Unser Paper "Towards faster settlement in HTLC-based Cross-Chain Atomic Swaps" (Authorin: Subhra Mazumdar) wurde bei der 4th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS) angenommen.

Das Paper ist als Preprint verfügbar.

Abstract: Hashed Timelock (HTLC)-based atomic swap protocols enable the exchange of coins between two or more parties without relying on a trusted entity. This protocol is like the American call option without premium. It allows the finalization of a deal within a certain period. This puts the swap initiator at liberty to delay before deciding to proceed with the deal. If she finds the deal unprofitable, she just waits for the timeperiod of the contract to elapse. However, the counterparty is at a loss since his assets remain locked in the contract. The best he can do is to predict the initiator’s behavior based on the asset’s price fluctuation in the future. But it is difficult to predict as cryptocurrencies are quite volatile, and their price fluctuates abruptly. We perform a game theoretic analysis of HTLC-based atomic cross-chain swap to predict whether a swap will succeed or not. From the strategic behavior of the players, we infer that this model lacks fairness. We propose Quick Swap, a two-party protocol based on hashlock and timelock that fosters faster settlement of the swap. The parties are required to lock griefing-premium along with the principal amount. If the party griefs, he ends up paying the griefing-premium. If a party finds a deal unfavorable, he has the provision to cancel the swap. We prove that Quick Swap is more participant-friendly than HTLCbased atomic swap. Our work is the first to propose a protocol to ensure fairness of atomic-swap in a cyclic multi-party setting.


Unser Paper "LightSwap: An Atomic Swap does not Require Timeouts at Both Blockchains" (Authoren: Philipp Hoenisch, Subhra Mazumdar, Pedro Moreno-Sanchez, und Sushmita Ruj) wurde beim 6th International Workshop on Cryptocurrencies and Blockchain Technology (CBT) angenommen.

Das Paper ist als Preprint verfügbar.

Abstract: Security and privacy issues with centralized exchange services have motivated the design of atomic swap protocols for decentralized trading across currencies. These protocols follow a standard blueprint similar to the 2-phase commit in databases: (i) both users first lock their coins under a certain (cryptographic) condition and a timeout; (ii-a) the coins are swapped if the condition is fulfilled; or (ii-b) coins are released after the timeout. The quest for these protocols is to minimize the requirements from the scripting language supported by the swapped coins, thereby supporting a larger range of cryptocurrencies. The recently proposed universal atomic swap protocol [IEEE S&P’22] demonstrates how to swap coins whose scripting language only supports the verification of a digital signature on a transaction. However, the timeout functionality is cryptographically simulated with verifiable timelock puzzles, a computationally expensive primitive that hinders its use in battery-constrained devices such as mobile phones. In this state of affairs, we question whether the 2-phase commit paradigm is necessary for atomic swaps in the first place. In other words, is it possible to design a secure atomic swap protocol where the timeout is not used by (at least one of the two) users?

In this work, we present LightSwap, the first secure atomic swap protocol that does not require the timeout functionality (not even in the form of a cryptographic puzzle) by one of the two users. LightSwap is thus better suited for scenarios where a user, running an instance of LightSwap on her mobile phone, wants to exchange coins with an online exchange service running an instance of LightSwap on a computer. We show how LightSwap can be used to swap Bitcoin and Monero, an interesting use case since Monero does not provide any scripting functionality support other than linkable ring signature verification.


Wir freuen uns sehr, Ihnen heute mitteilen zu können, dass die Christian Doppler Forschungsgesellschaft der Verlängerung von CDL-BOT für die nächsten drei Jahre zugestimmt hat. In den letzten zwei Jahren hat unser Team viel Mühe aufgewendet, um exzellente Forschungsergebnisse für Distributed-Ledger-Technologien und das Internet der Dinge bereitzustellen. Während dieser Zeit konnten wir eine Reihe von Artikeln bei führenden Konferenzen und Journals veröffentlichen. Gemeinsam mit unseren Industriepartnern werden wir weiterhin an offenen Problemen arbeiten, die die weit verbreitete Einführung von Blockchain-Technologie in der realen Welt erschweren, um ihr wahres Potenzial freizusetzen.

