ChainScore Labs
LABS
Guides

What is a Hash Time-Locked Contract (HTLC) Bridge?

An architectural analysis of trust-minimized cross-chain transfers using cryptographic time-locks.
Chainscore © 2025
core-concepts

Cryptographic Foundations

Explore the cryptographic mechanisms enabling secure cross-chain asset transfers through Hash Time-Locked Contracts (HTLCs).

01

Hash Time-Locked Contract (HTLC)

A Hash Time-Locked Contract (HTLC) is a smart contract that uses cryptographic hashes and time constraints to enable conditional payments. It requires the recipient to acknowledge payment by revealing a secret preimage within a set timeframe, or the funds are returned to the sender.

  • Conditional Execution: Payment is locked until a cryptographic proof is provided.
  • Time-Bound Security: Includes a refund mechanism if the deadline passes.
  • Trust Minimization: Eliminates the need for intermediaries in atomic swaps.
  • Use Case: Powers cross-chain bridges like those between Bitcoin and Ethereum, allowing users to swap BTC for wrapped BTC (WBTC) securely without a central custodian.
02

Cryptographic Hash Function

A cryptographic hash function is a one-way mathematical algorithm that converts input data into a fixed-size string of characters, crucial for securing HTLCs. It ensures the preimage remains hidden until revealed, enabling verification without exposing the secret.

  • Deterministic: Same input always produces the same hash output.
  • Preimage Resistance: It is computationally infeasible to reverse the hash to find the original input.
  • Collision Resistance: Extremely unlikely two different inputs produce the same hash.
  • Real Example: SHA-256 is commonly used in HTLCs; a user generates a secret, hashes it to create a lock, and the recipient must reveal the secret to claim funds.
03

Time Lock

A time lock is a condition in an HTLC that sets a deadline for transaction completion, ensuring funds are not indefinitely locked. If the recipient fails to provide the secret preimage within the timeframe, the sender can reclaim the assets.

  • Absolute Timelocks: Specify a fixed block height or timestamp for expiration.
  • Relative Timelocks: Delay actions based on elapsed time after a trigger event.
  • Security Feature: Protects against denial-of-service attacks by guaranteeing refunds.
  • Use Case: In a bridge between chains, if a cross-chain swap isn't completed in 24 hours, the original funds are automatically returned to the sender's wallet.
04

Atomic Swap

An atomic swap is a peer-to-peer exchange of cryptocurrencies across different blockchains using HTLCs, ensuring either both parties complete the trade or neither does. This eliminates counterparty risk without relying on centralized exchanges.

  • Cross-Chain Interoperability: Enables direct trading between assets like Bitcoin and Litecoin.
  • Atomicity: The transaction is all-or-nothing; if one side fails, the entire swap reverts.
  • Decentralized: Operates entirely on-chain with smart contracts or scriptable transactions.
  • Real Example: A user can swap Ethereum for Monero via an HTLC bridge, where both transactions are settled simultaneously upon secret revelation, ensuring no party can cheat.
05

Preimage and Secret Revelation

The preimage is the original data input that generates a cryptographic hash in an HTLC, and its revelation is the act of disclosing it to claim locked funds. This mechanism ensures only the intended recipient can access the payment.

  • Secret Generation: Created randomly by the sender or generated via a secure method.
  • Verification Process: The hash of the revealed preimage is checked against the locked hash.
  • Incentive Alignment: Encourages timely completion of swaps to avoid time lock expiration.
  • Use Case: In a bridge transaction, once the recipient reveals the preimage on one chain, it can be used to unlock assets on another chain, facilitating seamless cross-chain transfers.
06

HTLC Bridge Architecture

An HTLC bridge is a decentralized protocol that connects disparate blockchains using HTLCs to enable secure asset transfers. It leverages hashes and time locks to synchronize transactions across networks without a trusted third party.

  • Multi-Chain Coordination: Manages locks and secrets across different blockchain environments.
  • Relayer Networks: Often uses nodes to monitor and forward transaction data between chains.
  • Scalability Challenges: Can face congestion due to time lock expirations and network delays.
  • Real Example: The Lightning Network uses HTLCs for off-chain Bitcoin payments, while bridges like Interlay extend this to cross-chain scenarios, allowing users to move assets between Bitcoin and Polkadot with enhanced security.

The Atomic Swap Protocol

Process overview for using a Hash Time-Locked Contract (HTLC) Bridge to facilitate cross-chain asset swaps.

1

Initiate the Swap with a Secret Hash

The swap initiator creates a cryptographic secret and its hash to lock funds on the source chain.

Detailed Instructions

Hash Time-Locked Contract (HTLC) initiation begins with the sender generating a random cryptographic secret, often a 32-byte preimage. The SHA-256 hash of this secret, known as the payment hash, is computed and embedded into the smart contract on the source blockchain (e.g., Ethereum). This hash acts as a cryptographic condition for releasing the locked funds. The sender must also define a timelock duration, such as 24 hours, after which the contract will refund the assets if unclaimed.

