research-article

Flood & Loot: A Systemic Attack on The Lightning Network

Authors:

Aviv ZoharAuthors Info & Claims

AFT '20: Proceedings of the 2nd ACM Conference on Advances in Financial Technologies

Pages 202 - 213

https://doi.org/10.1145/3419614.3423248

Published: 26 October 2020 Publication History

Abstract

The Lightning Network promises to alleviate Bitcoin's known scalability problems. The operation of such second layer approaches relies on the ability of participants to turn to the blockchain to claim funds at any time, which is assumed to happen rarely.

One of the risks that was identified early on is that of a wide systemic attack on the protocol, in which an attacker triggers the closure of many Lightning channels at once. The resulting high volume of transactions in the blockchain will not allow for the proper settlement of all debts, and attackers may get away with stealing some funds.

This paper explores the details of such an attack and evaluates its cost and overall impact on Bitcoin and the Lightning Network. Specifically, we show that an attacker is able to simultaneously cause victim nodes to overload the Bitcoin blockchain with requests and to steal funds that were locked in channels.

We go on to examine the interaction of Lightning nodes with the fee estimation mechanism and show that the attacker can continuously lower the fee of transactions that will later be used by the victim in its attempts to recover funds - eventually reaching a state in which only low fractions of the block are available for lightning transactions. Our attack is made easier even further as the Lightning protocol allows the attacker to increase the fee offered by his own transactions.

We show that the vast majority of nodes agree to channel opening requests from unknown sources and are therefore susceptible to this attack. We highlight differences between various implementations of the Lightning Network protocol and review the susceptibility of each one to the attack. Finally, we propose mitigation strategies to lower the systemic attack risk of the network.

References

[1]

Vivek Bagaria, Sreeram Kannan, David Tse, Giulia Fanti, and Pramod Viswanath. 2018. Deconstructing the blockchain to approach physical limits. arXiv preprint arXiv:1810.08092 (2018).

[2]

Prabal Banerjee, Subhra Mazumdar, and Sushmita Ruj. 2020. Griefing-Penalty: Countermeasure for Griefing Attack in Bitcoin-compatible PCNs. arXiv preprint arXiv:2005.09327 (2020).

[3]

Ferenc Béres, Istvan Andras Seres, and András A Benczúr. 2019. A cryptoeconomic traffic analysis of bitcoins lightning network. arXiv preprint arXiv:1911.09432 (2019).

[4]

Matt Corallo. 2020. RBF Pinning with Counterparties and Competing Interest. Lightning-dev mailing list. https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-April/002639.html.

[5]

Kyle Croman, Christian Decker, Ittay Eyal, Adem Efe Gencer, Ari Juels, Ahmed Kosba, Andrew Miller, Prateek Saxena, Elaine Shi, Emin Gün Sirer, et al. 2016. On scaling decentralized blockchains. In International conference on financial cryptography and data security. Springer, 106--125.

[6]

Christian Decker and Roger Wattenhofer. 2013. Information propagation in the bitcoin network. In IEEE P2P 2013 Proceedings. IEEE, 1--10.

[7]

Christian Decker and Roger Wattenhofer. 2015. A fast and scalable payment network with bitcoin duplex micropayment channels. In Symposium on Self-Stabilizing Systems. Springer, 3--18.

Digital Library

[8]

Felix Engelmann, Henning Kopp, Frank Kargl, Florian Glaser, and Christof Weinhardt. 2017. Towards an economic analysis of routing in payment channel networks. In Proceedings of the 1st Workshop on Scalable and Resilient Infrastructures for Distributed Ledgers. 1--6.

Digital Library

[9]

Matthew Green and Ian Miers. 2017. Bolt: Anonymous payment channels for decentralized currencies. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 473--489.

Digital Library

[10]

Lewis Gudgeon, Pedro Moreno-Sanchez, Stefanie Roos, Patrick McCorry, and Arthur Gervais. 2019. SoK: Layer-Two Blockchain Protocols. Cryptology ePrint Archive, Report 2019/360. https://eprint.iacr.org/2019/360.

[11]

David A. Harding and Peter Todd. 2015. Opt-in Full Replace-by-Fee Signaling. Bitcoin Improvement Proposal. https://github.com/bitcoin/bips/blob/master/bip-0125.mediawiki.

[12]

Ethan Heilman, Leen Alshenibr, Foteini Baldimtsi, Alessandra Scafuro, and Sharon Goldberg. 2017. Tumblebit: An untrusted bitcoin-compatible anonymous payment hub. In Network and Distributed System Security Symposium.

[13]

Jordi Herrera-Joancomartí, Guillermo Navarro-Arribas, Alejandro Ranchal-Pedrosa, Cristina Pérez-Solà, and Joaquin Garcia-Alfaro. 2019. On the difficulty of hiding the balance of lightning network channels. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security. 602--612.

