3-Phase Commit for Multi-Hop Payments

Originally proposed by @bipedaljoe who shared his work here: Predictable ordering of "proof-of-structure" (the 2018 CTOR upgrade) and possible future advances

and linked to his paper here: https://resilience.me/3phase.pdf

This is an attempt to capture that idea, and have a dedicated place to discuss it.

The Problem

Current payment channel networks (Lightning) use a 2-phase commit with cancel-on-timeout. The Prepare phase has no penalty for non-cooperation, enabling griefing attacks where adversaries lock up liquidity at minimal cost.

Key Insight

There are two possible 2-phase designs with penalties on opposite phases:

Neither alone solves griefing: one phase is always vulnerable.

The Solution

Combine both: use finish-on-timeout for the first phase, then transition to cancel-on-timeout via an intermediate pre-commit phase.

Prepare [penalty, finish-on-timeout]
    │
    ├─► Pre-Commit [penalty, cancel-on-timeout]
    │       │
    │       └─► Commit [penalty]
    │
    └─► Cancel [penalty] (if no agreement)

Result: every phase carries a penalty, deterring DoS without relying on impractically short timeouts.

Requirements

• Authenticated Cancel: Sender must prove cancellation via hash lock (prevents intermediaries faking cancel then collecting via timeout)
• Time-proportional fees: Addresses self-payment attacks where attacker pays penalties to themselves

Open Questions

1. Concrete cryptographic construction for sender-authenticated cancel?
2. On-chain dispute transactions for each phase?
3. Privacy implications, does authenticated cancel leak sender identity?
4. Latency cost of the additional round trip?
5. Handling partial failures mid-route?
6. Can we use PTLCs instead of HTLCs? (XMR-BCH swap contract is the primitive we can extend with 1 more stage)

Discussion

This revisits protocol fundamentals rather than bolting on fees/reputation. The duality observation is elegant, but turning it into a specification requires more work.