This week, a group of researchers from the Norwegian University and the University of Luxembourg published an LN-attack vector that shows a weakness in the protocol's anonymity. Specifically, the hack allows an attacker to deanonymize transactions sent across the Lightning Network in seconds. The news demonstrates further development of the Lighting Network as Beta testing continues.
Probe LN-Attack Vector
According to the study, the deanonymizing probe attack method targets a previously unknown weakness in the protocol. Astonishingly, the paper demonstrates how researchers were able to reveal multiple channel balances using the technique. Additionally, the hack required very little “capital commitment and no expenditures” according to the documentation. In fact, the entire process only cost fractions of a cent to accomplish because the researchers set the transactions on their end to fail due to insufficient balances.
How the LN-Attack Vector Works
To understand the probing LN-attack, you need to understand how the Lighting Network functions. Basically, when a payment is made on the Lighting Network it processes through a private payment channel. These payment channels allow you to send and receive unlimited funds for fractions of what it cost to complete a Bitcoin transaction on the blockchain. Importantly, each payment channel requires funding to open and complete transactions.
Notably, the protocol gives you the ability to either open your own channel or have your payment routed through a third-party channel. The latter option does away with the worry of funding your channel yourself, and in most instances, this is the solution mobile wallet users prefer. Unfortunately, its this third party routing protocol that proved to be the weakness researches exploited.
The paper described how the group utilized a combination or routed transactions to gather enough data to reveal channel balances. Notably, the hackers involve used a variety of Bitcoin testnet transactions to reveal the mystery balances. In a real-life scenario, the next step would be then to trace transactions to actual names.
Crucially, researchers described multiple ways to correct the security weakness. The first suggestion is to alter the Lightning Network's coding to provide protection against this specific attack. This strategy would add the necessary protections, but it would also negatively affect transaction efficiency. The second option presented included altering the way channel balances broadcast on the network. This solution makes sense, but it does create inefficiencies as well.
Lighting Community Hacks Itself Again
It's important to mention that these attacks strengthen the Lighting Network. This revolutionary second layer protocol has been undergoing Beta testing for nearly two years. Developers have made huge strides in both the security and functionality of this off-chain solution. As such, Lightning community developer, Ren Pickhardt played a major role in the project. Thankfully, now that the problem is identified, the community can research and develop a solution to the issue.
The Right Combo
In the end, a balance of the two fixes could prove to be the best solution. Luckily, the LN-community consists of some of the brightest and most ingenuitive minds in the crypto sector. You can expect to hear a multitude of suggestions emerge from developers, as more of the community weighs in on the changes. For now, the Lightning Network is stronger than ever before thanks to the determination and hard work of researchers like this team.