain (a nice property of BLS, which allows such aggregation). This further reduces the work that the light client has to perform for verifying the block. Finally, the MMR-based checkpointing. The epoch-based syncing and BLS signature aggregation alone does not make the light client gas-efficient for cross-chain application. The BLS signature verification performs elliptic curve pairing causing 400K gas on Ethereum per verification. Harmony light client adopts a novel approach of MMR-based checkpointing for skipping frequent expensive pairing based verification. Within every epoch, all blocks are connected to each other in the form of a Merkle Mountain Range (MMR) and the MMR root is included in every block header. By verifying the MMR commitment, it become possible for light client to validate the block, without having to perform expensive BLS signature verification.

dIBC is the use of a smart contract or VM platform to deploy new contracts that support new protocols, all on an existing chain without having to wait for chain upgrades. There shouldn’t need to be a platform upgrade or chain governance vote every time someone wants to roll out a new protocol. dIBC is critical to early growth of Inter-blockchain Communication because it removes obstacles to innovation.

RSK’s 2-way peg protocol, called “the Powpeg”, has matured from its inception in 2018 as a federated system to now include many decentralized qualities. The new RSK Powpeg protects private keys stored in special purpose PowHSMs based on tamper-proof secure elements (SE). Each PowHSM runs an RSK node in SPV mode, and so signatures can only be commanded by cumulative proof of work. A layered architecture in the RSK Powpeg provides defense-in-depth against many types of software, hardware and network failures, while more than 50% of Bitcoin hashrate securing RSK provides the proof-of-work to achieve its security.

Atomic cross-chain swap enables the exchange of assets across different blockchains without a trusted third-party. With atomic swap, no party will end up losing their assets without getting the counterparties’ assets in exchange. Due to this property, atomic swap has been widely adopted in decentralized cryptocurrency exchange. However, the state-of-the-art atomic swap protocols fail to provide fairness to participants. Take the example of two parties who are willing to exchange their assets by an atomic swap protocol. If one party deviates from the protocol, the compliant party will end up pointlessly locking their assets for hours/days before they can get them back. This is called the lockup griefing problem. Due to the lockup griefing problem, the atomic swap places the compliant party at a disadvantage, which is not fair. In this research, we propose fair atomic cross-chain swap protocols. Our proposed approaches introduce premium mechanisms by which a compliant party will be compensated by premiums if their counterparties deviate. Our proposed protocols are the first to provide fairness to both two-party swaps and multi-party swaps. We also provide a protocol to further reduce the amount of premiums to start the swap so that the involved parties can use a very small amount of premiums to leverage the exchange of a large amount of assets. In this way, the risk of participating in a swap is mitigated to a great extent. We simulate our protocols via model checking and provide theoretical proof to prove the security properties of our proposed protocols.

The future of multi-blockchain architecture depends on the emergence of new protocols that achieve communication between trustless cross-chain participants. However, interoperability between blockchains remains an open problem. Existing approaches provide integration through solutions using a middleware system, which makes it harder to gain confidence mainly in terms of security and correctness of the process. A crosschain protocol needs to provide a self-verifiable state-proof that embeds trust in the transfer process. We propose a Burn-to-Claim cross-chain protocol to seamlessly exchange assets between networks. Our scheme transfers assets from one blockchain system to another in a way that the asset is burned from the source blockchain and claimed on the destination blockchain. Our mechanism employs combinations of crypto mechanisms such as digital signatures and time lock to operate the protocol in a distributed manner. We provide an analysis which proves that our cross-chain protocol transfers assets correctly and securely.

The recent adoption of blockchain technologies and open permission-less networks suggest the importance of peer-to-peer atomic cross-chain transaction protocols. Users should be able to atomically exchange tokens and assets without depending on centralized intermediaries such as exchanges. Recent peer-to-peer atomic cross-chain swap protocols use hashlocks and timelocks to ensure that participants comply to the protocol. However, an expired timelock could lead to a violation of the all-or-nothing atomicity property. An honest participant who fails to execute a smart contract on time due to a crash failure, denial of service attacks, or even network delays might end up losing assets. Although a crashed participant is the only participant who ends up worse off, current proposals are unsuitable for atomic cross-chain transactions in asynchronous environments where crash failures and network delays are the norm. In this talk, we explain our recently proposed protocol AC3WN, the first de-centralized all-or-nothing atomic cross-chain commitment protocol. The redeem and refund events of the smart contracts that exchange assets are modeled as conflicting events. An open permissionless network of witnesses is used to guarantee that conflicting events could never simultaneously occur and either all smart contracts in an atomic cross-chain transaction are redeemed or all of them are refunded.

An automated market maker is an automaton that has custody of several pools of assets, and is capable of trading those assets with clients at rates set by a mathematical formula. Unlike traditional “order book” traders, AMMs trade directly with clients, and do not need to match up (and wait for) compatible buyers and sellers. Today,AMMs such as Uniswap, Bancor, and others have become one of the most popular ways to trade electronic assets.This work proposes a new, general framework for understanding AMMs and and how they can be composed to construct networks of AMMs. We make the following contributions: (1) a mathematical framework for designing a general class of AMMs, (2) an axiomatic characterization of desirable properties an AMM should satisfy, and (3) the first definition of what it means to compose AMMs in a sensible way, illustrating both the expressive power and limitations of networks of AMMs.

This talk introduces the OpenDEX Network, the technical design & protocol standard, its incentive system and discusses the target use case and challenges ahead.

Wanchain is a project focused on bridging homogeneous and heterogeneous blockchains to enable the transfer of assets and data between multiple ecosystems. To tackle cross-chain interoperability between private and public blockchains, Wanchain introduced Trusted-Bridge Framework (T-Bridge Framework) to connect the components of the source chain, target chain, and routing chain, and define common components and protocols for the crosschain transactions (CCT).
The T-Bridge framework allows developers and users to access cross-chain activities by initiating CCT transactions via CLI or GUI tools. CCT transactions are processed on a blockchain and monitored by a protocol mediator (PM) to perform counterpart transactions on other blockchains.
With the T-Bridge framework, a partner can write their own business logic and crosschain smart contracts, and easily build decentralized crosschain applications.
Wanchain Trust Bridge currently provides a reference implementation to connect Wanchain to a private blockchain built with Hyperledger Besu originally from Consensys. Applications created with Trusted Bridge can not only retrieve and display information for each blockchain, but also transfer verifiable values, assets, data, and credentials crossing both blockchains. Wanchain also is also interested in exploring solutions for crosschain smart contract function calls.

Recently a lot of blockchain networks have been introduced for different use cases. However, these heterogeneous networks are isolated from each other, resulting in data and asset silos. Blockchain interoperability solutions can enable communication between different blockchains and can allow data and asset transfers. As a result, using these solutions, different blockchain networks can work together towards a common goal. This work uses the publish/subscribe architecture to propose a novel blockchain interoperability solution for permissioned blockchains. A prototype of the design has been implemented to show its feasibility in real permissioned networks. Using Hyperledger Besu and two versions of Hyperledger Fabric, we implemented example subscriber and publisher networks and evaluated our platform using these networks. The evaluation results show that our system can handle a throughput in the order of the hundreds of transactions per second. Moreover, we performed an analysis on the performance of the implemented platform to identify the limits and bottlenecks of the system to discuss its extensibility and scalability.

Blockchain systems have received much attention and promise to revolutionize many services. Yet, despite their popularity, current blockchain systems exist in isolation, that is, they cannot share information. While interoperability is crucial for blockchain to reach widespread adoption, it is difficult to achieve due to differences among existing blockchain technologies. This paper presents a technique to allow blockchain interoperability. The core idea is to provide a primitive operationto developers so that contracts and objects can switch from one blockchain to another, without breaking consistency and violatingkey blockchain properties. To validate our ideas, we implemented our protocol in two popular blockchain clients that use theEthereum virtual machine. We discuss how to build applications using the proposed protocol and show examples of applicationsbased on real use cases that can move across blockchains. To analyze the system performance we use a real trace from one of the most popular Ethereum applications and replay it in a multi-blockchain environment.

