Bitcoin Lightning Network might have another security vulnerability
In an effort to make Bitcoin more scalable, Joseph Poon and Thaddeus Dryja proposed the Lightning Network in 2016. The project improves scalability by creating a second layer on top of the Bitcoin blockchain, and substantially improves transaction speed because the transactions don’t need to be approved by all the nodes on the network.
However, various vulnerabilities have been found on the network after a formal security audit in September last year.
Blockchain technology firm, Blockstream, in addition to its corporate initiatives, has been actively involved in the Lightning Network’s development. They even developed ‘c-lightning’, an implementation of the network in the C programming language.
Recently, Christian Decker, a researcher at Blockstream, co-authored a research paper with Utz Nisslmueller, Klaus-Tycho Foerster, and Stefan Schmid — members of the faculty at the Computer Science department at the University of Vienna.
The paper presented two kinds of attacks — probing attacks and timing attacks.
A probing attack was described as when the malicious actor, through active probing, attempts to determine the maximum amount which can be transferred over a connected target channel. A timing attack was defined as when the hacker tries to find out how close the destination of a routed payment actually is.
The research paper demonstrated that it is, in fact, possible to trace channel payments on any node reachable from the attacking node, as long as it has “only one channel whose balance is lower or equal to the second-lowest balance on the route from the attacking node.”
However, the researchers also noted that nodes that declare themselves private could prevent being broadcasted via gossip, something that could be useful for mobile wallets or nodes with limited uptime, such as personal computers.
Further, while the team determined that it is not possible to find the distance to the initial payment source due to the nature of Lightning Network routing, it also found that the timing produced “uniformly distributed results over a local network with little outside interference.”
The research suggests that it is possible to exploit the layer-2 scaling solution’s off-chain routing mechanisms to obtain confidential information about the network’s state, something that could be a threat to end-users since most of them connect to a single, well-connected node in order to interact with the rest of the network.