Lightning Network Privacy in Grave Doubt: Attacker Can Easily Get Channel Balances; Design Flaws

Lightning Network

TL;DR: University researchers from Luxembourg and Norway, England and the United States, examined privacy aspects of the BTC second layer scaling solution, Lightning Network (LN). In Luxembourg and Norway, they found LN channel balances can be “easily” obtained. From England and the United States, researchers concluded privacy flaws were endemic to the very design of the Lightning Network.

Lightning Network Privacy in Grave Doubt

An Empirical Analysis of Privacy in the Lightning Network (Empirical), published late last month, researchers from the University College London, Nym Technologies, University of Illinois Urbana-Champaign, PISA Research, and IC3 “explored the three main privacy properties of the Lightning Network.”

Lightning Network
An Empirical Analysis of Privacy in the Lightning Network

After a seemingly exhaustive 17 page study, Empirical concluded “each property is susceptible to attacks by nodes who are either active (in the case of our balance and payment discovery attacks) or passive (in the case of our path attack),” noting especially how “the same interfaces that allow users to perform the basic functions of the network, such as connecting to peers and routing payments, can also be exploited to learn information that was meant to be kept secret.”

The Lightning Network was among the main answers provided by BTC maximalists during early scaling debates. LN was to be the solution for those who argued freeing arbitrary block size limitation to allow for faster, less expensive transactions on the BTC network. No block increase was needed. Lightning Network was essentially meant to dampen criticism from those who maintain Bitcoin is a peer-to-peer electronic cash system and originally designed to be a medium of exchange.

A Low Resource Attacker Can Probe LN Balances

Empirical researchers found privacy gaps with Lightning Network, suggesting “these limitations may be somewhat inherent, or at least that avoiding them would require changes at the design level rather than at the level of individual users.” This appears to be in line with LN opponents who have long charged Lightning Network is an over-engineered mess that creates more issues than it solves.

Lightning Network
Probing Channel Balances in the Lightning Network

Probing Channel Balances in the Lightning Network (Probing), published earlier this month by researchers from the University of Luxembourg, Esch-sur-Alzette, Luxembourg and the Department of Computer Science, Norwegian University of Science and Technology, Gjøvik, Norway, ends at 12 pages with a somewhat more optimistic conclusion for Lightning Network, calling it “a promising off-chain scaling solution for Bitcoin.”

However, Probing insists, “One of the major issues LN is yet to solve is routing efficiency: senders must choose routes with no information on balance distributions, causing payment failures.” LN advocates have stressed privacy is protected through “onion routing and [by] not broadcasting transactions.” In contrast, Probing found “LN channel balances are not well protected. Our experiments show that a low resource attacker can probe the balances of the majority of live and active channels, revealing their balances and potentially tracking the flow of value through selected channels in near real time.”

Bitcoin Cash

CONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.

DYOR: CoinSpice is your home for just spicy crypto things. We’re not affiliated with any cryptocurrency project or token. Each published piece is intended for information purposes only, not investment advice and not in the hope of impacting speculative markets. There are plenty of trading sites and coin-specific advocacy journals out there, we’re neither. CoinSpice strives for rigorous accuracy in our reporting. Information presented here is contingent usually on a host of factors, and the ecosystem moves fast — prices change, projects change, and at warp speed. Do your own research.

DISCLOSURE: The author holds cryptocurrency as part of his financial portfolio, including BCH.