quantitative analysis of lightning network privacy
play

Quantitative Analysis of Lightning Network Privacy Sergei Tikhomirov - PowerPoint PPT Presentation

Jan 28, 2023 •248 likes •436 views

Quantitative Analysis of Lightning Network Privacy Sergei Tikhomirov (University of Luxembourg), Pedro Moreno-Sanchez (TU Wien), Matteo Maffei (TU Wien) Full paper: https://eprint.iacr.org/2020/303 Why Lightning? Bitcoin scales poorly (~3

  1. Quantitative Analysis of Lightning Network Privacy Sergei Tikhomirov (University of Luxembourg), Pedro Moreno-Sanchez (TU Wien), Matteo Maffei (TU Wien) Full paper: https://eprint.iacr.org/2020/303

  2. Why Lightning? ● Bitcoin scales poorly (~3 tx / sec): all nodes validate all transactions ● Two approaches: on-chain (sharding) and off-chain (Lightning) We focus on the Lightning Network – a payment channel network for Bitcoin: ● Backwards compatible ● Deployed and used in practice (1000 BTC in 30k+ channels) ● New security and privacy challenges

  3. Payment channel example Alice: 9 8 7 Bob Alice Bob: 1 2 3 ✔ : Alice, ❓ Bob Off-chain On-chain (Alice, Bob): 10 Alice: 7 Bob ⏰ : 3 Alice ⏰ : 10 ✔ : Alice, ✔ : Bob ✔ : Alice

  4. Payment channel network ● Expensive to open channels between every two users (fees, confirmations) ● Solution: a network of payment channels ● Must ensure atomicity in multi-hop payments 101 coins 100 coins Alice Bob Charlie

  5. Lightning Network architecture ● LN ensures atomicity with hash time-locked contracts (HTLCs) ● Coins go to Bob if he shows a hash preimage before time t, otherwise to Alice HTLC(100, h, t ₀ ) HTLC(101, h, t ₁ ) Alice Bob Charlie r r r h=hash(r)

  6. Our contributions LN offers security (HTLC) and privacy (off-chain), but attacks have been reported. We all want LN to be secure and private, but what exactly does that mean? In this work, we: ● quantify the effect of three previously described attacks* ● analyze a limitation on payment concurrency ● describe a new DoS attack vector * Malavolta et al. Concurrency and privacy with payment-channel networks. CCS, 2017. Malavolta et al. Anonymous multi-hop locks for blockchain scalability and interoperability. NDSS, 2019.

  7. Value privacy Attacker learns how much is being transacted. Trivial for on-path adversaries: amounts are in plaintext. Sufficient condition: 1 attacker’s node on the path. (103 sat, h, t ₃ ) (102 sat, h, t ₂ ) (101 sat, h, t ₁ ) (100 sat, h, t ₀ ) Alice Bob

  8. Relationship anonymity Attacker learns who pays whom (with probability much better than random guess) Payments are linked by the same hash value. Sufficient condition: 2 attacker’s nodes on the path. (103 sat, h, t ₃ ) (102 sat, h, t ₂ ) (101 sat, h, t ₁ ) (100 sat, h, t ₀ ) Alice Alice Bob Bob

  9. Wormhole attack Attacker “shortcuts” a payment, taking fee from the honest node. Damage for the honest node: a) no fees, b) capital locked until timeout expires. Sufficient condition: 2 attacker’s nodes on the path with honest nodes in between. (103 sat, h, t ₃ ) (102 sat, h, t ₂ ) (101 sat, h, t ₁ ) (100 sat, h, t ₀ ) Alice Alice Bob Bob (101 sat, h, t ₂ )

  10. Experiment outline ● Assume that a certain subset of nodes is compromised ● Find all suitable paths between random sender and receiver ● Calculate the share of paths vulnerable to a given attack ● Average the result across many random runs VP RA WA Path 1 Safe Safe Safe Bob Alice Path 2 Prone Safe Safe Path 3 Prone Prone Safe Path 4 Prone Prone Prone Prone 75% 50% 25%