Digital Library

[14]

lightning-dev-griefing-attack-mitigation 2020. Proof-of-closure as griefing attack mitigation. Lightning-dev mailing list. https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-April/002608.html.

[15]

Jian-Hong Lin, Kevin Primicerio, Tiziano Squartini, Christian Decker, and Claudio J Tessone. 2020. Lightning Network: a second path towards centralisation of the Bitcoin economy. arXiv preprint arXiv:2002.02819 (2020).

[16]

Joshua Lind, Ittay Eyal, Peter Pietzuch, and Emin Gün Sirer. 2016. Teechan: Payment channels using trusted execution environments. arXiv preprint arXiv:1612.07766 (2016).

[17]

Eric Lombrozo, Johnson Lau, and Pieter Wuille. 2015. Segregated Witness (Consensus layer). Bitcoin Improvement Proposal. https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki.

[18]

Giulio Malavolta, Pedro Moreno-Sanchez, Clara Schneidewind, Aniket Kate, and Matteo Maffei. 2019. Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability. In NDSS.

[19]

Patrick McCorry, Malte Möser, Siamak F Shahandasti, and Feng Hao. 2016. Towards bitcoin payment networks. In Australasian Conference on Information Security and Privacy. Springer, 57--76.

Digital Library

[20]

Ayelet Mizrahi and Aviv Zohar. 2020. Congestion attacks in payment channel networks. arXiv preprint arXiv:2002.06564 (2020).

[21]

Cristina Perez-Sola, Alejandro Ranchal-Pedrosa, Jordi Herrera-Joancomartí, Guillermo Navarro-Arribas, and Joaquin Garcia-Alfaro. 2019. LockDown: Balance Availability Attack against Lightning Network Channels. Cryptology ePrint Archive, Report 2019/1149. https://eprint.iacr.org/2019/1149.

[22]

Joseph Poon and Thaddeus Dryja. 2016. The bitcoin lightning network: Scalable off-chain instant payments.

[23]

Pavel Prihodko, Slava Zhigulin, Mykola Sahno, Aleksei Ostrovskiy, and Olaoluwa Osuntokun. 2016. Flare: An approach to routing in lightning network. White Paper (2016).

[24]

Daniel Robinson. 2019. HTLCs Considered Harmful. Stanford Blockchain Conference 2019, Stanford University. https://cyber.stanford.edu/sbc19.

[25]

Elias Rohrer, Julian Malliaris, and Florian Tschorsch. 2019. Discharged Payment Channels: Quantifying the Lightning Network's Resilience to Topology-Based Attacks. In 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 347--356.

[26]

István András Seres, László Gulyás, Dániel A Nagy, and Péter Burcsi. 2020. Topological analysis of bitcoin's lightning network. In Mathematical Research for Blockchain Economy. Springer, 1--12.

[27]

Yonatan Sompolinsky and Aviv Zohar. 2015. Secure high-rate transaction processing in bitcoin. In International Conference on Financial Cryptography and Data Security. Springer, 507--527.

[28]

Lightning Network Specifications. 2016. Basis of Lightning Technology (BOLT). https://github.com/lightningnetwork/lightning-rfc.

[29]

Lightning Network Specifications. 2016. Deadline calculation for received HTLCs. https://github.com/lightningnetwork/lightning-rfc/blob/master/02-peer-protocol.md#cltv_expiry_delta- selection.

[30]

Lightning Network Specifications. 2019. Anchor Outputs. https://github.com/lightningnetwork/lightning-rfc/pull/688.

[31]

Sergei Tikhomirov, Rene Pickhardt, Alex Biryukov, and Mariusz Nowostawski. 2020. Probing Channel Balances in the Lightning Network. arXiv preprint arXiv:2004.00333 (2020).

[32]

Saar Tochner, Stefan Schmid, and Aviv Zohar. 2019. Hijacking Routes in Payment Channel Networks: A Predictability Tradeoff. arXiv preprint arXiv:1909.06890 (2019).

[33]

Gijs van Dam, Rabiah Abdul Kadir, Puteri N.E. Nohuddin, and Halimah Badioze Zaman. 2019. Improvements of the Balance Discovery Attack on Lightning Network Payment Channels. Cryptology ePrint Archive, Report 2019/1385. https://eprint.iacr.org/2019/1385.

[34]

Aviv Zohar. 2017. Securing and scaling cryptocurrencies. In IJCAI. 5161--5165.