Wir danken der Christian Doppler Forschungsgesellschaft für die Unterstützung und Anerkennung unserer Arbeit. Wir möchten uns auch bei unseren Industriepartnern Pantos und IOTA für die großartige Zusammenarbeit bedanken und freuen uns auf die Zusammenarbeit in den nächsten drei Jahren.


Unser Paper "Thora: Atomic And Privacy-Preserving Multi-Channel Updates" (Authors: Lukas Aumayr, Kasra Abbaszadeh, and Matteo Maffei) wurde auf der 29th ACM Conference on Computer and Communications Security (CCS) angenommen.

Das Paper ist als Preprint verfügbar.

Abstract: Most blockchain-based cryptocurrencies suffer from a heavily limited transaction throughput, which is a barrier to their growing adoption. Payment channel networks (PCNs) are one of the most promising solutions to this problem. PCNs reduce the on-chain load of transactions and increase the throughput by processing many payments off-chain. In fact, any two users connected via a path of payment channels (i.e., joint addresses between the two channel end-points) can perform payments and the underlying blockchain is used only when there is a dispute between users. Unfortunately, payments in PCNs can only be conducted securely along a path, which prevents the design of many interesting applications. Moreover, the most widely used implementation, the Lightning Network in Bitcoin, suffers from a collateral lock time linear in the path length, it is affected by security issues, and it relies on specific scripting features called Hash Timelock Contracts that restricts its applicability.

In this work, we present Thora, the first Bitcoin-compatible off-chain protocol that enables atomic multi-channel updates across generic topologies beyond paths. Thora allows payments through distinct PCNs sharing the same blockchain and enables new applications such as secure and trustless crowdfunding, mass payments, and channel rebalancing in off-chain ways. Our construction requires only constant collateral and no specific scripting functionalities other than digital signatures and timelocks, thereby being applicable to a wider range of blockchains. We formally define security and privacy in the Universal Composability framework and show that our cryptographic protocol is a realization thereof. In our performance evaluation we show that our construction requires constant collateral, is independent of the number of channels, and has only a moderate off-chain communication as well as computation overhead.


Unser Paper "Sleepy Channels: Bitcoin-Compatible Bi-directional Payment Channels without Watchtowers" (Authors: Lukas Aumayr, Sri AravindaKrishnan Thyagarajan, Giulio Malavolta, Pedro Moreno-Sanchez, and Matteo Maffei) wurde auf der 29th ACM Conference on Computer and Communications Security (CCS) angenommen.

Das Paper ist als Preprint verfügbar.

Abstract: Payment channels (PC) are a promising solution to the scalability issue of cryptocurrencies, allowing users to perform the bulk of the transactions off-chain without needing to post everything on the blockchain. Many PC proposals however, suffer from a severe limitation: Both parties need to constantly monitor the blockchain to ensure that the other party did not post an outdated transaction. If this event happens, the honest party needs to react promptly and engage in a punishment procedure. This means that prolonged absence periods (e.g., due to a power outage) may be exploited by malicious users. As a mitigation, the community has introduced watchtowers, a third-party monitoring the blockchain on behalf of off-line users. Unfortunately, watchtowers are either trusted, which is critical from a security perspective, or they have to lock a certain amount of coins, called collateral, for each monitored PC in order to be held accountable, which is financially infeasible for a large network.