  11. Results: highest degree nodes compromised

  12. Countermeasures A trade-off between connectivity and privacy: ● Routing via large nodes: dangerous if they are compromised ● Routing via small nodes: less liquidity and uptime Bob Alice

  13. HTLC limit How many concurrent payments can LN handle? ● One channel may hold multiple concurrent HTLCs ● Channel parties must be able to dispute malicious closures on-chain ● Dispute transactions include all in-flight (unresolved) HTLCs ● Bitcoin transactions must be < 100 KB ● Consequently, a channel supports at most 966 HTLCs ( HTLC limit )

  14. Example of HTLC depletion Consider a channel with capacity of 1M sat. No HTLCs can be added, though capacity is not depleted. Unresolved HTLCs 1 HTLC (to Alice, 1000 sat, 0xdf86...) 2 HTLC (to Bob, 1000 sat, 0x0a1f...) … … 966 HTLC (to Alice, 1000 sat, 0x6f26...) Total value of HTLCs (sat) 966k < 1M Number of HTLCs 966

  15. Up to 50% of channels affected Two limiting factors: capacity and HTLC limit. Depends on the amount: ● 0 – 546 sat (dust limit): no HTLC created ● 546 – 2700 sat (0.3 USD): HTLC limit is more important ● >2700 sat: capacity is more important

  16. DoS by exceeding the HTLC limit ● An attacker blocks a channel by sending 966 near-dust payments ● Does not require as many coins as in the victim channel ● Can block a channel with 966*546 = 527k sat (~60 USD) Channel capacity (sat) Attacker’s capital for DoS Capacity-based HTLC-based 100k 100k 527k 1M 1M 527k 10M 10M 527k

  17. Conclusion ● Privacy attacks are possible with only Alice Bob a few “important” nodes compromised ● Limited throughput for micropayments ● A new DoS vector Full paper: https://eprint.iacr.org/2020/303

Recommend

L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L

L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L

STRUCK BY LIZ LIGHTNING PRODUCTIONS PRESENTS: L is for Lightning! An analysis and comparison of lightning and lightning incidents in Co L orado versus F L orida By: Elizabeth Liz Lightning Prasse Why lightning? Personal survivor

423 views • 23 slides
Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does

Lightning Introductions PRIVACY ENABLING DESIGN May 7-8, 2015 Brian Anderson / IBM Where does privacy end and security begin? What are the responsibilities of an organization to protect their assets while balancing the privacy of those who

980 views • 52 slides
Lightning Introductions ENGINEERING PRIVACY August 31-September 1st, 2015 Annie Antn /

Lightning Introductions ENGINEERING PRIVACY August 31-September 1st, 2015 Annie Antn /

Lightning Introductions ENGINEERING PRIVACY August 31-September 1st, 2015 Annie Antn / Georgia Institute of Technology What is the nature of privacy and security threats posed by the Internet of Things in the context of meaningful

671 views • 65 slides
DoS on a Bitcoin Lightning Network channel Willem Rens July 5, 2018 MSc Systems and Network

DoS on a Bitcoin Lightning Network channel Willem Rens July 5, 2018 MSc Systems and Network

DoS on a Bitcoin Lightning Network channel Willem Rens July 5, 2018 MSc Systems and Network Engineering University of Amsterdam Research Project 2 Introduction Bitcoin has a hard time scaling. The Bitcoin Lightning Network was proposed

670 views • 21 slides
Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start

Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption With good encryption, data values not readable So whats the problem? Lecture 17 Page 1 CS 236 Online Traffic Analysis

532 views • 21 slides
Lightning Introductions PRIVACY BY DESIGN February 5-6, 2015 Annie Antn / Georgia Institute

Lightning Introductions PRIVACY BY DESIGN February 5-6, 2015 Annie Antn / Georgia Institute