  • Sub-step 1: Generate the secret and hash: Use a cryptographically secure random function. For example, in a Node.js environment:
code
const crypto = require('crypto');
const secret = crypto.randomBytes(32); // 32-byte preimage
const hash = crypto.createHash('sha256').update(secret).digest('hex');
  • Sub-step 2: Deploy or interact with the HTLC: Call the lock function on the bridge contract, specifying the recipient's address on the destination chain, the hash 0x..., and the timelock block height or timestamp.
  • Sub-step 3: Fund the contract: Transfer the exact swap amount, e.g., 1.5 ETH, to the contract address. The contract will hold these funds until the hash condition is met or the timelock expires.

Tip: The secret must remain confidential with the initiator until the counterparty reveals it on the destination chain to claim their funds.

2

Counterparty Locks Funds on Destination Chain

The receiving party verifies the hash and locks a corresponding asset amount on the target blockchain.

Detailed Instructions

Upon observing the HTLC lock transaction on the source chain (via a bridge relayer or oracle), the counterparty must create a corresponding HTLC on the destination chain (e.g., Polygon). This step ensures atomicity—both parties have funds locked under the same cryptographic condition. The counterparty must verify the provided payment hash matches the one from the source chain and that the timelock on the destination side is shorter (e.g., 12 hours) to prevent the initiator from claiming the destination funds and then letting the source timelock expire.

  • Sub-step 1: Verify the source lock: Query the source chain's HTLC contract using the transaction ID to confirm the hash, amount (1.5 ETH equivalent), and the recipient address (your own).
  • Sub-step 2: Deploy the mirror HTLC: On the destination chain, call the lock function on the bridge contract, providing the same payment hash and the initiator's address as the eventual claimant. Lock the equivalent asset amount, e.g., 3000 MATIC.
  • Sub-step 3: Confirm the lock: Ensure the transaction is confirmed with sufficient block confirmations (e.g., 15 blocks on Polygon) to finalize the lock.

Tip: Always use a trusted bridge interface or dApp to automate hash verification and contract interaction, reducing manual error risk.

3

Claim Funds by Revealing the Secret

The initiator reveals the secret on the destination chain to unlock the counterparty's funds, which then exposes the secret for the counterparty to use.

Detailed Instructions

This is the claim phase where the atomic swap is executed. After confirming the counterparty's lock on the destination chain, the initiator reveals the original preimage (secret) to the HTLC contract there. This action proves knowledge of the secret, fulfilling the cryptographic condition and transferring the locked destination assets (e.g., 3000 MATIC) to the initiator's address. Crucially, this revelation makes the secret public on the blockchain, allowing the counterparty to subsequently use it on the source chain.

  • Sub-step 1: Submit the secret: On the destination chain, call the claim function on the HTLC contract, passing the raw secret bytes. For example, using ethers.js:
code
const tx = await htlcContract.claim(secret);
await tx.wait();
  • Sub-step 2: Verify the claim transaction: Check that the transaction succeeds and the MATIC balance updates in your wallet. The contract event logs will confirm the secret was revealed.
  • Sub-step 3: Monitor for secret exposure: The counterparty (or any observer) can now extract the secret from this transaction's calldata or event logs to use on the source chain.

Tip: The claim must be executed before the shorter destination timelock expires; otherwise, the counterparty could refund their locked MATIC, breaking the swap.

4

Finalize Swap or Refund Expired Contracts

The counterparty claims the source chain funds using the revealed secret, or either party refunds their assets if timelocks expire.

Detailed Instructions

The final step ensures the swap completes atomically or safely refunds both parties. After the initiator's secret is revealed on the destination chain, the counterparty uses that same preimage to claim the original locked funds on the source chain (e.g., 1.5 ETH). If the claim is not made before the source chain timelock (e.g., 24 hours) expires, either party can trigger a refund, returning the assets to the original sender. This timelock safety mechanism prevents funds from being permanently locked.

  • Sub-step 1: Claim on source chain: The counterparty calls the claim function on the source HTLC contract, providing the now-public secret. This transfers the 1.5 ETH to their address.
  • Sub-step 2: Verify completion: Both parties should verify their respective wallet balances reflect the swapped assets. The swap is now complete.
  • Sub-step 3: Execute refund if needed: If the secret is not revealed in time, call the refund function on either HTLC contract after its timelock passes. For example, on Ethereum:
code
// After block.number > contractTimelock
const refundTx = await sourceHTLC.refund();

Tip: Always monitor timelocks using blockchain explorers. Successful swaps typically complete within minutes, but refunds are a critical safety fallback.

HTLC vs. Other Bridge Architectures

Comparison of bridge mechanisms for cross-chain asset transfers

FeatureHTLC BridgeLock & Mint BridgeLiquidity Network Bridge

Trust Model

Trust-minimized (cryptographic)

Trusted validators/multisig

Trusted liquidity providers

Finality Time

~1 hour (time-lock dependent)

~10-30 minutes

Near-instant (<2 min)

Capital Efficiency

Low (locked for duration)

High (minted representation)

High (pool-based)

Security Assumption

Honest majority of hash power

Honesty of validator set

Solvency of liquidity pools

Example Protocol

Lightning Network

Polygon PoS Bridge

Connext

Native Asset Support

Yes (direct)

Wrapped assets only

Yes (via pools)

Complexity

Medium (scripting logic)

Low (simple locking)

High (routing algorithms)

Typical Use Case

Atomic swaps, payments

General asset bridging

High-frequency swaps

Implementation & Analysis

Getting Started

A Hash Time-Locked Contract (HTLC) Bridge is a secure, two-step mechanism that allows users to swap assets between two different blockchains without needing a trusted third party. It's like a digital safety deposit box with a time limit and a secret password.

