According to a recent study, the Lightning Network on top of the Bitcoin blockchain may be vulnerable to a simple and destructive DoS attack.
The study, released by Saar Tochner, Aviv Zohar and Stefan Schmid, describes a DoS attack that can be used to slow down or even stop a large share of payments in the network. The document, entitled “Capturing Routes in Payment Networks,” was published in the middle of last month.
“The attack allows for interventions in Lightning Network payments,” says Zohar.
A similar attack is possible because each payment of the Lightning Network is transmitted through a network of nodes to reach the destination. If one of these intermediate nodes plays a dishonest game, it may slow down the payment instead of quickly transferring it further. Moreover, at present, according to Zohar, the implementation of such a DoS attack is quite easy to implement, since the LN routing network is still poorly developed.
“It is very easy to carry out. It’s required to open several Lightning channels for key points, promise zero fees, and then not transfer payments, ”he said.
Researchers have not yet seen the realization of such an attack in real conditions, but it could potentially complicate the use of the Lightning Network. This discovery has attracted the attention of developers working on Bitcoin and LN.
“The document is very interesting, as well as an analysis of the various heuristic methods used to find routes. We are very pleased that independent researchers are investigating vulnerabilities, ”said Fabrice Drouin, Acinq startup technical director.
Reinforced denial of service
When a user sends a payment via LN, his application decides which path to choose based on many factors, including evaluating the route at the lowest fees. Although there are hundreds of nodes in the Lightning network, an attacker can use this attack to increase the likelihood that his node will be selected. He can do this by “analyzing how each implementation calculates routes to develop a strategy that allows attackers to choose their nodes on as many routes as possible,” said Druin.
“You can open channels that offer short and inexpensive routes on the network, which are then selected (almost always) for payments,” Zohar explained.
Thus, attackers can intercept a significant portion of network payments at a certain point in time. “We found that just five new links are enough to attract most (65–75%) of the traffic, regardless of the client used,” the document explains. Moreover, attackers can repeat these actions to ensure that payments are stopped.
“Then, when a request for payment arrives, you can simply refuse to send it. Then a new path is chosen and the attacker’s channels again fall into the route, ”said Zohar. “I think that now the network is not used intensively, and disruption of its operation will not cause too much damage. The attack does not bring direct profit to the attacker, therefore, the incentive will exist only if Lightning is actively used as a payment network, ”Zohar said.
It should be noted that such an maneuver is not cheap for an attacker, says Druin, because “he needs to open actual channels and block funds that will not be available, and pay blockchain commissions whenever the payment is blocked and the time is up.”
However, Zohar claims that “the cost is not so great, given the damage that can be done.” The attacker will need about 20 new channels to attack about 80% of all transactions, so the total cost of the attack will be about $ 2000. “
Lightning developers agree that this is a serious attack vector, but they hope that future changes will significantly complicate its implementation.
“It’s not easy to talk about this yet, because we are still developing a routing system in LND,” said Alex Bosworth, head of infrastructure development at Lightning Labs.
Bosworth noted that the changes are fast, and that the new version of LND, which was released last week, for example, has some “major changes” affecting the route that the researchers analyzed.
“I would not say that now there is a way to stop people who are trying to prevent payments, because it is a system where anyone can participate in the processing of payments,” he said.
Trampoline payments
Lightning code changes very quickly, and many more options are under development. According to the developers, some of the upcoming changes may complicate the attack for attackers, including the system of banning the work of “bad” users.
“As the network grows, Lightning implementations will deploy more aggressive heuristics to prohibit peers behaving improperly,” said Druin. “For example, we do not just look at the lowest fees when calculating routes, we are trying to choose older channels, so the attacker will have to wait and establish himself well before he can carry out the attack.”
Druin claims that other improvements will come in the future, including trampoline payments, a feature proposed by Christian Decker, the developer of Lightning technology at Blockstream.
Lightning’s work should be instantaneous, but behind the scenes, every node in the network that provides payment from point A to point B has to do a little calculation because it transfers data. In fact, not all LN users have enough powerful equipment to perform these calculations, which requires the use of a trampoline system.
An ordinary user on today’s network can send a payment in bitcoins from a smartphone, which can hardly be called a powerful device. The idea is to allow smaller nodes to outsource computing to “trampoline” nodes that have more processing power.
Recall that in mid-September, Lightning Labs CTO Olaoluwa Osuntokun and ACINQ reported
recently discovered vulnerabilities in the Lightning Network
by intruders.
Related posts:
Why do cryptocurrency Exist – Institutions 
Bitcoin and independent property rights 
NASDAQ on market manipulation: Everyone is now talking about regulating bitcoin and cryptocurrency 
Pilot Porsche on Ethereum blockchain to trace provenance materials 
Xfers from Singapore is going to use blockchain Zilliqa 
Make your own tokens with the Guarda wallet
