Dr. Nadav Kohen

Dr. Nadav Kohen

Cryptography Researcher at Chaincode Labs, chess, formal verification, and automatic sequence enthusiast

Discreet Log Contracts Part 3: Why They Are Great

2 minute read

Published:

In previous posts, we discussed both what Discreet Log Contracts (DLCs) are and how they work in detail. Now, let’s talk about the features of DLCs and how they make powerful oracle contracts.

Discreet Log Contracts are private and secure. Not only is the contract only known by the parties involved, but not even the oracle needs to know anything about its users. All they need to do is broadcast signatures and can even potentially monetize (see our post on PAID APIs).

The public sees nothing that can be distinguished from simple payment activity, no information goes on-chain except for the payout. Not only do oracles stay oblivious of their users but there are additional built in protections in the DLC scheme against oracles lying. We will address the security and trust model of DLCs further in our next post.

DLCs are also very flexible. The DLC scheme can be used for contracts on just about any blockchain (including Bitcoin). All that is needed is multi-signature contracts and timeouts. Users across different blockchains and Layer 2 solutions can simultaneously use the same oracles. Further, there is a natural way to combine DLC oracles. For example, to extend the scheme described previously to a 2-oracle DLC, Alice and Bob must simply add the two oracles’ P_MOON keys to get an aggregate P_MOON, whose underlying private key is simply the sum of the two oracles’ signatures!

Discreet Log Contracts are scalable. They are natural candidates for execution within payment channels such as those of the Lightning Network. It is possible to execute arbitrary DLCs completely off-chain with absolutely no on-chain footprint, fees, or privacy leaks. Even without going fully off-chain, DLCs are already mostly off-chain so that the only on-chain footprint is two simple value-transfer transactions - funding and closing. This makes DLCs a viable candidate on any chain to “allow extensive complex smart contracts to occur without unduly taxing the global network”.

Finally DLCs are composable. Essentially a DLC is an oracle contract that requires nothing but multisig or MuSig to enforce. This means that all smart-contracting platforms out there, such as Ethereum, can replace the oracle subcontracts it currently uses, with DLCs. This replacement allows those involved to enjoy all of the benefits we have highlighted.

All of this from building blocks so simple that they can be expressed in Bitcoin Script!

But what exactly are the security and trust models when it comes to executing DLCs? This will be the topic of our next post.

You May Also Enjoy

A Practical Attack Against Limited MuSig2 Nonce Reuse

19 minute read

Published:

I know what you’re thinking, “Duh, everyone knows that nonce reuse is bad … why are you writing a blog post about how nonce reuse is insecure?” Fair enough, but hear me out. As we’ll discuss, it is pretty trivial to compute someone’s private key if they are unfortunate enough to reuse a Schnorr signature nonce; however, I claim that it is less clear why nonce reuse leads to practical attacks in the multi-signature scheme MuSig2.

Some Secrets Shared

47 minute read

Published:

In cryptography, secret sharing is the process of splitting a secret into pieces, called secret shares, so that no individual device stores the original secret, but some group of devices can collectively recover that secret. Classic examples of situations involving secret sharing include missile launch codes and shared custody in the corporate setting; in both cases, multiple individuals’ authorizations are required before any action can be taken. Recently, secret sharing has seen extensive use within multi-party computation (MPC) involving secret data, and private key management, where an individual or organization has cryptocurrency belonging to a secret key and they wish to split this key into \(n\) key shares such that some subset of \(t\) shares is required for using the key.

DLC Oracle Failure Cases

10 minute read

Published:

Discreet Log Contracts (DLCs) are bitcoin-compatible non-custodial oracle contracts in which participants post Bitcoin collateral which is settled depending on an event in the “real-world” as attested to by a set of oracles. In this post, we will be exploring in-depth the ways in which oracles can fail which DLC users should be aware of, as well as some mitigation strategies.

Multi-Oracle DLC Deep Dive

9 minute read

Published:

A couple weeks ago, we announced that we had successfully executed a DLC on-chain using oracles Bitfinex, Pierre Rochard and Suredbits. In this post, we will be diving into the details of how multi-oracle DLCs are accomplished.