CN-121998643-A - Universal atomic cross-chain exchange method for relieving suspension attack

Abstract

The invention discloses a universal atom cross-chain exchange method for relieving suspension attacks. Aiming at the problem that the existing signature-based cross-chain exchange scheme is easy to be blocked by participants, so that the asset locking or exchange fails, the invention provides a SHIELDSWAP scheme. The method is characterized in that a reverse freezing mechanism is designed, an attack motivation of an aborter is restrained by enabling the aborter to face a longer locking time, all signature promise steps are completed under a chain after a work flow is recombined, early on-chain locking risks are avoided, and finally, a fair completion mechanism is adopted to ensure that final exchange signatures can be independently generated after freezing the assets of both parties. The invention is based on adapter signature and verifiable general primitives such as discrete logarithm time, does not depend on script function of specific chains, has high safety and strong universality, can effectively ensure atomicity and fairness of cross-chain exchange, and is suitable for decentralization asset exchange scenes among various block chains.

Inventors

• SONG HAOYANG
• GUO YIHAO
• XU MINGHUI

Assignees

• 山东大学

Dates

Publication Date

20260508

Application Date

20260127

Claims (12)

1. 1. A universal atomic cross-chain exchange method for relieving suspension attack is characterized by comprising the steps of constructing based on verifiable discrete logarithm time and adapter signature primitive, relating to a first party With a second participant A cross-chain asset exchange between, the method comprising: The preparation stage: and (3) with Co-generation of a first joint address under a chain by two-party secure computation With a second combined address And based on the respectively selected adapter witness pairs And Generating public adapter declarations Both parties utilize an adapter signing algorithm to Exchange transactions for transferring assets from the federated address to a counterpart designated address as a parameter Performing an off-chain pre-signature, wherein, And The adapter chosen for both parties witnessed, And Corresponding witness data respectively; locking phase-two-step frozen transaction under-chain construction and pre-signing of both parties, the transaction including a process for separating the own asset from the original address Or (b) Locking to an intermediate federated address And Is to freeze the transaction in the first step And a second step reverse freeze transaction for final locking of an asset from the intermediate federated address to the first or second federated address Wherein the said The transaction is designed to reveal a partial adapter witness after broadcasting on its chain Or (b) ; Completion stage, two parties issue the said in order on the chain And (3) with Transaction, through extracting part of witness from the transaction signature on the chain, both parties can independently calculate complete adapter witness And then each issue a complete signed Transaction, namely completing asset interchange; timeout stage if one party issues under no contract in locking stage If the transaction is aborted, then the other party opens forcefully with verifiable discrete log-time primitives after a contracted timeout Algorithm for recovering and broadcasting refund transaction To safely retrieve the own asset.
2. 2. The method according to claim 1, characterized in that said preparation phase comprises in particular: and (3) with Three consistent time parameters are negotiated, a final exchange completion deadline T, On-chain freeze operation deadline And (d) sum On-chain freeze operation deadline Wherein it is satisfied that ; Specifying maximum latency of exchange transactions during exchange completion phase And Then respectively appoint in the blockchain ledger And Maximum wait time for a frozen token; Both parties each generate a partial private key for the federated address 、 、 And And obtaining the joint address through calculation of two parties And ; Both parties exchange respective adapter declaration portions Calculating to obtain public adapter statement ; For the following In a blockchain Assets on Both parties pre-sign exchange transactions together Wherein Is that For the collection address of (a) In a blockchain Assets on Both parties pre-sign exchange transactions together Wherein Is that Is a receipt address of (c).
3. 3. The method according to claim 2, characterized in that the locking phase comprises in particular: both parties generate intermediate federated addresses And And defines: the first step is to freeze the transaction: 、 ; And step two, reverse freezing transaction: 、 ; declaration using a common adapter For a pair of Pre-signing, use Is that Pre-signing, wherein Is a group consisting of Generates and sends to Is described in (a) is provided.
4. 4. A method according to claim 3, wherein the completion phase is performed in the following order: At the time of Before the time of this, the process is carried out, Publishing , Publishing ; Observe that After the uplink, an adapter signature extraction algorithm is used Extracting witness from its signature And utilize To pre-sign Adapting to obtain a complete signature In the following Front release ; Observe that After being trained, use Algorithm extraction witness And utilize To pre-sign Adapting to obtain a complete signature In the following Front release The transaction is simultaneously directed to Revealing witness ; Both sides are obtaining And (3) with After that, independently calculate And utilize Exchange transactions for pre-signatures Adapting to obtain a complete signature, in Previously issued separately And And (5) completing asset interchange.
