ABSTRACT
The Lightning Network is a scaling solution for Bitcoin that promises to enable rapid and private payment processing. In Lightning, multi-hop payments are secured by utilizing Hashed Time-Locked Contracts (HTLCs) and encrypted on the network layer by an onion routing scheme to avoid information leakage to intermediate nodes. In this work, we however show that the privacy guarantees of the Lightning Network may be subverted by an on-path adversary conducting timing attacks on the HTLC state negotiation messages. To this end, we provide estimators that enable an adversary to reduce the anonymity set and infer the likeliest payment endpoints. We developed a proof-of-concept measurement node that shows the feasibility of attaining time differences and evaluate the adversarial success in model-based network simulations. We find that controlling a small number of malicious nodes is sufficient to observe a large share of all payments, emphasizing the relevance of the on-path adversary model. Moreover, we show that adversaries of different magnitudes could employ timing-based attacks to deanonymize payment endpoints with high precision and recall.
- Satoshi Nakamoto. 2008. Bitcoin: a peer-to-peer electronic cash system. (2008).Google Scholar
- Kyle Croman, Christian Decker, Ittay Eyal, Adem Efe Gencer, Ari Juels, Ahmed E. Kosba, Andrew Miller, Prateek Saxena, Elaine Shi, Emin Gün Sirer, Dawn Song, and Roger Wattenhofer. 2016. On scaling decentralized blockchains - aposition paper. In BITCOIN '16: Proceedings of the 3rd Workshop on Bitcoin Research. Christ Church, Barbados, (February 2016), 106--125.Google Scholar
- Sarah Meiklejohn, Marjori Pomarole, Grant Jordan, Kirill Levchenko, Damon McCoy, Geoffrey M Voelker, and Stefan Savage. 2013. A fistful of bitcoins: characterizing payments among men with no names. In IMC '13: Proceedings of the 13th ACM SIGCOMM Conference on Internet Measurement. Barcelona, Spain, (October 2013), 127--140.Google ScholarDigital Library
- Giulia C. Fanti and Pramod Viswanath. 2017. Deanonymization in the bitcoin P2P network. In NIPS '17: Proceedings of 30th Annual Conference on Neural Information Processing Systems. Long Beach, CA, USA, (December 2017).Google Scholar
- Joseph Poon and Thaddeus Dryja. 2016. The bitcoin lightning network: scalable off-chain instant payments, (January 2016).Google Scholar
- George Danezis and Ian Goldberg. 2009. Sphinx: A compact and provably secure mix format. In SP '09: Proceedings of the 30th IEEE Symposium on Security and Privacy. Oakland, CA, USA, 269--282.Google ScholarDigital Library
- Saar Tochner, Stefan Schmid, and Aviv Zohar. 2019. Hijacking routes in payment channel networks: A predictability tradeoff. CoRR, abs/1909.06890. arXiv: 1909.06890.Google Scholar
- Daniel R. L. Brown. 2010. Sec 2: recommended elliptic curve domain parameters. Certicom Research, (2010). http://www.secg.org/sec2-v2.pdf.Google Scholar
- Trevor Perrin. 2018. The noise protocol framework. (2018). https://noiseprotocol.org/noise.pdf.Google Scholar
- Lightning Network. 2020. BOLT in-progress specifications. (2020). https://github.com/lightningnetwork/lightning-rfc.Google Scholar
- Edsger W. Dijkstra. 1959. A note on two problems in connexion with graphs. Numerische Mathematik, 1, 269--271.Google ScholarDigital Library
- Giulio Malavolta, Pedro Moreno-Sanchez, Aniket Kate, Matteo Maffei, and Srivatsan Ravi. 2017. Concurrency and privacy with payment-channel networks. In CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Dallas, TX, USA, 455--471.Google ScholarDigital Library