We present Sleepy Channels, the first bi-directional PC protocol without watchtowers (or any other third party) that supports an unbounded number of payments and does not require parties to be persistently online. The key idea is to confine the period in which PC updates can be validated on-chain to a short, pre-determined time window, which is where the PC parties have to be online. This behavior is incentivized by letting the parties lock a collateral in the PC, which can be adjusted depending on their mutual trust and which they get back much sooner if they are online during this time window.
Our protocol is compatible with any blockchain that is capable of verifying digital signatures (e.g., Bitcoin), as shown by our proof of concept. Moreover, Sleepy Channels impose a communication and computation overhead similar to state-of-the-art PC protocols while removing watchtower's collateral and fees for the monitoring service.


Unser Paper "Foundations of Coin Mixing Services" (Authors: Noemi Glaeser, Matteo Maffei, Giulio Malavolta, Pedro Moreno-Sanchez, Erkan Tairi, Sri AravindaKrishnan Thyagaraja) wurde auf der 29th ACM Conference on Computer and Communications Security (CCS) angenommen.

Das Paper ist als Preprint verfügbar.

Abstract: Coin mixing services allow users to mix their cryptocurrency coins and thus enable unlinkable payments in a way that prevents tracking of honest users’ coins by both the service provider and the users themselves. The easy bootstrapping of new users and backwards compatibility with cryptocurrencies (such as Bitcoin) with limited support for scripts are attractive features of this architecture, which has recently gained considerable attention in both academia and industry. A recent work of Tairi et al. [IEEE S&P 2021] formalizes the notion of a coin mixing service and proposes A2L, a new cryptographic protocol that simultaneously achieves high efficiency and interoperability. In this work, we identify a gap in their formal model and substantiate the issue by showing two concrete counterexamples: we show how to construct two encryption schemes that satisfy their definitions but lead to a completely insecure system. To amend this situation, we investigate secure constructions of coin mixing services. First, we develop the notion of blind conditional signatures (BCS), which acts as the cryptographic core for coin mixing services. We propose game-based security definitions for BCS and propose A2L+, a modified version of the protocol by Tairi et al. that satisfies our security definitions. Our analysis is in an idealized model (akin to the algebraic group model) and assumes the hardness of the one-more discrete logarithm problem. Finally, we propose A2LUC, another construction of BCS that achieves the stronger notion of UC-security (in the standard model), albeit with a significant increase in computation cost. This suggests that constructing a coin mixing service protocol secure under composition requires more complex cryptographic machinery than initially thought.


Unser Paper "Towards a Game-Theoretic Security Analysis of Off-Chain Protocols (Authors: Sophie Rain, Georgia Avarikioti, Laura Kovács, Matteo Maffei) wurde auf der 36th IEEE Computer Security Foundations Symposium (CSF 2023) angenommen.

Das Paper ist als Preprint verfügbar.

Abstract: Off-chain protocols constitute one of the most promising approaches to solve the inherent scalability issue of blockchain technologies. The core idea is to let parties transact on-chain only once to establish a channel between them, leveraging later on the resulting channel paths to perform arbitrarily many peer-to-peer transactions off-chain. While significant progress has been made in terms of proof techniques for off-chain protocols, existing approaches do not capture the game-theoretic incentives at the core of their design, which led to overlooking significant attack vectors like the Wormhole attack in the past. In this work we take a first step towards a principled game-theoretic security analysis of off-chain protocols by introducing the first game-theoretic model that is expressive enough to reason about their security. We advocate the use of Extensive Form Games (EFGs) and introduce two instances of EFGs to capture security properties of the closing and the routing of the Lightning Network. Specifically, we model the closing protocol, which relies on punishment mechanisms to disincentivize parties to upload old channel states on-chain. Moreover, we model the routing protocol, thereby formally characterizing the Wormhole attack, a vulnerability that undermines the fee-based incentive mechanism underlying the Lightning Network.


Unser Paper "Advancing Blockchain-based Federated Learning through Verifiable Off-chain Computations" (Authors: Jonathan Heiss, Elias Grünewald, Nikolas Haimerl, Stefan Schulte, Stefan Tai) wurde auf der 5th IEEE International Conference on Blockchain (Blockchain 2022) angenommen.

