[en] Bitcoin can process only a few transactions per second, which is insufficient for a global payment network. The Lightning Network (LN) aims to address this challenge. The LN allows for low-latency bitcoin transfers through a network of payment channels. In contrast to regular Bitcoin transactions, payments in the LN are not globally broadcast. Thus it may improve not only Bitcoin's scalability but also privacy. However, the probing attack allows an adversary to discover channel balances, threatening users' privacy. Prior work on probing did not account for the possibility of multiple (parallel) channels between two nodes. Naive probing algorithms yield false results for parallel channels.
In this work, we develop a new probing model that accurately accounts for parallel channels. We describe jamming-enhanced probing that allows for full balance information extraction in multi-channel hops, which was impossible with earlier probing methods. We quantify the attacker's information gain and propose an optimized algorithm for choosing probe amounts for N-channel hops. We demonstrate its efficiency based on real-world data using our own probing-focused LN simulator. Finally, we discuss countermeasures such as new forwarding strategies, intra-hop payment split, rebalancing, and unannounced channels.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > CryptoLUX
Disciplines :
Sciences informatiques
Auteur, co-auteur :
BIRYUKOV, Alexei ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS) ; SnT
Naumenko, Gleb
TIKHOMIROV, Sergei ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Cryptolux
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Analysis and Probing of Parallel Channels in the Lightning Network
Date de publication/diffusion :
02 mai 2022
Nom de la manifestation :
Financial Cryptography and Data Security 2022
Date de la manifestation :
May 2-6, 2022
Manifestation à portée :
International
Titre de l'ouvrage principal :
inancial Cryptography and Data Security - 26th International Conference, FC 2022
Maison d'édition :
Springer
ISBN/EAN :
978-3-031-18282-2
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
Projet FnR :
FNR11684537 - Security, Scalability, And Privacy In Blockchain Applications And Smart Contracts, 2017 (01/08/2018-31/07/2021) - Alex Biryukov
Multi-path payments in LND: Making channel balances add up (2020). https://lightning.engineering/posts/2020-05-07-mpp/
Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_4
Awathare, N., Suraj, A., Ribeiro, V.J., Bellur, U.: REBAL: channel balancing for payment channel networks. In: 29th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems, MASCOTS 2021, Houston, TX, USA, 3–5 November, 2021, pp. 1–8. IEEE (2021). https://doi. org/10.1109/MASCOTS53633.2021.9614304
Biryukov, A., Naumenko, G., Tikhomirov, S.: Analysis and probing of parallel channels in the lightning network. IACR Cryptol. ePrint Arch, p. 384 (2021). https://eprint.iacr.org/2021/384
Béres, F., Seres, I.A., Benczúr, A.A.: A cryptoeconomic traffic analysis of Bitcoin’s Lightning network. Cryptoeconomic Systems, 6 2020. https://cryptoeconomicsystems.pubpub.org/pub/b8rb0ywn
Conoscenti, M., Vetrò, A., Martin, J., Spini, F.: The CLoTH simulator for HTLC payment networks with introductory Lightning network performance results. Inf. 9(9), 223 (2018)
van Dam, G., Kadir, R.A., Nohuddin, P.N.E., Zaman, H.B.: Improvements of the balance discovery attack on lightning network payment channels. In: Hölbl, M., Rannenberg, K., Welzer, T. (eds.) SEC 2020. IAICT, vol. 580, pp. 313–323. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58201-2_21
EmelyanenkoK: Payment channel congestion via spam-attack (2017). https://github.com/lightningnetwork/lightning-rfc/issues/182
Engelmann, F., Kopp, H., Kargl, F., Glaser, F., Weinhardt, C.: Towards an economic analysis of routing in payment channel networks. In: Proceedings of the 1st Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers, December 2017. https://doi.org/10.1145/3152824.3152826,https://arxiv.org/abs/1711.02597
