Reference : A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network
Scientific congresses, symposiums and conference proceedings : Paper published in a journal
Engineering, computing & technology : Computer science
Security, Reliability and Trust
A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network
Tikhomirov, Sergei mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > Computer Science and Communications Research Unit (CSC) >]
Moreno-Sanchez, Pedro mailto [TU Wien > Security and Privacy research unit]
Maffei, Matteo mailto []
Proceedings of 2020 IEEE European Symposium on Security and Privacy (EuroS&P)
IEEE Security & Privacy on the Blockchain (IEEE S&B 2020)
[en] Bitcoin ; Lightning Network ; privacy ; security ; anonymity ; scalability
[en] Payment channel networks have been introduced to mitigate the scalability issues inherent to permissionless decentralized cryptocurrencies such as Bitcoin. Launched in 2018, the Lightning Network (LN) has been gaining popularity and consists today of more than 5000 nodes and 30000 payment channels that jointly hold 895 bitcoins (7.6M USD as of February 2020). This adoption has motivated research from both academia and industry.

Payment channels suffer from security vulnerabilities, such as the wormhole attack, anonymity issues, and scalability limitations related to the upper bound on the number of concurrent payments per channel, which have been pointed out by the scientific community but never quantitatively analyzed.

In this work, we first analyze the proneness of the LN to the wormhole attack and attacks against anonymity. We observe that an adversary needs to control only 2% of LN nodes to learn sensitive payment information (e.g., sender, receiver and payment amount) or to carry out the wormhole attack. Second, we study the management of concurrent payments in the LN and quantify its negative effect on scalability. We observe that for micropayments, the forwarding capability of up to 50% of channels is restricted to a value smaller than the overall channel capacity. This phenomenon not only hinders scalability but also opens the door for DoS attacks: We estimate that a network-wide DoS attack costs within 1.5M USD, while isolating the biggest community from the rest of the network costs only 225k USD.

Our findings should prompt the LN community to consider the security, privacy and scalability issues of the network studied in this work when educating users about path selection algorithms, as well as to adopt multi-hop payment protocols that provide stronger security, privacy and scalability guarantees.

File(s) associated to this reference

Fulltext file(s):

Open access
tikhomirov-sanchez-maffei-lightning-quantitative.pdfAuthor preprint539.77 kBView/Open

Additional material(s):

File Commentary Size Access
Open access
lightning-quantitative-slides.pdf374.95 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.