5. 5. The method according to any one of claims 1-4, wherein the timeout period is specifically: If it is Issue out While Unpublished Then At the position of After timeout, a verifiable discrete log time primitive is invoked Algorithm for recovering refund transaction And broadcast; If it is Issue out While Unpublished Then After a corresponding timeout, call Algorithm for recovering refund transaction And broadcast.
6. 6. A system for implementing the universal atomic cross-chain exchange method for mitigating aborted attacks in accordance with any one of claims 1-5, characterized in that the system comprises: Parameter negotiation and pre-signing module for making And (3) with Completing time parameter negotiation, joint address generation and public adapter statement calculation under the chain, and carrying out off-chain pre-signing and verification on all exchange transactions; an under-chain lock construction module for constructing a transaction structure comprising a two-step freezing operation, generating and managing a corresponding pre-signature, and integrating a reverse freezing mechanism by freezing the transaction in a second step The timeout expiration time of (2) is set far after the first step frozen transaction Is implemented by the deadline of (2); The on-chain execution and fairness completion module is used for controlling the two parties to sequentially issue on-chain transactions, extracting partial adapter witness from issued transactions and ensuring that the two parties can independently generate complete signatures of final exchange transactions after two-step freezing is completed; And the overtime monitoring and asset security recovery module is used for monitoring the issuing state of the transaction of the other party, triggering the forced recovery function of the verifiable discrete logarithm time primitive after overtime when the suspension behavior is detected, and generating and broadcasting refund transaction.
7. 7. The system of claim 6, wherein the parameter negotiation and pre-signing module comprises: a time parameter negotiation unit for just 、 、 Agree on; Combined address generation unit based on verifiable discrete logarithm time VTD algorithm And (3) with Securely co-generating a joint address And (3) with ; An adapter management unit for generating, exchanging and calculating adapter declarations And ; Pre-signing unit, calling adapter signing algorithm Generating a pre-signature of an exchange transaction And call up And (5) performing verification.
8. 8. The system according to claim 6, wherein the under-chain lock building module specifically comprises: An intermediate address generation unit for generating transitional intermediate joint addresses And ; Two-step transaction construction units for respectively constructing Transaction and transaction Transaction; pre-signing and incentive constraint unit using different adapter claim pairs The transaction is pre-signed and its timeout is set to Make it far longer than Expiration time of transaction Or (b) Thus constituting a reverse freeze stimulus.
9. 9. The system of claim 6, wherein the chain execution and fairness completion module comprises: Transaction issuing and scheduling unit according to And (3) with Time sequence of (2) control of And (3) with Issuing a transaction; Witness extraction and adaptation unit and integrated adapter signature algorithm And (3) with Extracting part of witness from the on-chain transaction and adapting to generate a subsequent transaction signature; Independent calculation and completion units, issued on both sides After transaction, each party can calculate independently And finally complete all Signing and publishing of transactions.
10. 10. The system of claim 6, wherein the timeout monitoring and asset security recovery module specifically comprises: Transaction state monitoring unit for continuously monitoring blockchain to confirm whether counterpart is in existence Or (b) Previously promulgated the contract Transaction; a forced recovery triggering unit for triggering verifiable discrete logarithm time primitive at local timeout moment when monitoring that the opposite party does not issue transaction on time An algorithm; secure refund execution unit, utilizing Algorithm-recovered secrets, constructs and broadcasts refund transactions Ensuring that the asset can be retracted under a peer abort attack.
11. 11. A non-volatile storage medium, characterized in that the non-volatile storage medium comprises a stored program, wherein the program, when run, controls a device in which the non-volatile storage medium is located to perform the method of any one of claims 1 to 5.
12. 12. A terminal device, characterized in that the terminal device comprises a processor, a memory, a communication interface and a bus, the processor, the memory and the communication interface being connected via the bus and performing communication with each other, the memory storing executable program code, the processor running a program corresponding to the executable program code by reading the executable program code stored in the memory for performing the method according to any of the preceding claims 1-5.

