Foundations of Generalized State Channel Networks

Abstract

Since the introduction of Bitcoin in 2008, cryptocurrencies have received considerable attention; not only for their decentralized nature but also for the ability to facilitate conditional payments. For example, Ethereum supports smart contracts, which are self-executing agreements written in program code that can control coins and hence serve as building blocks for various applications. However, there are fundamental challenges in existing cryptocurrencies, one of which is scalability. As all transactions are processed and stored on a distributed ledger -- the so-called blockchain -- transaction throughput is inherently limited. An important proposal to significantly improve scalability is to utilize payment channel networks, which allow users to perform payments in an off-chain manner. We extend the functionality of payment channel networks in several directions, thereby significantly enlarge the class of applications that can be performed off-chain. Firstly, we generalize the idea of payment channels and construct state channels that allow two parties to execute multiple smart contracts in an off-chain manner. Moreover, we show that any subset of n parties in a state channel network can create a multi-party virtual state channel and execute n-party smart contracts without any blockchain interaction. We follow a modular design approach and formally define the security guarantees provided by the developed state channel framework using the Universal Composability (UC) model of Cannetti. Secondly, we focus on blockchain systems that do not support execution of smart contracts, such as Bitcoin, and construct generalized channels. Analogously to state channels, generalized channels inherit the functionality of the underlying blockchain and hence form a two-party ledger. We again utilize the UC model to formally define the achieved security guarantees. Furthermore, we demonstrate that off-chain smart contract execution over Bitcoin is possible if we additionally assume that one of the involved parties owns a trusted execution environment. Finally, we present a provably secure protocol for payment routing in a payment channel network. Our protocol allows intermediaries on the path to split the routed payment and choose the next hop for each partial payment separately. The combination of local routing and on-path splitting significantly increases the success probability of routed payments, especially when the transferred value is large.