Lightning Introductions PRIVACY BY DESIGN February 5-6, 2015 Annie Antn / Georgia Institute of Technology What is the nature of privacy and security threats posed by the Internet of Things in the context of meaningful applications in the

771 views • 50 slides
Ant routing for the Lightning Network (with C. Grunspan) Ricardo P erez-Marco @rperezmarco

Ant routing for the Lightning Network (with C. Grunspan) Ricardo P erez-Marco @rperezmarco

Decentralized Networks Lightning Network. Biological ant routing Basic ant routing for LN Ant routing for the Lightning Network (with C. Grunspan) Ricardo P erez-Marco @rperezmarco webusers.imj-prg.fr/ ricardo.perez-marco CNRS,

1.32k views • 115 slides
Transient Analysis Lightning Phenomena HV Transient Analysis Classes and shape of overvoltages

Transient Analysis Lightning Phenomena HV Transient Analysis Classes and shape of overvoltages

Chapter 8 Overvoltage Phenomenon &amp; HV Transient Analysis Lightning Phenomena HV Transient Analysis Classes and shape of overvoltages and standard voltage shape Analysis of overvoltages in power system includes a study of their:

1.04k views • 35 slides
P i Privacy and Network Analysis: d N t k A l i Examples and Questions p Q Ramayya Krishnan

P i Privacy and Network Analysis: d N t k A l i Examples and Questions p Q Ramayya Krishnan

P i Privacy and Network Analysis: d N t k A l i Examples and Questions p Q Ramayya Krishnan (rk2x@cmu.edu) Director, iLab Dean, Heinz College School of Information Systems and Management School of Public Policy and Management Outline Outline

645 views • 63 slides
Privacy analysis of DNS resolver solutions J.H.C. van Heugten University of Amsterdam MSc System

Privacy analysis of DNS resolver solutions J.H.C. van Heugten University of Amsterdam MSc System

Privacy analysis of DNS resolver solutions J.H.C. van Heugten University of Amsterdam MSc System and Network Engineering July 3, 2018 J.H.C. van Heugten (UvA) DNS privacy July 3, 2018 1 / 14 Introduction Weve updated our privacy

162 views • 14 slides
Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy

Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy

Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy important? If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.

725 views • 31 slides
Quantitative Monosaccharide Analysis Mono-Mix 2AA GlcN GalN Standard Gal ManGlc Fuc

Quantitative Monosaccharide Analysis Mono-Mix 2AA GlcN GalN Standard Gal ManGlc Fuc

Glycan Analysis Services: Quantitative Monosaccharide Analysis Mono-Mix 2AA GlcN GalN Standard Gal ManGlc Fuc Quantitative Monosaccharide Analysis and why it is important ICH guideline Q6B states that the carbohydrate content (neutral

230 views • 9 slides
So Paulo Lightning Mapping Array (SP-LMA): Network Assessment and Analyses for Intercomparison

So Paulo Lightning Mapping Array (SP-LMA): Network Assessment and Analyses for Intercomparison

So Paulo Lightning Mapping Array (SP-LMA): Network Assessment and Analyses for Intercomparison Studies and GOES-R Proxy Activities Presented by Jeff Bailey / University of Alabama in Huntsville CHUVA International Workshop, So Paulo, SP

347 views • 20 slides
Analyzing Quantitative Data Analysis is about QUESTIONS Does physical vs soft keyboard, known

Analyzing Quantitative Data Analysis is about QUESTIONS Does physical vs soft keyboard, known

Analyzing Quantitative Data Analysis is about QUESTIONS Does physical vs soft keyboard, known vs unknown language affect typing speed or error rate? Hypotheses? Analysis Analysis (2) Analysis (3) Analysis (2) Results Univariate Tests

647 views • 27 slides
Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and

Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and

Quantitative Analysis J. Scott Hawker/R. Kuehl p. 1 R I T Software Engineering Tactics and Quantitative Analysis Selecting architectural patterns and tactics is largely qualitative decision making Need to evaluate design decisions and

