Off-Chain Secret Enabled Dynamic Authorisation

Disclaimer: This is a summary of patterns we have observed during our research and should not be considered any form of technical or investment advice. Also, the given “known examples” do not imply they are the best implementations of the said pattern or any superior to any other implementation of the pattern not listed.

Summary

Use a secret created off-chain to bind the authority for a transaction dynamically.

Context

In blockchain-based applications, the party(ies) that can authorise a given activity may be unknown when the corresponding smart contract is deployed or the corresponding transaction is submitted to the blockchain.

Problem

Blockchain does not support dynamic binding with an address of a participant which is not initially defined in the respective transaction or smart contract. All accounts that can authorise a subsequent transaction have to be defined in the first transaction before that transaction is added to the blockchain. How to dynamically bind the authority for a transaction?

Forces

• Dynamism – Need to dynamically binding one or more unknown authorities with a subsequent transaction after the first transaction was submitted to the blockchain.
• Predefined authorities – Typically access control list of a smart contract function needs to be predefined. Hence, authorised addresses need to be predefined.

Solution

An off-chain secret can be provided with a transaction to invoke a smart contract function. First, create an off-chain secret. Then generate the hash value of the secret using a hash function like SHA256. Third, update the access control list (ACL) of the respective smart contract function by issuing a transaction to the blockchain. This hash value should be set by the owner/manager of the smart contract. Alternatively, the hash value could also be added to the ACL at the time of initialising the smart contract. Forth, share the secret with the party that you wish to authorise the execution of the smart contract function off-chain. Finally, get that party to call the respective smart contract function with the secret as one of the parameters. Once the function is called, the smart contract can hash the secret and compare it with the hash that is already stored in the ACL. If there is a match function could be executed further. Else, the function should terminate. This solution is also referred to as Hashlock.

Off-chain secret enabled dynamic authorisation pattern (aka., hashlock)

For example, in the context of payments, a smart contract can be used for escrow. When the sender deposits the money to the escrow smart contract, the hash of a secret (e.g. a random string, called pre-image) is also submitted with the money. Whoever receives the secret off-chain can claim the money from the escrow smart contract by revealing the secret. With this solution, the receiver of the money does not need to be defined beforehand in the escrow contract. This can be generalised to any transaction that needs authorisation from a dynamically bound participant. One variant is to lock multiple transactions with the same secret—by unlocking one, all of them are unlocked.

Benefits

• Dynamism – The pattern enables the dynamic binding of unknown authority to execute a smart contract function.
• Routability – Once the secret is revealed, any other transactions secured using the same secret can also be opened. This makes it possible to create multiple transactions that are all locked by the same secret. This property is used by micropayment channels to enable multi-hop transfers where the money hosted by every hop and secured by the same secret can be released after the end receiver claims the money with the secret (i.e., the secret is revealed). The secret can be exchanged through off-chain channels.
• Interoperability – There is no need for a special protocol to exchange the secret. The secret can be exchanged in any way off-chain. This provides a mechanism for other systems to trigger events on blockchain.
• Lost key tolerant – No private key is required to authorise transactions.

Drawbacks

• One-off secret – Once the secret is revealed, it cannot be reused (aka., one-off secret). Verification of the secret is on-chain. Thus, once a secret is embedded in a transaction submitted to the blockchain, the secret is revealed.
• Combination of signature and secret – Because this pattern has the property that once the secret is revealed, any other transactions secured using the same secret can also be opened, sometimes the transaction protected by the secret should also be associated with a public key so that both a correct secret and an appropriate signature with the respective private key are required to authorise the transaction. This is applicable to the situation where a large set of authorities is known beforehand, but not all of them are allowed to authorise a certain activity/transaction. Thus, a hash of the secret is used to dynamically bind one or multiple authorities from the larger predefined set of authorities.
• Lost secret – The sender/initiator of a transaction takes the risk of losing the off-chain secret. If the secret is lost, the transaction cannot be authorised and being proceeded anymore. If it is compromised anyone could call the respective smart contract function.
• Man-in-the-middle attack – When the transaction that reveals the secret is in the transaction pool of a miner (not included in the blockchain yet), it is visible to the entire blockchain. Hence, there is the risk of another party issuing a transaction with the same secret and it gets included in the blockchain before the original transaction. This is a form of a man-in-the-middle attack which is also known as front running.

Related Patterns

• Multiple authorisation pattern is used when all the possible authorities are known beforehand.
• This pattern is used in the payment channel and atomic swap patterns that use a Hash-Lock Time-Lock Contract (HTLC).
• This pattern complements the embedded permission pattern.

Known Uses

• Raiden Network is a network of off-chain payment channels on top of the Ethereum blockchain network, which enables secure value transfer. The multi-hop transfer mechanism in Raiden Network uses hash locked transactions to securely route payments through a middleman.
• In the Bitcoin ecosystem, atomic cross-chain trading allows one cryptocurrency (e.g., Bitcoin) to be traded for another cryptocurrency (e.g. tokens on a Bitcoin sidechain) using an off-chain hash secret.