A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network
Title | A Quantitative Analysis of Security, Anonymity and Scalability for the Lightning Network |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Tikhomirov, S., Moreno-Sanchez, P., Maffei, M. |
Conference Name | 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS PW) |
Date Published | Sept. 2020 |
Publisher | IEEE |
ISBN Number | 978-1-7281-8597-2 |
Keywords | anonymity, anonymity issues, bitcoin, channel capacity, computer network security, concurrent payments, contracts, cryptocurrencies, cryptographic protocols, data privacy, denial-of-service attacks, Human Behavior, Lightning, Lightning Network, LN community, multihop payment protocols, network-wide DoS attack costs, payment channel networks, permissionless decentralized cryptocurrencies, privacy, pubcrawl, quantitative analysis, Receivers, Scalability, security, security vulnerabilities, sensitive payment information, wormhole attack |
Abstract | Payment channel networks have been introduced to mitigate the scalability issues inherent to permissionless decentralized cryptocurrencies such as Bitcoin. Launched in 2018, the Lightning Network (LN) has been gaining popularity and consists today of more than 5000 nodes and 35000 payment channels that jointly hold 965 bitcoins (9.2M USD as of June 2020). This adoption has motivated research from both academia and industryPayment channels suffer from security vulnerabilities, such as the wormhole attack [39], anonymity issues [38], and scalability limitations related to the upper bound on the number of concurrent payments per channel [28], which have been pointed out by the scientific community but never quantitatively analyzedIn this work, we first analyze the proneness of the LN to the wormhole attack and attacks against anonymity. We observe that an adversary needs to control only 2% of nodes to learn sensitive payment information (e.g., sender, receiver, and amount) or to carry out the wormhole attack. Second, we study the management of concurrent payments in the LN and quantify its negative effect on scalability. We observe that for micropayments, the forwarding capability of up to 50% of channels is restricted to a value smaller than the channel capacity. This phenomenon hinders scalability and opens the door for denial-of-service attacks: we estimate that a network-wide DoS attack costs within 1.6M USD, while isolating the biggest community costs only 238k USDOur findings should prompt the LN community to consider the issues studied in this work when educating users about path selection algorithms, as well as to adopt multi-hop payment protocols that provide stronger security, privacy and scalability guarantees. |
URL | https://ieeexplore.ieee.org/document/9229723 |
DOI | 10.1109/EuroSPW51379.2020.00059 |
Citation Key | tikhomirov_quantitative_2020 |
- LN community
- wormhole attack
- sensitive payment information
- security vulnerabilities
- security
- Scalability
- Receivers
- quantitative analysis
- pubcrawl
- privacy
- permissionless decentralized cryptocurrencies
- payment channel networks
- network-wide DoS attack costs
- multihop payment protocols
- anonymity
- Lightning Network
- Lightning
- Human behavior
- denial-of-service attacks
- data privacy
- Cryptographic Protocols
- cryptocurrencies
- contracts
- concurrent payments
- computer network security
- channel capacity
- bitcoin
- anonymity issues