Cited By

Arshi KGoharshady A(2024)Congesting Ethereum after EIP-15592024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)10.1109/ICBC59979.2024.10634352(667-669)Online publication date: 27-May-2024
https://doi.org/10.1109/ICBC59979.2024.10634352
Espinasa-Vilarrasa PSanvicente SPérez-Solà CHerrera-Joancomartí J(2024)Decision Tree Based Inference of Lightning Network Client ImplementationsModeling Decisions for Artificial Intelligence10.1007/978-3-031-68208-7_9(103-114)Online publication date: 15-Aug-2024
https://doi.org/10.1007/978-3-031-68208-7_9
Dasaklis TMalamas V(2023)A Review of the Lightning Network’s Evolution: Unraveling Its Present State and the Emergence of Disruptive Digital Business ModelsJournal of Theoretical and Applied Electronic Commerce Research10.3390/jtaer1803006818:3(1338-1364)Online publication date: 1-Aug-2023
https://doi.org/10.3390/jtaer18030068
Show More Cited By

Index Terms

Flood & Loot: A Systemic Attack on The Lightning Network
1. Security and privacy
  1. Systems security
    1. Distributed systems security

Recommendations

On the Difficulty of Hiding the Balance of Lightning Network Channels
Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

The Lightning Network is a second layer technology running on top of Bitcoin and other Blockchains. It is composed of a peer-to-peer network, used to transfer raw information data. Some of the links in the peer-to-peer network are identified as payment ...
On the robustness of Lightning Network in Bitcoin
Abstract
An off-chain transaction protocol called Lightning Network was recently introduced to enable low-fee and micropayment transactions on the top of the Bitcoin network. This technology has the potential to solve the inherent scalability ...
Congestion Attacks in Payment Channel Networks
Financial Cryptography and Data Security
Abstract
Payment channel networks provide a fast and scalable solution to relay funds, acting as a second layer to slower and less scalable blockchain protocols. In this paper, we present an accessible, low-cost attack in which the attacker paralyzes ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

AFT '20: Proceedings of the 2nd ACM Conference on Advances in Financial Technologies

October 2020

275 pages

ISBN:9781450381390

DOI:10.1145/3419614

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

ACM: Association for Computing Machinery

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 October 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Israel Science Foundation

Conference

AFT '20

Sponsor:

ACM

AFT '20: 2nd ACM Conference on Advances in Financial Technologies

October 21 - 23, 2020

NY, New York, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
310
Total Downloads

Downloads (Last 12 months)50
Downloads (Last 6 weeks)1

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Arshi KGoharshady A(2024)Congesting Ethereum after EIP-15592024 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)10.1109/ICBC59979.2024.10634352(667-669)Online publication date: 27-May-2024
https://doi.org/10.1109/ICBC59979.2024.10634352
Espinasa-Vilarrasa PSanvicente SPérez-Solà CHerrera-Joancomartí J(2024)Decision Tree Based Inference of Lightning Network Client ImplementationsModeling Decisions for Artificial Intelligence10.1007/978-3-031-68208-7_9(103-114)Online publication date: 15-Aug-2024
https://doi.org/10.1007/978-3-031-68208-7_9
Dasaklis TMalamas V(2023)A Review of the Lightning Network’s Evolution: Unraveling Its Present State and the Emergence of Disruptive Digital Business ModelsJournal of Theoretical and Applied Electronic Commerce Research10.3390/jtaer1803006818:3(1338-1364)Online publication date: 1-Aug-2023
https://doi.org/10.3390/jtaer18030068
Alshahrani HIslam NSyed DSulaiman AAl Reshan MRajab KShaikh AShuja-Uddin JSoomro A(2023)Sustainability in Blockchain: A Systematic Literature Review on Scalability and Power Consumption IssuesEnergies10.3390/en1603151016:3(1510)Online publication date: 3-Feb-2023
https://doi.org/10.3390/en16031510
Pöhn DGrabatin MHommel W(2023)Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature SurveyApplied Sciences10.3390/app1401013914:1(139)Online publication date: 22-Dec-2023
https://doi.org/10.3390/app14010139
Guasoni PHuberman GShikhelman C(2023)Lightning Network Economics: TopologySSRN Electronic Journal10.2139/ssrn.4439190Online publication date: 2023
https://doi.org/10.2139/ssrn.4439190
Chishti MBanerjee A(2023)Instantaneous Account Settlement in Roll-Up based Layer-2 Blockchain Framework for Metaverse Applications2023 IEEE International Conference on Metaverse Computing, Networking and Applications (MetaCom)10.1109/MetaCom57706.2023.00026(78-85)Online publication date: Jun-2023
https://doi.org/10.1109/MetaCom57706.2023.00026
Kumble SEpema DRoos S(2023)Game-Theoretic Analysis of (Non-)Refundable Fees in the Lightning Network2023 IEEE 29th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS60453.2023.00100(645-652)Online publication date: 17-Dec-2023
https://doi.org/10.1109/ICPADS60453.2023.00100
Khalil ARahman MKholidy H(2023)FAKEY: Fake Hashed Key Attack on Payment Channel Networks2023 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS59707.2023.10288911(1-9)Online publication date: 2-Oct-2023
https://doi.org/10.1109/CNS59707.2023.10288911
Sahoo SHosmane MChaurasiya V(2023)A secure payment channel rebalancing model for layer-2 blockchainInternet of Things10.1016/j.iot.2023.10082222(100822)Online publication date: Jul-2023
https://doi.org/10.1016/j.iot.2023.100822
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents