Scalability has been a key number within the Bitcoin community for good over a twelvemonth now.
Amongst the most promising innovations beingness developed are bidirectional payment channels. These tin move extended to the Lightning Network, allowing users to transact securely alongside minimal footprint on the blockchain. Performance of these solutions would move significantly improved by Segregated Witness, the protocol upgrade proposed past times the Bitcoin Core evolution team. However, the Segregated Witness soft fork has non activated yet.
Last week, 4 researchers from Imperial College London and Cornell University — Joshua Lind, Ittay Eyal, Peter Pietzuch as well as Emin Gün Sirer — proposed a unlike payment channel solution. Loosely resembling the OtherCoin concept, the researchers published a white paper detailing their implementation, dubbed “Teechan,” as well as successfully tested an early on version of the software.
Speaking to Bitcoin Magazine, Eyal said he believes Teechan is superior to the proposed alternatives.
“Teechan is to a greater extent than efficient than other payment channels. It’s faster to consummate a payment, as well as allows for to a greater extent than payments per second,” the Cornell University researcher said. “Plus, it doesn’t involve whatever changes to the electrical flow Bitcoin protocol.”
The Good Ol’ Payment Channel
In essence, Bitcoin payment channels are only multisignature (“multisig”) addresses, but leveraged inwards clever ways.
Let’s say Alice as well as Bob desire to opened upwards a payment channel betwixt them. To do so, they do a 2-of-2 multisig address, for which each volition generate as well as command 1 mortal key. Funds from this multisig address tin move spent only if both Alice as well as Bob sign a transaction alongside their mortal keys.
Next, both Alice as well as Bob shipping funds to this address; possibly 1 bitcoin each. This funding transaction is broadcast as well as recorded on the Bitcoin blockchain, therefore the bitcoins are “locked in.”
As such, the “channel state” is 1-1: they both conduct maintain a residue of 1 bitcoin each.
Now, Alice wants to purchase a twosome of shoes from Bob worth 0.1 bitcoins. Instead of sending 0.1 bitcoins to Bob on the blockchain, Alice as well as Bob only handgrip that Bob should instantly teach 1.1 bitcoins from the multisig address, as well as Alice 0.9 bitcoins.
As such, the channel acre is 0.9-1.1. Alice has effectively paid Bob 0.1 bitcoins.
If Alice or Bob (or both) desire to closed the channel, they sign as well as broadcast a transaction from their multisig address, which pays each their part equally determined past times the latest channel state. In this instance 0.9-1.1.
“The beauty of payment channels is that, inwards the meantime, Alice as well as Bob could conduct maintain transacted thousands of times,” Eyal said. “As long equally they don’t broadcast transactions to the Bitcoin network, they tin proceed updating the channel, effectively paying each other ‘off-chain’ equally much equally they want.”
Of course, at that spot are or therefore challenges inwards making all this operate securely. Most important, payment channels involve or therefore sort of solution to ensure that counterparties sign off on a transaction representing the latest channel state. And payment channels involve or therefore sort of solution to ensure that counterparties sign off only on the latest channel state. (If Alice, for example, could broadcast an older channel state, it would permit her to claim the total 1 bitcoin fifty-fifty afterward she bought the shoes.)
Typical bidirectional payment channels solve this occupation inwards novel ways that involve fourth dimension locks as well as other trickery. This works, but inwards or therefore cases it requires a malleability fix (Segregated Witness) — which is soundless awaiting activation.
Lind, Eyal, Pietzuch as well as Sirer suggest a unlike solution.
What’s inwards the Box?
Teechan, which stands for Trusted Execution Environment Channel, is a novel payment channel protocol. Like Bitcoin itself, the solution is based on open-source software: transparent as well as verifiable past times anyone.
But to ensure that Alice or Bob tin broadcast the latest channel acre as well as onlythe latest channel state, Teechan leverages “trusted execution environments” (TEEs). TEEs are secure hardware components included inwards Intel CPUs alongside Software Guard Extensions (SGX); many novel computers conduct maintain them. (See total list here.)
“With SGX TEEs, no 1 tin ‘look inside’ to come across what’s going on. Unencrypted information never leaves the chip, as well as therefore non fifty-fifty the possessor of a figurer alongside an SGX tin notice what these chips are doing; they only come across the terminate result,” Eyal explained.