716 views • 15 slides
Using Z-Ray for Lightning Fast Security Analysis Martin Bednorz ZendCon Las Vegas 2018 1

Using Z-Ray for Lightning Fast Security Analysis Martin Bednorz ZendCon Las Vegas 2018 1

Using Z-Ray for Lightning Fast Security Analysis Martin Bednorz ZendCon Las Vegas 2018 1 Introduction 10+ years of web development experience IT security background Web application security Incremental static code analysis

881 views • 73 slides
Da Data analysis, interpretation, and pr present ntation 2 1 2/21/16 Quantitative and

Da Data analysis, interpretation, and pr present ntation 2 1 2/21/16 Quantitative and

2/21/16 15/ 15/16 16 CSY2041 2041 Qu Quality and User-Ce CentredSy Systems INTERACTION DESIGN 1 Da Data analysis, interpretation, and pr present ntation 2 1 2/21/16 Quantitative and qualitative Quantitative data expressed

387 views • 9 slides
Process &amp; Methodology ( Quantitative ) Frequency analysis Thematic seasonality analysis

Process &amp; Methodology ( Quantitative ) Frequency analysis Thematic seasonality analysis

Process &amp; Methodology ( Quantitative ) Frequency analysis Thematic seasonality analysis Lexicon: richness &amp; ProQuest Newsstand Hierarchical clustering complexity: describe Search filter on: Probabilistic topic models statistics on #

248 views • 7 slides
SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se

SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se

SHOULD SOCIAL NETWORK COMPANIES CARE ABOUT USERS PRIVACY? Ral Pardo pardo@chalmers.se @raparuldo OUTLINE Define privacy Look at privacy issues in Social Network Sites (SNS) Ethically Theoretically (Informational

296 views • 25 slides
LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning

LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning

LIGHTNING PRESENTATION GUIDELINES Congratulations on being accepted to give a lightning presentation at our 2019 Annual Meeting. Please read ALL of these instructions carefully. PRESENTATION TIMING AND NUMBER OF SLIDES You have 1 minute to make

386 views • 3 slides
Network Attachment Privacy Piers OHanlon UKNOF33, London 19 th January 2016 Department of

Network Attachment Privacy Piers OHanlon UKNOF33, London 19 th January 2016 Department of

Department of Computer Science Network Attachment Privacy Piers OHanlon UKNOF33, London 19 th January 2016 Department of Computer Science Outline Introduction Link Layer (L2) addressing Privacy-based analysis of related

639 views • 18 slides
Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network

Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network

Week 5 Video 6 Epistemic Network Analysis Todays Class Epistemic Network Analysis Epistemic Network Analysis (ENA) (Shaffer, 2017) Studying relationships between elements in coded data Lots of applications Conference founded

536 views • 30 slides
LIGHTNING PRESENTATION GUIDELINES Thank you for giving a lightning presentation at our 2018 Annual

LIGHTNING PRESENTATION GUIDELINES Thank you for giving a lightning presentation at our 2018 Annual

LIGHTNING PRESENTATION GUIDELINES Thank you for giving a lightning presentation at our 2018 Annual Meeting. Please read ALL of these instructions carefully. PRESENTATION TIMING AND NUMBER OF SLIDES You have 1 minute to make a pitch that attracts

691 views • 3 slides
Schnorr and Taproot in Lightning 2018-09-01 Jonas Nick jonasd.nick@gmail.com

Schnorr and Taproot in Lightning 2018-09-01 Jonas Nick jonasd.nick@gmail.com

Schnorr and Taproot in Lightning 2018-09-01 Jonas Nick jonasd.nick@gmail.com https://nickler.ninja @n1ckler Objective: Increase Robustness Privacy Scalability Consensus Scriptless Scripts approach: different payment types

897 views • 24 slides

More recommend