Harris, J., Zohar, A.: Flood & loot: a systemic attack on the Lightning network. In: AFT ’20: 2nd ACM Conference on Advances in Financial Technologies, New York, NY, USA, 21–23 October 2020, pp. 202–213. ACM (2020). https://doi.org/10.1145/3419614.3423248. https://arxiv.org/abs/2006.08513
Hase, T., Wallace, V.: Smarter autopilot, April 2019. https://blog.lightning. engineering/announcement/2019/04/23/mainnet-app.html
Hearn, M., Spilman, J.: Anti dos for tx replacement (2013). https://lists. linuxfoundation.org/pipermail/bitcoin-dev/2013-April/002417.html
Herrera-Joancomartí, J., Navarro-Arribas, G., Pedrosa, A.R., Pérez-Solà, C., García-Alfaro, J.: On the difficulty of hiding the balance of Lightning network channels. In: Galbraith, S.D., Russello, G., Susilo, W., Gollmann, D., Kirda, E., Liang, Z. (eds.) Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, AsiaCCS 2019, Auckland, New Zealand, 09–12 July, 2019. pp. 602–612. ACM (2019). https://doi.org/10.1145/3321705.3329812. https://eprint. iacr.org/2019/328
Jager, J.: A proposal for up-front payments (2020). https://lists.linuxfoundation. org/pipermail/lightning-dev/2020-March/002585.html
Kappos, G., et al.: An empirical analysis of privacy in the lightning network. In: Borisov, N., Diaz, C. (eds.) FC 2021. LNCS, vol. 12674, pp. 167–186. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-662-64322-8_8
Khalil, R., Gervais, A.: Revive: Rebalancing off-blockchain payment networks. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30-November 03, 2017, pp. 439–453. ACM (2017). https://doi.org/10.1145/3133956.3134033. https://eprint.iacr.org/2017/823
Kumble, S.P., Roos, S.: Comparative analysis of lightning’s routing clients. In: IEEE International Conference on Decentralized Applications and Infrastructures, DAPPS 2021, Online Event, 23–26 August, 2021, pp. 79–84. IEEE (2021). https://doi.org/10.1109/DAPPS52256.2021.00014
Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., Maffei, M.: Anonymous multi-hop locks for blockchain scalability and interoperability. In: 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24–27, 2019. The Internet Society (2019). https://eprint.iacr.org/2018/472
Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M., Savage, S.: A fistful of bitcoins: Characterizing payments among men with no names. login Usenix Mag. 38(6) (2013). https://www.usenix. org/publications/login/december-2013-volume-38-number-6/fistful-bitcoins-characterizing-payments-among
Mizrahi, A., Zohar, A.: Congestion attacks in payment channel networks. In: Borisov, N., Diaz, C. (eds.) FC 2021. LNCS, vol. 12675, pp. 170–188. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-662-64331-0_9
Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf
Nisslmueller, U., Foerster, K., Schmid, S., Decker, C.: Toward active and passive confidentiality attacks on cryptocurrency off-chain networks. In: Furnell, S., Mori, P., Weippl, E.R., Camp, O. (eds.) Proceedings of the 6th International Conference on Information Systems Security and Privacy, ICISSP 2020, Valletta, Malta, 25–27 February 2020, pp. 7–14. SCITEPRESS (2020). https://doi.org/10.5220/0009429200070014,https://arxiv.org/abs/2003.00003
Pérez-Solà, C., Ranchal-Pedrosa, A., Herrera-Joancomartí, J., Navarro-Arribas, G., Garcia-Alfaro, J.: LockDown: balance availability attack against lightning network channels. In: Bonneau, J., Heninger, N. (eds.) FC 2020. LNCS, vol. 12059, pp. 245–263. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51280-4_14
Pickhardt, R.: Just in time routing (JIT-routing) and a channel rebalancing heuristic as an add on for improved routing success in BOLT 1.0 (2019). https://lists. linuxfoundation.org/pipermail/lightning-dev/2019-March/001891.html
Poelstra, A.: Lightning in scriptless scripts, March 2017. https://lists.launchpad. net/mimblewimble/msg00086.html
Poon, J., Dryja, T.: The Bitcoin Lightning network: Scalable off-chain instant payments. Technical report (2016)
Research, B.: Proportion of public vs private channels (2020). https://blog.bitmex. com/lightning-network-part-7-proportion-of-public-vs-private-channels/
