Blockchain technology is increasingly being adopted by mainstream and crypto-native businesses alike — from DeFi to NFTs, to peer-to-peer file sharing, supply chain consortia, gaming, and more. Because of a multitude of business use cases and varied application scenarios, different flavors of blockchains (including permissionless, permissioned, private) have emerged. Clearly, the proverbial elephant in the room is "blockchain interoperability", i.e., how can these different protocols connect to form a cohesive whole? The problem of blockchain interoperability essentially boils down to two categories of problems: crosschain asset transfers and crosschain function calls.

The problem of currency and asset transfers from one blockchain to another is crucial in this era where many companies are launching blockchain networks with their own native currencies. We also have companies pushing wrapped currencies, tokens and digital assets. So this problem space can be subdivided into: crosschain transfers, crosschain swaps, crosschain transactions with more than two parties. The fundamental challenges are:

  • efficiently proving to a blockchain that a party holds an asset on another blockchain 

  • identifying desired guarantees for a crosschain protocol, and

  • designing effective and efficient crosschain protocols.

A cross-blockchain function call enables calling a smart contract function deployed on one blockchain from a smart contract deployed on another blockchain. Apart from the challenges of currency and asset transfers, a crosschain function call protocol has to deal with atomic state updates and unexpected gas costs. 

Crosschain Workshop 2021

Initiated and chaired by Peter Robinson (Consensys Software R&D) the Crosschain Workshop 2021 specifically targeted this theme, and focused on bringing awareness amongst researchers and practitioners on the state-of-the-art in blockchain interoperability and the challenges that still persist today. 

It attracted 37 submissions worldwide. The workshop ran for two 4 hour sessions on consecutive days, hosting 12 standard talks (20 minutes) and 12 lightning talks (10 minutes), attended by 100 participants globally. The standard talks leaned towards describing research and development approaches, and the lightning talks leaned towards showcasing industrial technology. These talks presented novel ideas, discussed the limitations of existing approaches, and highlighted the challenges.

The following sections summarize the talks presented at the workshop. They also provide a bird’s-eye view and help the reader to understand the state-of-art in blockchain interoperability. I hope this write up also encourages the reader to dive deep, and to make use of the papers, slides and the video recordings of all the talks and discussions that are hosted at this webpage, so as to contribute towards the wider adoption of blockchain technology.

A summary of standard talks

Traditionally the correctness of database protocols are characterized using ACID (Atomicity, Consistency, Isolation and Durability) properties. Maurice Herlihy from Brown University, shared his insights on the differences between the trusted setting of a standard database environment against the modern trustless environment of inter-blockchain operations. They found that these traditional ACID properties were not applicable in the context of state updates across blockchains for realistic situations where there are no bounds on the number of adversaries. They devised and proposed crosschain deals where correctness is characterized by the following properties:

  1. For every protocol execution, every compliant party ends up with an acceptable payoff.

  2. No asset belonging to a compliant party is escrowed forever.

  3. If all parties are compliant and are willing to accept their proposed payoffs, then all transfers happen.

Mohsen Lesani from University of California, extended the concept of crosschain swaps to crosschain transactions that can include more than two parties as well as offchain steps. They propose a three-phase protocol to facilitate such crosschain transactions guaranteeing the properties of:

Uniformity: If all parties follow the protocol, all the assets should be transferred. If any party deviates from the protocol, the conforming parties should not experience a loss.

End-to-end: If the source parties pay, then the sink parties are paid.

Peter Robinson from Consensys Software R&D, introduced the General Purpose Atomic Crosschain Transactions (GPACT) protocol that facilitates cross contract function calls across blockchains with atomicity guarantees and without requiring any changes to existing blockchain clients. The GPACT protocol relies on the existing mechanisms of either using direct signing and validation across blockchains when the validators on all blockchains are the same, or using trusted block header transfer mechanisms present in the literature.