- Aaron Johnson, Chris Wacek, Rob Jansen, Micah Sherr, and Paul Syverson. 2013. Users get routed: traffic correlation on Tor by realistic adversaries. In CCS '13: Proceedings of the 20th ACM Conference on Computer and Communications Security. Berlin, Germany, (October 2013), 337--348.Google ScholarDigital Library
- Christian Decker. 2020. Rendez-vous routing proposal. (2020). https://github.com/lightningnetwork/lightning-rfc/blob/rendez-vous/proposals/0001-rendez-vous.md.Google Scholar
- Giulia C. Fanti, Shaileshh Bojja Venkatakrishnan, Surya Bakshi, Bradley Denby, Shruti Bhargava, Andrew Miller, and Pramod Viswanath. 2018. Dandelion++: lightweight cryptocurrency networking with formal anonymity guarantees. POMACS, 2, 2, 29:1--29:35.Google Scholar
- Ayelet Mizrahi and Aviv Zohar. 2020. Congestion attacks in payment channel networks. CoRR, abs/2002.06564. arXiv:2002.06564.Google Scholar
- Elisabetta Bergamini, Pierluigi Crescenzi, Gianlorenzo D'Angelo, Henning Meyerhenke, Lorenzo Severini, and Yllka Velaj. 2018. Improving the betweenness centrality of a node by adding links. ACM Journal of Experimental Algorithmics, 23.Google Scholar
- Zeta Avarikioti, Lioba Heimbach, Yuyi Wang, and Roger Wattenhofer. 2020. Ride the lightning: the game theory of payment channels. In FC '20: Proceedings of the 24th International Conference on Financial Cryptography and Data Security. Kota Kinabalu, Malaysia, 264--283.Google ScholarCross Ref
- Oguzhan Ersoy, Stefanie Roos, and Zekeriya Erkin. 2020. How to profit from payments channels. In FC '20: Proceedings of the 24th International Conference on Financial Cryptography and Data Security. Kota Kinabalu, Malaysia, 284--303.Google ScholarCross Ref
- Michael Bailey, David Dittrich, Erin Kenneally, and Douglas Maughan. 2012. The menlo report. IEEE Secur. Priv., 10, 2, 71--75.Google ScholarDigital Library
- c-lightning Project. 2020. Github. https://github.com/ElementsProject/lightning.Google Scholar
- Lightning Network. 2020. BOLT #4: onion routing protocol. (2020). https://github.com/lightningnetwork/lightning-rfc/blob/master/04-onion-routing.md.Google Scholar
- LND. 2020. Github: policy failure logic. https://github.com/lightningnetwork/lnd/blob/1354a461701b9396f0b4a35b01d308c5fcc0dbd2/routing/result_interpretation.go#L343.Google Scholar
- LND. 2020. Github commit: move second chance logic. https://github.com/lightningnetwork/lnd/commit/dc13da5abbfa429273b516abd566f6c6fa5bb200.Google Scholar
- Dogan Kesdogan, Jan Egner, and Roland Büschkes. 1998. Stop-and-go-mixes providing probabilistic anonymity in an open system. In IH '98: Proceedings of the Second International Workshop on Information Hiding. Portland, Oregon, USA, 83--98.Google ScholarCross Ref
- Ania M. Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, and George Danezis. 2017. The loopix anonymity system. In USENIX Security '17: Proceedings of the 26th USENIX Security Symposium. Vancouver, BC, Canada, 1199--1216.Google Scholar
- Vivek Kumar Bagaria, Joachim Neu, and David Tse. 2020. Boomerang: redundancy improves latency and throughput in payment-channel networks. In FC '20: Proceedings of the 24th International Conference on Financial Cryptography and Data Security. Kota Kinabalu, Malaysia, 304--324.Google ScholarCross Ref
- Giulio Malavolta, Pedro Moreno-Sanchez, Clara Schneidewind, Aniket Kate, and Matteo Maffei. 2019. Anonymous multi-hop locks for blockchain scalability and interoperability. In NDSS '19: Prooceedings of the 26th Annual Network and Distributed System Security Symposium. San Diego, California, USA.Google ScholarCross Ref
- Lightning Network. 2020. BOLT #7: P2P node and channel discovery. (2020). https://github.com/lightningnetwork/lightning-rfc/blob/master/07-routing-gossip.md.Google Scholar
- Lightning Network Daemon LND. 2018. Shadow route github issue. (2018). https://github.com/lightningnetwork/lnd/issues/1222.Google Scholar
- Till Neudecker, Philipp Andelfinger, and Hannes Hartenstein. 2016. Timing analysis for inferring the topology of the bitcoin peer-to-peer network. In UIC '16: Proceedings of the 2016 International Conference on Ubiquitous Intelligence & Computing. Toulouse, France, (July 2016).Google ScholarCross Ref
- Erik Daniel, Elias Rohrer, and Florian Tschorsch. 2019. Map-z: exposing the zcash network in times of transition. In LCN '19: Proceedings of the 44th IEEE International Conference on Local Computer Networks. Osnabrück, Germany, (October 2019).Google ScholarCross Ref
- George Kappos, Haaroon Yousaf, Ania Piotrowska, Sanket Kanjalkar, Sergi Delgado-Segura, Andrew Miller, and Sarah Meiklejohn. 2020. An empirical analysis of privacy in the lightning network. arXiv preprint arXiv:2003.12470.Google Scholar
- Dorit Ron and Adi Shamir. 2013. Quantitative analysis of the full bitcoin transaction graph. In FC '13: Proceedings of the 17th International Conference on Financial Cryptography and Data Security. Okinawa, Japan, (April 2013), 6--24.Google ScholarCross Ref
- Philip Koshy, Diana Koshy, and Patrick McDaniel. 2014. An analysis of anonymity in bitcoin using p2p network traffic. In FC '14: Proceedings of the 18th International Conference on Financial Cryptography and Data Security. Barbados, (March 2014), 469--485.Google ScholarCross Ref
- Alex Biryukov, Dmitry Khovratovich, and Ivan Pustogarov. 2014. Deanonymisation of clients in bitcoin p2p network. In CCS '14: Proceedings of the 21st ACM Conference on Computer and Communications Security. Scottsdale, AZ, USA, (November 2014), 15--29.Google ScholarDigital Library
- Shaileshh Bojja Venkatakrishnan, Giulia C. Fanti, and Pramod Viswanath. 2017. Dandelion: redesigning the bitcoin network for anonymity. Proceedings of the ACM on Measurement and Analysis of Computing Systems (POMACS).Google ScholarDigital Library
- Florian Tramèr, Dan Boneh, and Kenneth G. Paterson. 2020. Remote side-channel attacks on anonymous transactions. IACR Cryptology ePrint Archive, 2020, 220.Google Scholar
- Elias Rohrer, Julian Malliaris, and Florian Tschorsch. 2019. Discharged payment channels: quantifying the lightning network's resilience to topology-based attacks. In S&B '19: Proceedings of IEEE Security & Privacy on the Blockchain. (June 2019).Google Scholar
- Jordi Herrera-Joancomartí, Guillermo Navarro-Arribas, Alejandro Ranchal Pedrosa, Cristina Pérez-Solà, and Joaquín García-Alfaro. 2019. On the difficulty of hiding the balance of lightning network channels. In AsiaCCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security. Auckland, New Zealand, 602--612.Google ScholarDigital Library
- Gijs van Dam, Rabiah Abdul Kadir, Puteri N. E. Nohuddin, and Halimah Badioze Zaman. 2019. Improvements of the balance discovery attack on lightning network payment channels. IACR Cryptology ePrint Archive, 2019, 1385.Google Scholar
- Weizhao Tang, Weina Wang, Giulia C. Fanti, and Sewoong Oh. 2020. Privacy-utility tradeoffs in routing cryptocurrency over payment channel networks. Proc. ACM Meas. Anal. Comput. Syst., 4, 2, 29:1--29:39.Google Scholar
- István András Seres, László Gulyás, Dániel A. Nagy, and Péter Burcsi. 2019. Topological analysis of bitcoin's lightning network. CoRR, abs/1901.04972. arXiv: 1901.04972.Google Scholar
