But according to two academic papers published in March and April, relatively straightforward cyberattacks could unearth balances on the Lightning Network. Authors of the March paper also unraveled pathways and parties of hidden payments.
New research warns cryptocurrency users the Lightning Network can expose financial information of bitcoin payments thought to be anonymous.
The American and British researchers, a team of seven, carried out three attacks on the Lightning Network during the months of December, January and February. Two attacks targeted the Lightning Network’s test network and main network to determine balances.
By forwarding payments with fake hashes – unique cryptographic identifiers of transactions – to channels opened with 132 test network nodes and six of the 10 largest main network nodes, the first balance attack accessed the balances of 619 test network channels and 678 main network channels.
The counterfeit payment spamming was stopped when error messages went away, a sign that actual channel amounts had been matched.
At the start of the first balance attack, 4,585 test network channels and 1,293 main network channels were trialed from 3,035 test network nodes sharing 8,665 channels and 6,107 main network nodes sharing 35,069 channels.
The second balance attack also discovered the balances of randomly selected main network channels in a process of elimination with error messages. However, payment hashes were routed through two channels the researchers opened with two intermediate channels that sat between one start and one end channel.
Piecing together changes in balances learned from the first two attacks, the third attack constructed snapshots of the Lightning Network at different time intervals to detect payment movements and their senders, recipients and amounts.
“Identifying the sender and recipient means that we identify them according to their public keys and any other information linked to the node,” such as an IP address, a numerical string that tags the location of an electronic device that connects to the internet, she said. Public keys are handed out freely between parties in payment interactions; private keys that are guarded closely and that give ownership access of funds were not extracted.
Piotrowska noted that, owing to ethical concerns, the third attack was performed on a simulation of the Lightning Network.
Mariusz Nowostawski, a computer scientist at the Norwegian University of Science and Technology and one of four authors of the April paper, said the March paper’s first balance attack is a derivative of “an older, known method” and that the second balance attack, while new, is limited to small-scale attacks.
The second balance attack “requires opening two channels for each single channel being probed, which is extremely costly as those opening and closing channels need to be on-chain,” Nowostawski said. “And it requires the balance in one of the channels to be placed on the side of the node being probed,” risking the attacker’s funds.
To stave off the loss of funds, an external liquidity service – similar to the Bitrefill liquidity provider used in the March paper attack – needs to fund the channel. Even so, the balance attack falls flat if a channel refuses to accept a channel opening, Nowostawski said.
The balance attack studied by the Luxembourger and Norwegian researchers doesn’t expend resources or rely on intermediate channels, said Nowostawski. The attack is also an error-message-reading algorithm that probes channels, but supposedly on a larger and faster scale that reduces new channel openings, fund lock-up time and contact with the bitcoin blockchain.
Benedikt Bünz, a Stanford University Applied Cryptography Group researcher who has partnered with cryptocurrency tracing company Chainalysis on blockchain research studies, called the papers important to privacy in cryptocurrencies.
“For strong and good privacy, cryptographic solutions such as zero-knowledge proofs and confidential transactions are needed,” said Bünz. Zero-knowledge proofs, a cryptographic structure, could facilitate payments that don’t leave traces of information behind with another party.