Smart contracts facilitate decentralized applications based on blockchain networks to remedy dependencies on third parties. They inherit the host blockchain’s properties such as throughput, execution costs and security. While a target blockchain may be best suited at deployment time, alternative blockchain implementations may better align with the changing requirements of an application. Furthermore, the host blockchain’s utilization may change over time, leading to increasing execution costs or decreasing security properties, e.g., due to lower incentives to block producers. Yet, smart contracts are tightly coupled to their host blockchain, creating a novel form of lock-in effect. We introduce the concept of smart contract forks that permits any user to migrate the application logic and current state of smart contracts to another blockchain. The integrity of the migration process is verifiable through external parties or chain relays. Thus, no trust in the executing entity is required. As a result, smart contract users benefit from the properties of the fork’s host blockchain while maintaining full verifiability. We provide a toolbox facilitating the migration of smart contracts between EVM-compatible blockchains. The Ethereum Virtual Machine (EVM) is utilized as a common execution environment, as it is supported by a wide range of blockchain implementations. To prove the concept’s soundness, we transfer token contracts based on the ERC20 standard as well as applications containing dependencies to other smart contracts. Our evaluation shows the validity of migrated applications including their current states.

Since the inception of Bitcoin, a plethora of distributed ledgers differing in design and purpose has been created. While by design, blockchains provide no means to securely communicate with external systems, numerous attempts towards trustless cross-chain communication have been proposed over the years. Today, cross-chain communication (CCC) plays a fundamental role in cryptocurrency exchanges, scalability efforts via sharding, extension of existing systems through sidechains, and bootstrapping of new blockchains. Unfortunately, existing proposals are designed ad-hoc for specific use-cases, making it hard to gain confidence on their correctness and composability.
We provide the first systematic exposition of cross-chain communication protocols. We formalize the underlying research problem and show that CCC is impossible without a trusted third party, contrary to common beliefs in the blockchain community.

Trading goods lies at the backbone of the modern economy and the recent advent of cryptocurrencies has opened the door for trading decentralized (digital) assets: A large fraction of the value of cryptocurrencies comes from the inter-currency exchange and trading, which has been arguably the most successful application of decentralized money. The security issues observed with centralized, custodial cryptocurrency exchanges have motivated the design of atomic swaps, a protocol for coin exchanges between any two users. Yet, somewhat surprisingly, no atomic swap protocol exists that simultaneously satisfies the following simple but desired properties: (i) non-custodial, departing from a third party trusted to hold the coins from users during the exchange; (ii) universal, that is, compatible with all (current and future) cryptocurrencies; (iii) multi-asset, supporting the exchange of multiple coins in a single atomic swap instance.
From a theoretical standpoint, in this work we show a generic protocol to securely swap n coins from any (possible multiple) currencies for n’ coins of any other currencies, for any n and n’. We do not require any custom scripting language supported by the corresponding blockchains, besides the bare minimum ability to verify signatures on transactions. For the special case when the blockchains use ECDSA or Schnorr signatures, we design a practically efficient protocol based on adaptor signatures and time-lock puzzles. Our protocol allows one to securely exchange coins in blockchains where transactions are signed using those schemes (possibly implemented over different elliptic curves), thus encompassing (virtually) all existing blockchains.
As a byproduct of our approach, atomic swaps transactions no longer include custom scripts and are identical to standard one-to-one transactions. We also show that our protocols naturally generalizes to any cycle of users, i.e., atomic swaps with more than two participants. To demonstrate the practicality of our approach, we have evaluated a prototypical implementation of our protocol for Schnorr/ECDSA signatures and observed that an atomic swap requires below one second on commodity machines.

Blockchain interoperability is emerging as one of the crucial features of blockchain technology, as integration will become an increasingly important topic in the broader blockchain ecosystem. For instance, people and organizations might want to exchange tokens representing arbitrary assets among blockchains.
Hyperledger Cactus is the most recent Hyperledger project, aiming at providing a decentralized, secure and adaptable infrastructure that allows integrations between decentralized ledger technology systems. It includes a set of libraries, data models, and SDKs to accelerate development of applications and services running on multiple blockchains. In this talk, we introduce Hyperledger Cactus, highlighting some of the use cases it enables, such as blockchain migrations.

Due to the evergrowing blockchain ecosystem, interoperability has become a matter of great importance. Atomic swaps allow connecting otherwise isolated blockchains while adhering to the core principles of censorship resistance and permissionlessnes.
Up until recently, atomic swap protocols have mostly relied on complex script support, excluding certain types of blockchains. With advances in cryptography, it is now possible to build a bridge between almost any two blockchains.
In this work, we give an explanation of one such protocol which applies adaptor signatures on Bitcoin to procure atomic swaps between Monero and Bitcoin.
We dive into the cryptographic details, discuss its limitations and give an outlook on our current work where we use adaptor signatures on the Monero signature scheme.