Riard, A.: Route blinding, October 2020. https://github.com/lightningnetwork/lightning-rfc/pull/765#pullrequestreview-511147029
Riard, A., Naumenko, G.: Stake certificates (2020). https://thelab31.xyz/stake-certificates
Riard, A., Naumenko, G.: Time-dilation attacks on the Lightning network. Cryptoeconomic Systems 1(2), October 2021. https://doi.org/10.21428/58320208. 6ac6960a. https://cryptoeconomicsystems.pubpub.org/pub/riard-lightning-dilation
Rohrer, E., Malliaris, J., Tschorsch, F.: Discharged payment channels: Quantifying the Lightning network’s resilience to topology-based attacks. In: 2019 IEEE European Symposium on Security and Privacy Workshops, EuroS&P Workshops 2019, Stockholm, Sweden, 17–19 June 2019, pp. 347–356. IEEE (2019). https://doi.org/10.1109/EuroSPW.2019.00045. https://arxiv.org/abs/1904.10253
Rohrer, E., Tschorsch, F.: Counting down thunder: timing attacks on privacy in payment channel networks. In: AFT ’20: 2nd ACM Conference on Advances in Financial Technologies, New York, NY, USA, 21–23 October, 2020, pp. 214– 227. ACM (2020). https://doi.org/10.1145/3419614.3423262. https://arxiv.org/abs/2006.12143
Romiti, M., Victor, F., Moreno-Sanchez, P., Nordholt, P.S., Haslhofer, B., Maffei, M.: Cross-layer deanonymization methods in the lightning protocol. In: Borisov, N., Diaz, C. (eds.) FC 2021. LNCS, vol. 12674, pp. 187–204. Springer, Heidelberg (2021). https://doi.org/10.1007/978-3-662-64322-8_9
Russel, R.: A proposal for up-front payments. https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-November/002275.html
Russel, R.: Loop attack with onion routing, August 2015. https://lists. linuxfoundation.org/pipermail/lightning-dev/2015-August/000135.html
Seres, I.A., Gulyás, L., Nagy, D.A., Burcsi, P.: Topological analysis of Bitcoin’s Lightning network. In: MARBLE, pp. 1–12. Springer (2019), https://arxiv.org/abs/1901.04972
Tang, W., Wang, W., Fanti, G.C., Oh, S.: Privacy-utility tradeoffs in routing cryptocurrency over payment channel networks. In: Yeh, E., Markopoulou, A., Tay, Y.C. (eds.) Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer Systems, Boston, MA, USA, 8–12 June, 2020, pp. 81–82. ACM (2020). https://doi.org/10.1145/3393691. 3394213. https://arxiv.org/abs/1909.02717
Teinturier, B.: Trampoline onion format (feature 24/25). https://github.com/lightningnetwork/lightning-rfc/pull/836
Teinturier, B.: Spamming the Lightning network, November 2020. https://github. com/t-bast/lightning-docs/blob/master/spam-prevention.md#costless-channel-probing
Tikhomirov, S., Moreno-Sanchez, P., Maffei, M.: A quantitative analysis of security, anonymity and scalability for the Lightning network. In: 2020 IEEE European Symposium on Security and Privacy Workshops, EuroS&P Workshops 2020, September, pp. 7–11, 2020. IEEE (2020). https://eprint.iacr.org/2020/303
Tikhomirov, S., Pickhardt, R., Biryukov, A., Nowostawski, M.: Probing channel balances in the Lightning network. CoRR abs/2004.00333 (2020). https://arxiv. org/abs/2004.00333
Tochner, S., Schmid, S., Zohar, A.: Hijacking routes in payment channel networks: a predictability tradeoff. CoRR abs/1909.06890 (2019). https://arxiv.org/abs/1909. 06890
Tsabary, I., Yechieli, M., Manuskin, A., Eyal, I.: MAD-HTLC: because HTLC is crazy-cheap to attack. In: 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24–27 May 2021. pp. 1230–1248. IEEE (2021). https://doi.org/10.1109/SP40001.2021.00080. https://arxiv.org/abs/2006.12031
Zhang, Y., Yang, D., Xue, G.: Cheapay: an optimal algorithm for fee minimization in blockchain-based payment channel networks. In: ICC 2019–2019 IEEE International Conference on Communications (ICC), pp. 1–6 (2019). https://doi.org/10. 1109/ICC.2019.8761804
ZmnSCPxj: Outsourcing route computation with trampoline payments (2019). https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-April/001950. html
ZmnSCPxj: A payment point feature family, October 2019. https://lists. linuxfoundation.org/pipermail/lightning-dev/2019-October/002225.html
