FastKitten: Practical Smart Contracts on Bitcoin

Smart contracts are envisioned to be one of the killer applications of decentralized cryptocurrencies. They enable selfenforcing payments between users depending on complex program logic. Unfortunately, Bitcoin -the largest and by far most widely used cryptocurrency -does not offer support for complex smart contracts. Moreover, simple contracts that can be executed on Bitcoin are often cumbersome to design and very costly to execute. In this work we present FASTKITTEN, a practical framework for executing arbitrarily complex smart contracts at low costs over decentralized cryptocurrencies which are designed to only support simple transactions. To this end, FASTKITTEN leverages the power of trusted computing environments (TEEs), in which contracts are run off-chain to enable efficient contract execution at low cost. We formally prove that FASTKITTEN satisfies strong security properties when all but one party are malicious. Finally, we report on a prototype implementation which supports arbitrary contracts through a scripting engine, and evaluate performance through benchmarking a provably fair online poker game. Our implementation illustrates that FASTKITTEN is practical for complex multi-round applications with a very small latency. Combining these features, FASTKITTEN is the first truly practical framework for complex smart contract execution over Bitcoin. Approach Minimal # TX Collateral Generic Contracts Privacy Ethereum contracts O(m) O(n) MPC [38-40] O(1) O n 2 m Ekiden [19] O(m) no support for money FASTKITTEN O(1) O(n)