Smart Contracts and transactions allow users to implement elaborate constructions on cryptocurrency blockchains like Bitcoin, Ethereum, and Libra. Many of these, including operational payment channels, use a building block called Hashed Time-Locked Contract (HTLC). In this work, we distill from HTLC a specification (HTLCSpec), and present an implementation called Mutual-Assured-Destruction Hashed Time-Locked Contract (MAD-HTLC). MADHTLC employs a novel approach of utilizing the existing blockchain operators, called miners, as part of the design. If a user misbehaves, MAD-HTLC incentivizes the miners to confiscate all her funds. We prove that MAD-HTLC satisfies HTLC-Spec with game-theoretic analysis and instantiate it on Bitcoin's operational blockchain. Notably, current miner software makes only little effort to optimize revenue, since the advantage is relatively small. However, as the demand grows and other revenue components shrink, miners are more motivated to fully optimize their fund intake. By patching the standard Bitcoin client, we demonstrate such an optimization is easy to implement, making the miners natural enforcers of MAD-HTLC. Finally, we show how vulnerable HTLC is to bribery attacks. An attacker can incentivize miners to prefer her transactions by offering high transaction fees. We demonstrate this can be easily implemented by patching the Bitcoin client, and use game theoretic tools to qualitatively tighten the known cost bound of such bribery attacks.

中文翻译：

---

MAD-HTLC：因为 HTLC 攻击起来非常便宜

智能合约和交易允许用户在比特币、以太坊和天秤座等加密货币区块链上实施精心构建。其中许多，包括运营支付渠道，都使用称为哈希时间锁定合约 (HTLC) 的构建块。在这项工作中，我们从 HTLC 中提炼出一个规范 (HTLCSpec)，并提出了一个称为互保破坏哈希时间锁定合约 (MAD-HTLC) 的实现。MADHTLC 采用了一种新颖的方法来利用现有的区块链运营商（称为矿工）作为设计的一部分。如果用户行为不当，MAD-HTLC 会激励矿工没收她的所有资金。我们通过博弈论分析证明 MAD-HTLC 满足 HTLC-Spec，并在比特币的可操作区块链上对其进行实例化。值得注意的是，当前的矿工软件几乎没有努力优化收入，因为优势比较小。然而，随着需求的增长和其他收入组成部分的萎缩，矿工更有动力充分优化他们的资金摄入。通过修补标准的比特币客户端，我们证明了这样的优化很容易实现，使矿工成为 MAD-HTLC 的自然执行者。最后，我们展示了 HTLC 对贿赂攻击的脆弱性。攻击者可以通过提供高额交易费用来激励矿工更喜欢她的交易。我们证明这可以通过修补比特币客户端轻松实现，并使用博弈论工具定性地收紧此类贿赂攻击的已知成本界限。我们证明这样的优化很容易实现，使矿工成为 MAD-HTLC 的自然执行者。最后，我们展示了 HTLC 对贿赂攻击的脆弱性。攻击者可以通过提供高额交易费用来激励矿工更喜欢她的交易。我们证明这可以通过修补比特币客户端轻松实现，并使用博弈论工具定性地收紧此类贿赂攻击的已知成本界限。我们证明这样的优化很容易实现，使矿工成为 MAD-HTLC 的自然执行者。最后，我们展示了 HTLC 对贿赂攻击的脆弱性。攻击者可以通过提供高额交易费用来激励矿工更喜欢她的交易。我们证明这可以通过修补比特币客户端轻松实现，并使用博弈论工具定性地收紧此类贿赂攻击的已知成本界限。