what's the eli5 on this?

340 sats \ 4 replies \ @om 8 Aug 2022

Attack 1. Bad guys maneuver themselves into key positions in LN and then suddenly turn off their nodes. Result: LN will experience problems for a short time until somebody opens new channels to fix the problem. Also it's not like maneuvering into key positions is an easy feat to accomplish.

Attack 2: Bad guys open a $100 channel, pay $100 to their other node but then close the $100 channel pretending that they never paid the $100. Watchtowers must slash the bad guys. The point of the paper is that if the bad guys do this a lot and if the watchtowers are not ready to pay higher fees then some stupid watchtowers might fail to slash before the deadline. This raises 2 questions:

  • why is the window to slash is currently just 3 days? it should be about 2 weeks at least
  • why the watchtowers are not prepared to pay a higher fee if they're about to lose $100?

So basically this is the same as Flood and loot described in some paper 1 or 2 years ago.

Yes, and authors say

The exploited mechanisms partially differ from those used by the attacks presented in this paper, since we do not make use of multi-hop payments, but rather direct channels between nodes.

Translation from academic: we confirm Flood & Loot scheme. However, this attack was being discussed once with Anton Kumaigorodsky who was quite skeptic about attack trade-offs by itself. Attacker has to spend a lot of money to cause congestion and after attack the outcome is not clear.

Looking deeper into history there where 3 papers about LN attacks which released simultaneously, these are:

šŸ“ Counting Down Thunder: Timing Attacks on Privacy in Payment Channel Networks šŸ“ Flood & Loot: A Systemic Attack On The Lightning Network šŸ“ Time-Dilation Attacks on the Lightning Network

Are node operators supposed to run their own watchtowers? Or, do you pay a third party to manage a watchtower for you? I think I'm not understanding where a watchtower sits in the lightning network.

127 sats \ 0 replies \ @om 8 Aug 2022
  • if you run a node on a desktop or a server, you'd normally have the watchtower built in
  • if you have a mobile node that only turns on temporarily, then you might want to run a separate watchtower; but if your setup includes both a desktop and a mobile then you probably want to run a normal node on the desktop and Zeus on the mobile
  • older incarnation of SBW was called BLW and offered watchtowers for rent, I'm not sure what SBW does
  • Phoenix would connect to a random Electrum server and would remind you to run the app periodically
  • Breez by default connects to Bitcoin server of Breez itself so the user just has to trust Breez not to steal

IMO there's not much to see here.

Attack 1: If a set of zombie nodes stop operating in the lightning network, the network can be severed. If you coordinate it for maximum impact, the time it would take for all the affected parties to close their channels and open them with non-zombie nodes would be longer than the channel closing locktime because of chain congestion.

Attack 2: If you close a channel with an old state, the other party can submit a follow up transaction to take all of the funds in the channel. This doubles the amount of chain congestion you can cause. And if you can cause enough congestion, maybe you can close some channels with old states because the other party can't get their revocation tx added in time. Thus allowing you to double spend the coins.

Not too worried. The first attack boils down to throwing away a central position in the network and gaining nothing.

The second attack is like launching your money in the air and hoping in the commotion that you find a sat on the ground.

From my understanding, it's a DDoS attack that must be executed during a high fee event.

Attackers create multiple LN channels before the attack, bait people to route balance in the channel from them, then wait until a congestion happen and double spend their balance.

This will force their honest LN partners to force close the channels, at the cost of 1 onchain tx per partner, during a congestion.

First they attack the mempool Why do they have to be so cruel The limited block space is Bitcoin's jewel Secured by energy, you know, Joule

Another reason for LN to optimize for small amounts and focus on "carrying around" sized money. This will also add to risk for centralized pools of custodian-like money to grow too large "off-chain".

focus on "carrying around" sized money

What is "carrying around" sized money?

To me that means a maximum amount of cash you'd be comfortable carrying around in public (in case you lost your wallet or were robbed). For some high rollers that's thousands or tens of thousands, but average person it's probably several hundred (I'm thinking in USD here)

Yah. Its a convenience and risk tolerance question.

So what watchtower service/software are you guys running?

There's a Twitter thread with a summary. Here's the Tweet that kicks off that thread:

In this paper, researchers have evaluated the susceptibility of the Lightning Network to mass exit attacks, in the presence of a small coalition of adversarial nodes. #Bitcoin


Tweet image 1

Tweet image 2

https://twitter.com/Underfox3/status/1555092707428761600 https://nitter.it/Underfox3/status/1555092707428761600

Also found on ResearchGate:


The Lightning Network (LN) has enjoyed rapid growth over recent years, and has become the most popular scaling solution for the Bitcoin blockchain. The security of the LN hinges on the ability of the nodes to close a channel by settling their balances, which requires confirming a transaction on the Bitcoin blockchain within a pre-agreed time period. This inherent timing restriction that the LN must satisfy, make it susceptible to attacks that seek to increase the congestion on the Bitcoin blockchain, thus preventing correct protocol execution. We study the susceptibility of the LN to \emph{mass exit} attacks, in the presence of a small coalition of adversarial nodes. This is a scenario where an adversary forces a large set of honest protocol participants to interact with the blockchain. We focus on two types of attacks: (i) The first is a \emph{zombie} attack, where a set of $k$ nodes become unresponsive with the goal to lock the funds of many channels for a period of time longer than what the LN protocol dictates. (ii) The second is a \emph{mass double-spend} attack, where a set of $k$ nodes attempt to steal funds by submitting many closing transactions that settle channels using expired protocol states; this causes many honest nodes to have to quickly respond by submitting invalidating transactions. We show via simulations that, under historically-plausible congestion conditions, with mild statistical assumptions on channel balances, both of the attacks can be performed by a very small coalition. To perform our simulations, we formulate the problem of finding a worst-case coalition of $k$ adversarial nodes as a graph cut problem. Our experimental findings are supported by a theoretical justification based on the scale-free topology of the LN.

Mass Exit Attacks on the Lightning Network https://www.researchgate.net/publication/362466512_Mass_Exit_Attacks_on_the_Lightning_Network

It's 2022. Every reddit post needs an abstract and be published like a paper šŸ¤”šŸ¤”

For additional comments, see another post, here on SN:

Researchers discover vulnerabilities in Bitcoin layer-2 Lightning Network https://stacker.news/items/58187 https://cryptoslate.com/researchers-discover-vulnerabilities-in-bitcoin-layer-2-lightning-network/