Key Points

  • Atomic Swap: The entire transaction either completes fully for both parties or fails completely, preventing one side from taking the asset without paying. This is the core security guarantee.
  • Hashlock and Timelock: The sender creates a cryptographic puzzle (hashlock) that the receiver must solve with a secret. A timelock sets a deadline; if the secret isn't revealed in time, the sender can reclaim their funds.
  • Primary Use Case: Enables cross-chain transfers for assets like Bitcoin and Ethereum. For example, you could swap BTC for wrapped BTC (WBTC) on Ethereum without using a centralized exchange.

Example

When using a bridge like the Bitcoin Lightning Network to make a payment, an HTLC is created. The payer locks funds with a hash. The payee must present the secret to claim the funds within a set time window, ensuring the payment is either completed or refunded, with no funds lost in limbo.

limitations-considerations

Limitations and Practical Considerations

While HTLC bridges enable secure cross-chain asset transfers, they come with inherent trade-offs and operational complexities that users and developers must carefully evaluate.

01

Time-Lock Vulnerability

The core security mechanism of an HTLC bridge is also a primary risk. The predefined time-lock forces completion or refund within a deadline.

  • If network congestion delays the secret reveal, funds can be permanently locked or refunded, causing failed transfers.
  • Malicious actors can perform griefing attacks by revealing the secret at the last moment, wasting others' time and transaction fees.
  • This requires precise timing and reliable network monitoring, making the process stressful for large-value transfers.
02

Capital Efficiency & Liquidity

HTLC bridges often suffer from poor capital efficiency as locked funds are immobilized for the duration of the swap.

  • To facilitate multiple concurrent swaps, operators must lock substantial liquidity on both chains, which is costly and unproductive.
  • This model struggles with high-volume, real-time trading typical on centralized exchanges.
  • For example, a bridge supporting frequent Bitcoin to Ethereum swaps needs huge BTC and ETH reserves sitting idle, limiting scalability and increasing operational costs.
03

Cross-Chain Complexity

Operating across different blockchains introduces significant technical complexity and points of failure.

  • Each chain has unique block times, consensus rules, and fee markets, making synchronized timelocks challenging to calibrate.
  • Interoperability issues arise with non-Turing complete chains (like Bitcoin) that can't natively verify proofs from other networks.
  • Users must manage wallets and pay gas fees on two distinct networks, a confusing and expensive hurdle for non-technical users.
04

Limited Functionality

HTLCs are designed primarily for simple atomic swaps, resulting in limited functionality compared to modern bridges.

  • They typically only support straight asset-for-asset swaps, not complex operations like borrowing, lending, or staking across chains.
  • There is no native support for arbitrary data transfer or smart contract calls, limiting DeFi composability.
  • For instance, you cannot use an HTLC bridge to participate in an Ethereum-based liquidity pool using your Bitcoin without first swapping it, adding extra steps and exposure.
05

Trust & Counterparty Risk

While trust-minimized, some HTLC bridge implementations reintroduce counterparty risk through their reliance on intermediaries or federations.

  • Many bridges use a group of federated nodes to hold the locked funds and verify transactions, creating a centralization vector.
  • Users must trust these nodes not to collude or go offline.
  • In a practical example, if a 5-of-9 multisig federation is compromised, all bridged assets could be stolen, as seen in several cross-chain hacks.

Frequently Asked Questions

A Hash Time-Locked Contract (HTLC) Bridge is a smart contract-based protocol enabling secure, trust-minimized cross-chain asset transfers. It uses cryptographic hash locks and time locks to create conditional payments that must be completed within a set deadline. The process involves generating a secret, hashing it, and locking funds on the source chain with that hash. To claim the funds on the destination chain, the recipient must reveal the secret before the time lock expires, proving the transaction's legitimacy. This mechanism prevents fraud by ensuring either the swap completes atomically or funds are refunded. For example, bridging Bitcoin to Ethereum via the Wrapped Bitcoin (WBTC) system often employs HTLCs to secure the minting of tokens, with time locks typically set between 1 to 24 hours depending on network congestion.

Further Reading

Hash Time Locked Contracts (HTLC) Explained

Overview of HTLCs, how they work, and their role in atomic swaps

Visit resource

Atomic Swaps

Ethereum.org documentation explaining atomic swaps and HTLC fundamentals

Visit resource

Hashed TimeLock Contract

Technical definition and examples of HTLCs on Bitcoin Wiki

Visit resource

The Bitcoin Lightning Network

Original Lightning Network paper describing HTLCs in payment channels

Visit resource

Atomic Swap Guide

Practical guide to cross-chain atomic swaps using HTLCs

Visit resource
Chat on Telegram
Chat on WhatsApp