Payment channel networks (PCNs) offer a promising solution to address the limited transaction throughput of deployed blockchains. However, several attacks have recently been proposed that stress the vulnerability of PCNs to timelock and censoring attacks. To address such attacks, we introduce Thunderdome, the first timelock-free PCN. Instead, Thunderdome leverages the design rationale of virtual channels to extend a timelock-free payment channel primitive, thereby enabling multi-hop transactions without timelocks. Previous works either utilize timelocks or do not accommodate transactions between parties that do not share a channel. At its core, Thunderdome relies on a committee of non-trusted watchtowers, known as wardens, who ensure that no honest party loses funds, even when offline, during the channel closure process. We introduce tailored incentive mechanisms to ensure that all participants follow the protocol's correct execution. Besides a traditional security proof that assumes an honest majority of the committee, we conduct a formal game-theoretic analysis to demonstrate the security of Thunderdome when all participants, including wardens, act rationally. We implement a proof of concept of Thunderdome on Ethereum to validate its feasibility and evaluate its costs. Our evaluation shows that deploying Thunderdome, including opening the underlying payment channel, costs approximately $15 (0.0089 ETH), while the worst-case cost for closing a channel is about $7 (0.004 ETH).

In the renaming problem, a set of n nodes, each with a unique identity from a large namespace [N], needs to obtain new unique identities in a smaller namespace [M]. A renaming algorithm is strong if M = n. There exist many time-efficient solutions for fault-tolerant renaming in synchronous message-passing systems. However, all previous algorithms send Ω(n²) messages, and many of them also send large messages each containing Ω(n) bits. Moreover, most algorithms' performance do not scale with the actual number of failures. These limitations restrict their practical performance. We develop two new strong renaming algorithms, one tolerates up to n - 1 crash failures, and the other tolerates up to (1/3 - ϵ0)n Byzantine failures for an arbitrarily small constant ϵ0 > 0. The crash-resilient algorithm is always correct and always finishes within O(log n) rounds. It sends Õ((f + 1) · n) messages with high probability, where f is the actual number of crashes. This implies that it sends subquadratic messages as long as f = o(n/log n). The Byzantine-resilient algorithm trades time for communication cost: it finishes within Õ(max{f, 1}) rounds and sends only Õ(f + n) messages, with high probability. Here, f is the actual number of Byzantine nodes. Both algorithms only send messages of size O(log N) bits. Therefore, our crash-resilient algorithm incurs o(n²) communication cost as long as f = o(n/(log n log N)); and our Byzantine resilient algorithm incurs almost-linear communication cost. By deriving a lower bound, we conclude that our algorithms achieve near-optimal communication cost in many cases.