17 April, 2020 | AtoZ Markets – The Lightning Network, a second-layer technology stack built on top of Bitcoin, is typically billed as an improvement in transaction speed and privacy for Bitcoin. In terms of privacy, payments are settled in peer-to-peer with the actors of the secondary network. Since transactions are not settled immediately on the primary Bitcoin network, they are never publicly stored. This gives people the impression that, as a side effect, lightning can make Bitcoin more private too.
Wallet Balances on Bitcoin Lightning Network Aren't Private
However, researchers from the Norwegian University and the University of Luxembourg have published a research document detailing an attack that can de-anonymize transactions on Bitcoin’s Lightning network.
Four researchers, as well as the developer of the Lightning community, Ren Pickhardt, contributed to this research. Academics said they used transfer routing to “probe” Lightning’s channels and find out how much Bitcoin is in balance.
The document describes the “probe” attack as taking “less than a minute per channel” and requiring “a moderate capital commitment and no expense”. The research team “probed” the channels of the Lightning network on Bitnet’s Testnet by sending payments of varying sizes to the different players in the network. It unmasks the balances of the channels.
The Lightning Network processes the payments directly between two parties. It can also process by routing an individual sends funds to a channel to which they do not have direct access via a mutual third party.
Using a myriad of transactions routed over the Bitcoin testnet, researchers were able to reveal channel balances. The attack is virtually free to execute, with researchers configuring all of the transactions. It underlies their probe attacks to fail “either because of an insufficient balance or because of an intentionally incorrect hash value “.
Read More: US Congresswoman Vows to Brand Facebook’s Libra a Security
Solutions of the Privacy Issues
The team offers several possible solutions to the survey attack. But they point out that each possible solution requires a compromise between privacy and efficiency.
“It seems unlikely that we will be able to achieve the best privacy and routing efficiency at the same time,” said Sergei Tikhomirov, one of the researchers. “Having to compromise efficiency and security/privacy is not a new problem. Systems made efficient by processing different tasks in different ways. It reveals information about those tasks”.
One solution is to modify the routing structure of Lightning Network. It allows intermediate nodes (rather than the sender’s node) to determine the route of a payment. This would improve routing efficiency at the expense of privacy. The other solution is to make the nodes return modified data to deceive the attackers. But that would be very heavy in terms of calculations and would sacrifice routing efficiency.
Think we missed something? Let us know in the comment section below.