With Teechan, both Alice as well as Bob outset conduct maintain their ain TEE generate a world as well as mortal key pair. Because these keys are generated within of the TEE, neither Alice nor Bob knows what “their” mortal keys are.
Then, Alice as well as Bob conduct maintain their TEEs connect as well as swap world keys. As such, their TEEs tin truly communicate inwards encrypted form, ensuring that Alice as well as Bob cannot decipher what their TEEs are communicating.
Additionally, Alice as well as Bob conduct maintain both their TEEs generate a Bitcoin mortal key. Again, neither Alice nor Bob know what “their” ain Bitcoin mortal key is; it’s within the TEE.
Alice as well as Bob’s TEEs swap their mortal keys, inwards encrypted cast over their secure channel. So, both TEEs instantly conduct maintain both mortal keys — spell Alice as well as Bob themselves know neither.
Then, alongside these mortal keys, their TEEs found a pretty regular payment channel. They generate a multisig address, which both Alice as well as Bob as well as then fund with, say, 1 bitcoin. This funding transaction is broadcast as well as recorded on the Bitcoin blockchain as well as is “locked in.”
Whenever Alice as well as Bob pay each other, they update the acre of their payment channel, all from within their TEEs. In practice, this only agency their TEEs proceed rail of the channel state. And both TEEs volition update the channel acre only if both Alice as well as Bob agree.
Finally, if Alice wants to closed the channel, her TEE uses both Bitcoin mortal keys to sign a transaction reflecting the latest channel state. This transaction is broadcast to the Bitcoin network, as well as both Alice as well as Bob teach their funds equally determined past times the latest channel state. (If Bob wants to closed the channel, of course, Bob’s TEE signs this closing transaction.)
The TEEs solve both principal payment channel challenges. Since both Alice’s as well as Bob’s TEEs command both Bitcoin mortal keys, they tin ever move certain to teach their funds out. And the argue Alice as well as Bob cannot broadcast older channel states is simple: the Teechan software won’t permit it.
All the Trust That's Required to Make It Work ...
All this truly only leaves 1 problem: Alice could prevarication to Bob well-nigh using a TEE inwards the outset house — or Bob could prevarication to Alice.
Even though they would claim they created their Bitcoin mortal keys within of the TEEs, as well as fifty-fifty though they’d central encrypted messages, they could move doing all of this from a regular CPU. Alice could handgrip on to all of her keys, allowing her to too decrypt Bob’s Bitcoin mortal key. With it, she could accept all the funds from the channel.
This is where a lilliputian chip of trust comes in.
By a procedure called “remote attestation,” Intel — the creator of the SGX CPU that both Alice as well as Bob role — has a trend to verify whether Alice as well as Bob are telling the truth. Using a exceptional mortal key that only Intel should have, the technology companionship tin role the outset bundle Alice as well as Bob shipping across (the encrypted funding transaction), as well as banking concern tally that it was produced both alongside the Teechan software as well as from their TEEs. However, Intel does non teach to come across the the content of the package; it remains encrypted.
If Alice as well as Bob trust Intel non to prevarication to them, they tin move certain their counterparty truly created the funding transaction from their TEEs. Alice as well as Bob tin move certain neither of them know the Bitcoin mortal keys for their shared multisig address.
This plant good if yous trust Intel. Though of course, for this really reason, or therefore Bitcoin purists won’t similar the solution. For one, they don’t desire to conduct maintain to trust anyone, non fifty-fifty Intel. And second, the solution is non alone permissionless: it requires a remote attestation license from Intel, which therefore far has been hard to obtain.
Eyal, however, believes these concerns are overstated.
“Anyone running their Bitcoin software on an Intel motorcar is already placing their trust inwards Intel, therefore trusting the SGX machinery seems natural,” he said. “And if they don’t, at that spot are alternatives TEEs, if 1 prefers or therefore other TEE vendor due to trust or availability considerations. Additionally, the trust is express to the involved parties: the participants inwards the payment channel, as well as the TEE vendor. Anyone exterior the channel — all other Bitcoin users — rest oblivious to the channel structure as well as trust relations involved.”
The postal service The Teechan Solution: Scaling Bitcoin With Trusted Hardware appeared outset on Bitcoin Magazine.
Read More Or root http://ift.tt/2i8qy2K