Yingjie Xue from Brown University, highlighted the lockup grieving problem in HTLC (hash time lock contract) based swap mechanisms where the assets are locked for an agreed but longer duration. They identify that in a volatile and a dynamic environment where the assets appreciate or depreciate rapidly, there is a possibility of sore loser attack where when one's asset depreciates, the other walks away, leaving the former stuck. Leveraging on the notion of small premiums they propose two-party and multi-party fair atomic swap protocols and prove the safety: no negative payoff for a conforming party, and liveness: when all parties conform then swap happens and premiums are refunded.

Babu Pillai from Griffith University, presented a Burn and Claim approach to inter blockchain transfers, where (1) the assets are burned (sent to a non-withdrawable address) on the source blockchain, (2) then from gateway nodes (interface across blockchains) a proof of burn is obtained, (3) then a Claim transaction that includes this proof is submitted on the destination blockchain, and (4) the assets are minted anew. To gain atomicity a Reclaim transaction is submitted on the source blockchain after a timeout, and funds are refunded to the sender, when there is a minting failure on the destination blockchain. 

Victor Zakhary from UC Santa Barbara, showed a corner case where atomicity is violated in Hash Time Lock contracts: when two parties, say Alice and Bob, enter into a swap and Alice reveals the secret to  Bob's contract, she obtains the assets agreed upon to be transferred, and it is possible that Bob could be out of the network for only a brief period (due to a crash, DoS attack, etc) but long enough that the timer of Alice's contract expires and the assets that were intended to be transferred to Bob, are transferred back to Alice. Bob then experiences a loss when he comes back online. To handle these corner cases and guarantee Atomicity, Victor proposed an Atomic Crosschain Commitment protocol that uses another network called Witness Network to track the block headers of asset blockchains. After transferring assets, the parties submit evidence to the Witness Network. The evidence is verified against the stored block headers, and if they pass, the Witness Network Smart Contract changes its state to accept and commits the transaction. If not, the transaction is deemed aborted, and the assets are returned.

Enrique Fynn from Universita della Svizzera, highlighted the limitation of smart contracts being strongly tied to the blockchain on which they are deployed. To alleviate this problem, he proposed a Move protocol to seamlessly move the contract from one blockchain to another. The idea is to write lock the protocol (meaning no more state updates), and to create the same contract with the state snapshot of the source blockchain on the destination blockchain. This needs a new opcode OP_MOVE to be added to the existing EVM opcode set. He demonstrated the feasibility of this idea using the case studies on ERC-20 and CryptoKitties contract.

Building on the smart contract’s Move protocol introduced in the previous talk, Martin WesterKamp from Technische Universität Berlin, also questioned the idea of tying smart contracts to one blockchain. He demonstrated that a naïve way of forking a contract from one blockchain to another is very gas-expensive and is not feasible. He then proposed a viable solution of splitting the target contract into three: logic, proxy and initialisation contracts. The logic contract captures the functionality, the proxy contract sets the contract state and is called only by the initialisation contract, and the  initialisation contract lives only during the time of migration until the state is copied over, before self destructing.

Alexei Zamyatin from Imperial College London, provided a meta-perspective on crosschain communications. He first showed a way to reduce the problem of crosschain communication without a trusted third party to the problem of fair exchange without a trusted third party. Because the latter problem is proven impossible, the problem of crosschain communication without a trusted third party is also shown impossible. This sets the baseline for crosschain communication protocols and reinforces the need of having a trusted third party. He observed a generic structure for all crosschain protocols, consisting of  the following steps: (1) commit on the source chain, (2) verify on the destination chain, (3) commit on the destination chain, (3b) alternatively abort on the destination chain, and (4) optionally abort on the source chain. He also showed that the synchrony (by the means of contracts and others) assumption in crosschain communications is equivalent to crosschain communications with a trusted third party. Then he surveyed the proposed crosschain protocols in the literature and categorised them into the boxes of trusted third party, synchrony and hybrid.

Gewu Bu from Université Clermont Auvergne, presented a protocol that works across Hyperledger Fabric blockchains providing the ACID (Atomicity, Consistency, Isolation and Durability) properties with the assumption that messages are never lost.