Das Paper ist als Preprint verfügbar.

Abstract: Federated learning may be subject to both global aggregation attacks and distributed poisoning attacks. Blockchain technology along with incentive and penalty mechanisms have been suggested to counter these. In this paper, we explore verifiable off-chain computations using zero-knowledge proofs as an alternative to incentive and penalty mechanisms in blockchain-based federated learning. In our solution, learning nodes, in addition to their computational duties, act as off-chain provers submitting proofs to attest computational correctness of parameters that can be verified on the blockchain. We demonstrate and evaluate our solution through a health monitoring use case and proof-of-concept implementation leveraging the ZoKrates language and tools for smart contract-based on-chain model management. Our research introduces verifiability of correctness of learning processes, thus advancing blockchain-based federated learning.


Unser Paper "Cohort-based federated learning services for industrial collaboration on the edge" (Authors: Thomas Hiessl, Safoura Rezapour Lakani, Jana Kemnitz, Daniel Schall, Stefan Schulte) wurde für das Journal of Parallel and Distributed Computing angenommen.

Das Paper ist als Preprint verfügbar.

Abstract: Machine Learning (ML) is increasingly applied in industrial manufacturing, but often performance is limited due to insufficient training data. While ML models can benefit from collaboration, due to privacy concerns, individual manufacturers often cannot share data directly. Federated Learning (FL) enables collaborative training of ML models without revealing raw data. However, current FL approaches fail to take the characteristics and requirements of industrial clients into account.

In this work, we propose an FL system consisting of a process description and a software architecture to provide FL as a Service (FLaaS) to industrial clients deployed to edge devices. Our approach deals with skewed data by organizing clients into cohorts with similar data distributions. We evaluated the system on two industrial datasets. We show how the FLaaS approach provides FL to client processes by considering their requests submitted to the Industrial Federated Learning (IFL) Services API. Experiments on both industrial datasets and different FL algorithms show that the proposed cohort building can increase the ML model performance notably.


Der Leiter von CDL-BOT, Prof. Stefan Schulte, wurde für einen Artikel über Blockchaininteroperabilität im IEEE Spectrum interviewt. IEEE Spectrum ist das offizielle Magazin des Institute of Electrical and Electronics Engineers und wird den IEEE-Mitgliedern monatlich in mehr als 350.000 Exemplaren zur Verfügung gestellt

In dem vom Wissenschaftsautor Edd Gent verfassten Artikel werden einem breiteren Publikum grundlegende Informationen geboten, warum Blockchaininteroperabilität ein hochaktuelles Thema ist und welche technischen Ansätze es zur Lösung dieses Problems gibt.


Mit großer Freude verkünden wir, dass unser Paper "A Voting-Based Blockchain Interoperability Oracle" von Michael Sober, Giulia Scaffino, Christof Spanring und Stefan Schulte auf der 4th IEEE International Conference on Blockchain (Blockchain 2021) als "Regular Paper" angenommen wurde. In dieser Arbeit stellen die Authoren ein Blockchain Oracle vor, dass es ermöglicht Informationen zwischen verschiedenen Blockchains auszutauschen.
Das Paper ist als Preprint verfügbar.
Abstract: Today's blockchain landscape is severely fragmented as more and more heterogeneous blockchain platforms have been developed in recent years. These blockchain platforms are not able to interact with each other or with the outside world since only little emphasis is placed on the interoperability between them. Already proposed solutions for blockchain interoperability such as naive relay or oracle solutions are usually not broadly applicable since they are either too expensive to operate or very resource-intensive.

For that reason, we propose a blockchain interoperability oracle that follows a voting-based approach based on threshold signatures. The oracle nodes generate a distributed private key to execute an off-chain aggregation mechanism to collectively respond to requests. Compared to state-of-the-art relay schemes, our approach does not incur any ongoing costs and since the on-chain component only needs to verify a single signature, we can achieve remarkable cost savings compared to conventional oracle solutions.


