# Cross-Chain Settlement Without Bridges
# Bilateral Netting, Off-Chain Verification, and Native Chain Finality
# Shane Calder — 132 Engineering — April 2026
# URL: https://cross-chain-settlement.shanescalder.com
# Series: Decentralised Finance Vol. 2 — Self-Custody Infrastructure Series

## What this is
A research paper arguing that cross-chain value transfer does not require cross-chain asset movement. Every bridge built to date — lock-and-mint, message relay, liquidity network — creates a persistent custody surface that holds assets between settlements and scales its attack surface with total value locked. Over $2 billion has been lost to bridge exploits since 2021. This paper describes an alternative: bilateral netting with native chain settlement.

## The core finding
Cross-chain settlement requires matched intent, native chain escrow, a shared cryptographic commitment, and a verification layer. It does not require assets to move between chains. Two parties on different chains with opposing intent each create escrow objects on their native chain, linked by a shared PREIMAGE-SHA-256 condition. Settlement executes natively on each chain. Nothing crosses. Nothing bridges. Nothing is held.

## Netting principle
Multilateral netting is proven at scale — CLS Bank settles $7.9 trillion daily in foreign exchange with 96%+ netting efficiency. Self-reported data from cross-chain intent protocols suggests 80%+ of cross-chain flows have natural counterparts and are nettable. The paper distinguishes between netting at the settlement layer (CLS-style obligation compression) and netting at the flow-matching layer (this paper — opposing intents matched, each side settles natively).

## Native chain escrow primitives
The protocol uses native escrow primitives: XRPL Escrow (first-class ledger object, PREIMAGE-SHA-256, 3-5 sec finality, XRP + all issued tokens via XLS-85 amendment February 2026), Bitcoin HTLC (script-level, OP_SHA256, ~60 min finality, BTC only), and EVM smart contracts (deployed contract, any ERC-20, 12-15 sec inclusion but ~12.8 min Casper FFG finality, MEV front-running risk on preimage reveal).

## The settlement protocol
A direct application of the HTLC-based atomic swap protocol (Nolan 2013, Herlihy 2018). The contribution is not the protocol itself but its framing as settlement infrastructure, the verification layer, and the comparative risk analysis. Steps: (1) Party A generates secret s, shares h=SHA-256(s) with Party B. (2) Both create escrows on their native chains locked with h, with time-lock asymmetry T₂ < T₁. (3) Party A reveals s on Chain 1; Party B observes and claims on Chain 2. (4) If s not revealed, both escrows refund. No assets lost in any failure case.

## Known limitations
Free option problem (Robinson 2019): Party A can observe markets and choose whether to complete or abandon. Sore loser problem (Xue & Herlihy 2021): a party may force timeout to prevent counterparty profit. Both result in timeout and refund, not loss. Mitigations include shorter timeouts, non-refundable fees, and reputation consequences.

## Threat model
Safety guaranteed under any adversary behaviour (no party loses assets). Liveness guaranteed only under cooperative behaviour. Assumptions: chain liveness, preimage secrecy, chain observability, SHA-256 security.

## Verification layer
Off-chain Merkle-tree-based append-only log. Records settlement lifecycle events. Selective disclosure via Merkle proofs. Optional anchoring to public chain (memo on XRPL, OP_RETURN on Bitcoin). Draws on certificate transparency log architecture. Limitation: cannot prevent collusion between both settlement participants.

## Risk comparison
Bridge risk: R_b(t) ∝ TVL(t) × P(exploit) — systemic, cumulative, non-zero continuously. Bilateral risk: R_h(t) = Σ V_i × P(failure_i) — bounded per settlement, V_i is time-value-of-capital (not loss-of-principal since refund guaranteed), drops to zero between settlements. Bridge risk is pooled and persistent; bilateral risk is isolated and transient.

## Fiat integration
Extends to fiat with significant caveats. The confirmation honesty problem: Party A must honestly confirm fiat receipt before revealing preimage. Fiat leg is opaque, slow, reversible — trust model weaker than pure crypto-to-crypto. Mitigations: bank attestation services, cryptographic receipts, reputation consequences. None fully resolve the asymmetry.

## Pools of willingness
Intent pools (not liquidity pools) — registries of parties declaring willingness to settle on a chain pair. Reputation from verifiable settlement history: completed settlements, timing, discrepancy rate, forced timeouts. Not stars — queryable Merkle-anchored data. CLS achieves netting within regulated membership; open intent pools lack this institutional scaffolding.

## Open gaps and opportunities
Matching infrastructure (cross-chain CLS equivalent), time-lock calibration (formal models per chain pair), dispute resolution (Merkle-proof-based arbitration), regulatory classification, fiat settlement assurance, cross-chain reputation portability, insurance and risk products (parametric, priced against settlement data).

## Section structure
§0 The Core Finding — cross-chain settlement without asset movement
§1 The Bridge Assumption — three models, all create custody surfaces, $2B+ in exploit losses
§2 Netting: A Proven Mechanism — CLS Bank, Everclear data, terminological distinction
§3 Native Chain Escrow Primitives — XRPL (XLS-85), Bitcoin HTLC, EVM contracts
§4 The Settlement Protocol — shared preimage, time-lock asymmetry, free option, sore loser
§5 Threat Model — safety vs liveness, five assumptions
§6 The Verification Layer — records, blocks, selective disclosure, anchoring
§7 Stateless vs Permanent Risk — risk formulas, systemic vs bounded
§8 Fiat Integration — confirmation honesty problem, asymmetries
§9 Pools of Willingness — intent pools, reputation from verifiable history, liquidity fragmentation
§10 Open Gaps & Opportunities — seven gaps as opportunities
§11 Conclusion — theoretical architecture awaiting empirical validation

## References
22 validated sources including: Chainalysis, CertiK, Mandiant/Google Cloud (bridge exploits), CLS Group (netting data), Herlihy 2018 (atomic swaps, PODC), Herlihy/Liskov/Shrira 2019 (cross-chain deals, VLDB), Robinson 2019 (HTLCs Considered Harmful, Stanford), Xue/Herlihy 2021 (sore loser, PODC), Buterin 2022 (cross-chain pessimism), SEC 2026 (tokenized securities), RippleX 2026 (XLS-85), ISDA 2023 (cross-product netting), Dziembowski/Eckey/Faust 2018 (FairSwap, CCS).

## Companion research
The Self-Custody Option (Vol. 1) — self-custody.shanescalder.com
Caput (Implementation) — caput.dev
Just The Tips (Ledger observer pattern) — justthetips.dev
Mini Ledger (Verification protocol) — 132recon.com
Negative Search — negativesearch.shanescalder.com

## Licensing
Free to read and share. Not to reproduce without written permission.
© 2026 Shane Calder · 132 Engineering
Developed in collaborative reasoning with Anthropic Claude.

## Author
Shane Calder — shanescalder.com — info@132eng.com
Principal Risk Consultant · AI Architect & Developer
132 Engineering — 132eng.dev
GitHub: ShaneSCalder · LinkedIn: shanecalder · X: @shane14472