Stefan Schulte from TU Wien, showed that a validation of Proof Of Work blockchains in relays is expensive. Basically, a relay is a contract on a destination blockchain that keeps track of the block headers of a source blockchain, and can verify whether some transaction is included in the source blockchain. To make relays economically more viable, he proposed and evaluated three solutions - using optimistic-accept-then-dispute mechanism, storing partial data, and using incentives.

I (Raghavendra Ramesh from Consensys Software R&D) presented an approach for user-level ETH transfers in the grand vision of Ethereum 2.0 where there are 64 shards and where many execution environments (EE) can exist. Leveraging the netted balance approach for EE-level transfers and System Events he proposed a protocol for atomic cross-shard cross-EE user-level ETH transfers without using any locks, and without imposing any constraints on the Block Proposer to select particular transactions.

Brief summary of lightning talks

Ganesha Upadhyaya from Harmony.one, showcased a gas efficient light client for communication between Harmony and Ethereum networks.

Dean Tribble from Agoric, pitched Inter Blockchain Communication protocol as a TCP for blockchains on which applications can be built. 

Daniel Engel from Brown University, described Market Maker Exchanges Uniswap and Balancer where reserves of assets are deposited onto a smart contract so that the trading or exchanging is done without delay. He then identified the minimal set of properties that are required to be satisfied by a network of these exchanges for smooth and efficient trading.

Kilian Rausch from OpenDEX, described OpenDEX, a decentralized exchange network for native assets that are settled on lightning and Connext networks.

Weijia Zhang and James Zhu from Wanchain, showed Wanchain bridge, a modular framework packaged with common protocols for businesses that enable interoperability between private and public blockchains.

Sara Ghaemi from University of Alberta, presented an approach that views blockchains as publishers and subscribers, and communication happens using topic ids via a broker blockchain.

Peter Monero-Sanchez from IMDEA Software Institute, highlighted the compatibility problems of hash functions and time functions in HTLCs, and pointed to an approach that alleviates these problems and enables multi-asset swaps using adaptor signatures.

Rafael Belchior from INESC-ID, Instituto Superior Técnico and Peter Somogyvari from Accenture, presented Hyperledger Cactus, a language-agnostic plugin framework for implementing interoperability protocols on participating blockchains.

Lucas Soriano from COMIT, noted potential attacks on crosschain exchange protocols based on long waits of hash time-lock contracts. To alleviate these attacks he presented an approach for cross blockchain atomic swaps on Bitcoin and Monero networks using adaptor signatures.

Andrey Kuprianov from Informal Systems, noted that manually testing crosschain protocols is hard. However, he showed that: when a formal model of the protocol is given, then succinct test scenarios on the model can be envisaged. These scenarios can be translated into tests using a model checker, and can be used to check the protocol implementation.

Albert Acebrón from Onramper, presented a bridge that is built using XCLAIM to cross-transfer NEO and BNC tokens. 

Christof Spanring from Pantos GmbH, explained about Pantos project, a multi blockchain token system, and introduced the idea of having a global stake for secure inter blockchain communication. 

Conclusion

First and foremost, the workshop emphasized the importance and necessity of interoperable blockchains. It provided a forum for researchers, developers and the business community to network and engage with each other, and brought awareness and new impetus to the developments in this field. This is the beginning of an exciting journey, set to envision new scenarios, to architect practical solutions, to unleash and to actualize the potentials of interoperable blockchains in propelling human society.


The views reflect the author's understanding of the blockchain interoperability space. Inputs, comments, feedback and corrections are invited. You can contact me at [email protected] or on LinkedIn.

Thanks to Sandra Johnson of Consensys Software R&D, for proof-reading, and for suggesting corrections.

Raghavendra Ramesh, Senior Researcher at Consensys Software R&D. 

I am passionate about formal methods, design and analysis of distributed systems, and cryptography. I am a serious practitioner of Raja Yoga based meditation under the guidance of Shri Suresh Kumar Makam of Bangalore.