Description

Universal atomic cross-chain exchange method for relieving suspension attack Technical Field The invention relates to a switching method, in particular to a universal atom cross-chain switching method for relieving a suspension attack. Background With the rapid development and diversification of the blockchain technology, the global encryption currency variety and the blockchain quantity are increased, so that the assets and data on the chain are scattered in different systems, a remarkable 'data island' problem is formed, and the ecological interconnection and intercommunication and wide application of the blockchain are seriously restricted. Under the background, the cross-chain exchange technology is generated, and becomes a key primitive for realizing asset exchange among different blockchains, and the core of the cross-chain exchange technology is to ensure the atomicity of the transaction, namely to ensure that the transaction is completed successfully or rolled back in a complete failure way, so that the fairness and the safety of the transaction are maintained. In recent years, the scale of cross-chain transactions has shown explosive growth, further highlighting the urgent need for efficient, secure and versatile cross-chain exchange methods. To meet the above needs, the prior art has developed mainly two types of decentralised cross-chain exchange schemes, script-based schemes and signature-based schemes. Script-based schemes, represented by Hash Time Lock Contracts (HTLCs), guarantee atomicity by presetting Ha Xisuo and time lock mechanisms. For example ,CrossChannel（X. Luo, K. Xue, Q. Sun, and J. Lu, "Crosschannel: Efficient and scalable cross-chain transactions through cross-and-off-blockchain micropayment channel," IEEE Transactions on Dependable and Secure Computing, 2024.） improves transaction extensibility ;Jia（X. Jia, Z. Yu, J. Shao, R. Lu, G. Wei, and Z. Liu, "Cross-chain virtual payment channels," IEEE Transactions on Information Forensics and Security, vol. 18, pp. 3401–3413, 2023.） by constructing a cross-chain channel, and the like designs a virtual payment channel for connecting bitcoin and ethernet to reduce on-chain validation overhead ;Tsabary （ I. Tsabary, M. Yechieli, A. Manuskin, and I. Eyal, "Mad-htlc: because htlc is crazy-cheap to attack," in 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 2021, pp. 1230–1248.）, and the like, which proposes MAD-HTLC to adopt multi-path settlement to resist incentive manipulation, while zkCross（Y. Guo, M. Xu, X. Cheng, D. Yu, W. Qiu, G. Qu, W. Wang, and M. Song, "zkcross: A novel architecture for cross-chain privacypreserving auditing," in 33rd USENIX Security Symposium (USENIX Security 24), 2024, pp. 6219–6235.） realizes cross-chain audit with privacy protection capability by using zero knowledge proof. While such schemes perform well on specific chains, they rely on blockchain scripting or smart contract functionality, resulting in limited versatility and difficulty in adapting to chains lacking flexible scripting support, such as Zcash, ripple, monero. Compared with the method, the scheme based on the signature realizes cross-chain exchange by expanding or modifying a digital signature algorithm, and has better portability and universality. Primitives such as ,Thyagarajan （S. A. Thyagarajan, G. Malavolta, and P. Moreno-Sanchez, "Universal atomic swaps: Secure exchange of coins across all blockchains," in 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 2022, pp. 1299–1316.） et al use adapter signatures to propose a generic atomic exchange protocol ;PipeSwap （P. Ni, A. Tian, and J. Xu, "Pipeswap: Forcing the timely release of a secret for atomic cross-chain swaps," in 2025 IEEE Symposium on Security and Privacy (SP). IEEE, 2025.） applicable to all blockchains to provide an improved mechanism for timing flaws of secret release in this scheme, while SLEEPY CHANNEL extends its idea into the payment channel to promote scalability. The technology is practically applied to a plurality of platforms such as Komod o and Firo and cross-chain bridges such as Cosmos, and becomes one of core technologies for realizing cross-chain exchange at present. However, despite advances in versatility, signature-based schemes still face significant security and usability challenges in practical implementations, particularly susceptible to "abort attacks". In such an attack scenario, the participants may fail the entire exchange process by delaying or refusing to fulfill critical obligations (e.g., freezing the asset, releasing signature material, broadcasting the transaction, or executing refunds), resulting in the asset being locked for a long period of time and failing to complete the intended exchange. The existing scheme has not been able to systematically eliminate the motivation and feasibility of such attacks in mechanism design, and has also been lacking in a robust mechanism for guaranteeing that the honest party can still complete exch