Hyperledger Fabric has received lots of attention as a private blockchain based business logic solution. With flexible records storing and sharing features, Hyperledger Fabric can create transactions between untrusted or partially trusted participants quickly and safely. Moreover the scalable and modular structure makes Hyperledger Fabric capable of complex logical functions to handle the transactions between different organization groups. Hyperledger Fabric has good internal expansibility, which makes it easy to modify user relationships, data structures, and business logic in the single Hyperledger Fabric environment. However, transactions are only achievable in single independent Hyperledger Fabric. Different Hyperledger Fabric cannot execute transactions due to different logics, different currencies, and different use case. That makes Hyperledger Fabric’s versatility insufficient in heterogeneous usage scenarios. In this article, we studied the interoperability between different Hyperledger Fabric. We propose a cross-Hyperledger Fabric transaction solution that satisfies the ACID properties (Atomicity, Consistency, Isolation and Durability), which enables users to complete transactions across multi-Hyperledger Fabric environment safely and efficiently. Moreover, we conducted a feasibility and safety analysis of the proposed scheme and we a performance analysis based on the real deployment platform.

Current blockchain relay schemes require the immediate validation of each relayed block header by the destination blockchain. This leads to high operating cost when deploying these relays between Ethereum-based blockchains where validating block headers on-chain is computationally expensive.
To overcome these limitations, we introduce a novel relay scheme that employs a validation-on-demand pattern combined with economic incentives to reduce the cost of operating a relay between Ethereum-based blockchains by up to 92%. With this relay scheme, decentralized interoperability between blockchains like Ethereum and Ethereum Classic becomes feasible.

We address the problem of atomic cross shard value transfer in Ethereum 2. We leverage on Ethereum 2 architecture, more specificially on Beacon chain and crosslinks, and propose a solution on top of the netted-balance approach that was proposed for EE-level atomic \eth transfers. We split a cross-shard transfer into two transactions: a debit and a credit. First, the debit transaction is processed at the source shard. The corresponding credit transaction is processed at the destination shard in a subsequent block. We use {\em netted} shard states as channels to communicate pending credits and pending reverts. We discuss various scenarios of debit failures and credit failures, and show our approach ensures atomicity even in the presence of a Byzantine Block proposer.
The benefits of our approach are that we do not use any locks nor impose any constraints on the Block Proposer to select specific transactions. However we inherit the limitation of an expensive operation from the netted-balance approach of querying partial states from all other shards.

In this talk we present the general model-based testing (MBT) methodology built around the TLA+ language and the Apalache model checker, as well as its instantiation for blockchain infrastructure and applications. We have applied our method to the Cosmos SDK token transfer application, as well as to the Tendermint LightClient in Rust implementation. In the former case our method has caught a critical bug that has been missed by standard testing, shortly before the release of Stargate upgrade to the Cosmos Hub, which brings cross-chain interoperability between connected blockchains. In the latter case MBT allowed us to eliminate several serious implementation bugs as well as specification divergencies. In both cases our model-based tests run as part of CI framework in the corresponding repositories, providing perpetual correctness assurance guarantees to the developers. At present we are generalising and optimising our approach; in the second part of the talk we describe our vision on the MBT methodology, the directions in which we develop it, and how we plan to make it available, approachable, and appealing to developers.

In this talk we’ll go over the challenges we faced when developing a cross-chain bridge between NEO and Binance Chain, how we solved them, and how we augmented the XCLAIM protocol to improve long-term porting of assets.

In this talk we will give a brief overview of the Pantos project, from the initial idea and the vision paper, over conducted research in the past years, to the current state of the project and an outlook regarding future aspects of the involved technology. Blockchain interaction in some sense is a rather bold idea. We will highlight technical and structural challenges. The former comes in an attempt of balancing speed, decentralization, security and cost parameters. The latter is given by the interplay of the different stakeholders and their interests, which are the private corporation Pantos as project owner, the independent but associated university researchers and the community consisting of ICO participants and private investors. As far as confidentiality clauses permit we will also discuss industry partnerships attempting to facilitate the advances in their own way.