- Jian-Hong Lin, Kevin Primicerio, Tiziano Squartini, Christian Decker, and Claudio J. Tessone. 2020. Lightning network: a second path towards centralisation of the bitcoin economy. CoRR, abs/2002.02819. arXiv: 2002.02819.Google Scholar
- Stefano Martinazzi and Andrea Flori. 2020. The evolving topology of the lightning network: centralization, efficiency, robustness, synchronization, and anonymity. PloS one, 15, 1, e0225966.Google ScholarCross Ref
- Ferenc Béres, István András Seres, and András A. Benczúr. 2019. A cryptoeconomic traffic analysis of bitcoins lightning network. CoRR, abs/1911.09432. arXiv: 1911.09432.Google Scholar
- Sergei Tikhomirov, Pedro Moreno-Sanchez, and Matteo Maffei. 2020. A quantitative analysis of security, anonymity and scalability for the lightning network. IACR Cryptol. ePrint Arch., 2020, 303.Google Scholar
- Utz Nisslmueller, Klaus-Tycho Foerster, Stefan Schmid, and Christian Decker. 2020. Toward active and passive confidentiality attacks on cryptocurrency off-chain networks. In ICISSP '20: Proceedings of the 6th International Conference on Information Systems Security and Privacy. Valetta, Malta.Google ScholarCross Ref
- Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro, and Sharon Goldberg. 2017. Tumblebit: an untrusted bitcoin-compatible anonymous payment hub. In NDSS '17: Proceedings of the 24th Annual Network and Distributed System Security Symposium. San Diego, California, USA.Google ScholarCross Ref
- Matthew Green and Ian Miers. 2017. Bolt: anonymous payment channels for decentralized currencies. In CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Dallas, TX, USA, 473--489.Google ScholarDigital Library
- Stefanie Roos, Pedro Moreno-Sanchez, Aniket Kate, and Ian Goldberg. 2018. Settling payments fast and private: efficient decentralized routing for path-based transactions. In NDSS '18: Proceedings of the 25th Symposium on Network and Distributed System Security. San Diego, CA, USA, (February 2018).Google ScholarCross Ref
- Subhra Mazumdar, Sushmita Ruj, Ram Govind Singh, and Arindam Pal. 2020. Hushrelay: A privacy-preserving, efficient, and scalable routing algorithm for off-chain payments. CoRR, abs/2002.05071. arXiv: 2002.05071.Google Scholar
- Inc. MaxMind. 2020. Geoip geolite2 database. https://dev.maxmind.com/geoip/geoip2/geolite2/.Google Scholar
- Bitnodes. 2020. Homepage. https://bitnodes.io.Google Scholar
- Dallas, TX, USA, (October 2017).Google Scholar
- Kota Kinabalu, Malaysia, (February 2020).Google Scholar
Index Terms
- Counting Down Thunder: Timing Attacks on Privacy in Payment Channel Networks
Recommendations
On the security of RFID anti-counting security protocol (ACSP)
Recently Qian et al. (2012) [26] have proposed a new attack for RFID systems, called counting attack, where the attacker just aims to estimate the number of tagged objects instead of steal the tags' private information. They have stated that most of ...
A new cell-counting-based attack against Tor
Various low-latency anonymous communication systems such as Tor and Anonymizer have been designed to provide anonymity service for users. In order to hide the communication of users, most of the anonymity systems pack the application data into equal-...
Wise counting: fast and efficient batch authentication for large-scale RFID systems
MobiHoc '14: Proceedings of the 15th ACM international symposium on Mobile ad hoc networking and computingRadio Frequency Identification technology (RFID) is widely used in many applications, such as asset monitoring, e-passport and electronic payment, and is becoming one of the most effective solutions in cyber physical system. Since the identification ...
Comments