Wir freuen uns, Ihnen mitteilen zu können, dass unser Paper "Decentralized Cross-Blockchain Asset Transfers" von Marten Sigwart, Philipp Frauenthaler, Christof Spanring, Michael Sober und Stefan Schulte zur Präsentation auf der 3rd International Conference on Blockchain Computing and Applications (BCCA2021) angenommen wurde. In dieser Arbeit stellen die Autoren die Anforderungen, eine Spezifikation und eine prototypische Implementierung eines Blockchain-übergreifenden Asset-Transfer-Protokolls bereit.
Das Paper ist als Preprint erhältlich.
Abstract: Today, several solutions for cross-blockchain asset transfers exist. However, these solutions are either tailored to specific assets or neglect finality guarantees that prevent assets from getting lost in transit.
In this paper, we present a cross-blockchain asset transfer protocol that supports arbitrary assets and adheres to finality requirements. The ability to freely transfer assets between blockchains may increase transaction throughput and provide developers with more flexibility by allowing them to design digital assets that leverage the capacities and capabilities of multiple blockchains.


Wir gratulieren Stefan Schulte zu seiner neuen Position als Full Professor an der TU Hamburg. Im Zuge dessen wurde das CD-Labor an die TU Hamburg transferiert und ein zusätzliches externes Modul an der TU Wien eingerichtet.

Das an der TU Hamburg angesiedelte Modul Cross-Blockchain Transactions wird von Dr.-Ing. Stefan Schulte geleitet und konzentriert sich auf Blockchain-übergreifende Aspekte, wie beispielsweise Blockchain-übergreifende Kommunikation. Des Weiteren wird grundlegende Forschung im Bereich von Entwicklerunterstützung geleistet.

Das Modul Lightweight Blockchain Protocols ist an der TU Wien angesiedelt und wird von Dr. Matteo Maffei geleitet. Hierbei liegt der Fokus auf der Erforschung von leichtgewichtigeren Interoperabilitätslösungen, Verifizierung von Smart Contracts und Sharding von DTLs.

Während sich die Struktur von CDL-Bot geändert hat, bleiben die zugrunde liegenden Forschungsfragen unverändert, jedoch können durch die neue Struktur weitere Aspekte der Forschung betrachtet werden. Wir freuen uns über die neuen Möglichkeiten und die zukünftigen Schritte die dadurch gemacht werden können.


Das Paper "Towards Cross-Blockchain Smart Contracts" von Markus Nissl, Emanuel Sallinger, Stefan Schulte und Michael Borkowski wurde auf der 3rd IEEE International Conference on Decentralized Applications and Infrastructures angenommen. In diesem Paper präsentieren wir einen ersten Ansatz, um Interoperabilität zwischen Smart Contracts, die auf unterschiedlichen Ethereum Virtual Machines laufen, herzustellen.

Das Paper ist als Preprint verfügbar.

(Englischsprachiger) Abstract:

In recent years, manifold blockchain protocols have been proposed by researchers and industrial companies alike. This has led to a very heterogeneous blockchain landscape. Accordingly, it would be desirable if blockchains could interact with each other. However, current blockchain technologies offer only limited support for interoperability, thus preventing tokens or smart contracts from leaving the scope of a particular blockchain.

As a first step towards a solution for cross-chain smart contract interactions, we introduce a framework which allows to invoke a smart contract from another blockchain. We offer support for continuing a smart contract after receiving a result from a different blockchain, and for calling smart contracts recursively across blockchains. We provide a reference implementation for Ethereum-based blockchains using Solidity and evaluate the performance regarding time and cost overheads.


Im Rahmen des IOTA Forschungssymposiums 2021 hat Stefan Schulte am 30.07 einen Vortrag zu DLT-Interoperabilität gehalten. In seiner Präsentation wurde zunächst eine kurze Einführung in CDL-BOT gegeben, um dann auf die unterschiedlichen Methoden, wie die Grenzen zwischen in sich geschlossenen DLTs aufgebrochen werden können, einzugehen. Eine Aufzeichnung der Präsentation ist auf Youtube verfügbar.


Der Leiter von CDL-BOT, Stefan Schulte, wurde vom Magazin "Wien Wissen" im Hinblick auf seine Forschung zu Blockchaintechnologien für das Internet of Things interviewt. Der daraus resultierende Artikel über Blockchainforschung an der TU Wien ist unter zu finden.


Am 04.05.2021 war Stefan Schulte (Leiter von CDL-BOT) Teilnehmer der Online-Diskussionsrunde Cross Chain Operations, welche im Rahmen der IEEE International Conference on Blockchain and Cryptocurrency organisiert wurde. Die übrigen Mitglieder der Runde waren Peter Robinson (ConsenSys & The University of Queensland), Ying Xue (Brown University) und Raghvendra Ramesh (ConsenSys), Moderator war David Hyland-Wood (Bits-Core). Thema der Diskussion waren aktuelle Trends und zukünftige Entwicklungen im Bereich Blockchain-Interoperabilität.


Präsentation beim Austrian Blockchain Center

Stefan Schulte (CDL-BOT), Christof Spanring und Philip Gahler (Pantos GmbH) präsentierten am 29.04.2021 generelle Ansätze zur Interoperabilität für Distributed Ledger Technologien im Rahmen der Talk-Reihe des Austrian Blockchain Centers. Mit ca. 300 Zuhörern war die Veranstaltung sehr gut besucht. Ein Video der Präsentation ist auf Youtube verfügbar.


Feierliche Eröffnung des Christian Doppler Labors

Das Christian Doppler Labor für Blockchaintechnologien für das Internet der Dinge wurde heute feierlich eröffnet. Aufgrund der aktuellen Corona-Pandemie wurde die Eröffnung online durchgeführt. Mehr als 650 Zuseher hörten Vorträge von Wirtschafts- und Forschungsministerin Dr. Margarete Schramböck, der Rektorin der Technischen Universität Wien, Dr. Sabine Seidler, dem Leiter des Christian Doppler Labors, Dr.-Ing. Stefan Schulte, sowie Dominik Schiener (Co-Founder IOTA) und Eric Demuth (CEO Bitpanda und Pantos).


Best Paper Award der IEEE Blockchain 2020

Wir beglückwünschen Tamara Brandstätter, Stefan Schulte, Jürgen Cito und Michael Borkowski für die Auszeichnung mit dem Best Paper Award der 3rd IEEE International Conference on Blockchain für das Paper "Characterizing Efficiency Optimizations in Solidity Smart Contracts".

Paper Download

Präsentation von 2 Papern auf der IEEE Blockchain 2020

Die Paper "Characterizing Efficiency Optimizations in Solidity Smart Contracts" und "ETH Relay: A Cost-Efficient Relay for Ethereum-Based Blockchains" wurden von Dr.-Ing. Stefan Schulte auf der 3rd IEEE International Conference on Blockchain präsentiert. Es handelt sich bei dieser Konferenz um die wichtigste Konferenz für Blockchain-Forscher. Im Jahr 2020 betrug die Annahmequote 16%.


Offizieller Start von CDL-BOT

Wir freuen uns sehr, dass heute das Christian Doppler Labor Blockchaintechnologien für das Internet der Dinge (CDL-BOT) offiziell gestartet ist. Wir bedanken uns insbesondere bei unseren Partnern Pantos und IOTA sowie der Christian Doppler Forschungsgesellschaft für die Unterstützung. Wir freuen uns auf wegweisende Forschung im Bereich Blockchains und Distributed Ledger Technologies (DLTs) für das IoT.