The bitcoin Lightning-enabled network, it is vulnerable to a simple, but effective, attack by attackers, according to a recent research paper (PDF). It’s going to be a theoretical attack: the secondary layer of the bitcoin network has been under attack.
Contents
The theoretical attack
The researchers, Saar, Tochner, Aviv Zohar, and Stefan Schmid describe a denial-of-service (DoS) attack, in which payments on the network, and manipulate it. In the worst case, the termination of the network.
There is no indication that an attack has occurred, and the technology is still in an experimental setup. However, researchers have this as a major vulnerability of the current network.
The Paper
The paper is titled ” Hijacking the Routes in the Payment Networks, it is mid-september and is published as a message Coindesk. Tochner, and Book work at the University of Jerusalem, and There to work at the University of Vienna, austria.
Book ” at a time of A attack, you can make the payments on the lightning network, the war of spades’. This may be because most of the lightning network, the payments, along with a number of nodes before they’re output has been achieved.
The study suggests that, when one of the intermediate nodes are malicious, then we can add it as a payment, then manipulate it by intentionally slowing them down. At this point, there aren’t a lot of resources are needed in order to be a “denial of service” attack, in turn, says the Book.
“It’s very, very easy to do. You can get a pair of lightning channels to open, ‘0’ transactional promise, but no payments will pass through it’.
Aviv Zohar
The researchers have found a form of government and are not yet ‘in the wild’ is seen.
Lightning community
This exposure puts more of the developers in the bitcoin and the lightning community to think about. “I had hoped that I was the attack was revealed was,’ says bitcoin is a researcher Gleb Naumenko compared to CoinDesk.
Acinq chief technology OFFICER Fabrice Drouin said of it: “The paper is very interesting because of the variety of scenarios in which you have to go through. It is encouraging to see that independent researchers are Lightning up to the light’.
Denial of service
As a user of a payment, will send the lightning network, and then select the’ Acinq app betalingsroute, depending on a number of factors, including the transactiefees.
According to the researcher of Acinq at present, there are more than 4.400 nodes on the LINK, and more than 35,000 payment channels. However, an attacker with a low transactiefee can be set so that the probability of the choice, to him, is concerned.
Drouin: “An attacker could exploit this to analyze how the implementation of a trail program in order to have a strategy. As soon as the people behind it, it could be the nodes, in as much as possible, routes are to come.
Book, said, ” We can be a channel to open a short and more cost-efficient routes in the network, resulting in the selection of these nodes is’. At any given time, a significant portion of the network, and the payment is in the hands of a few of the attackers.
“We conclude that five of the new nodes is enough for the vast majority (more than 65% to 75%) of the payments that you will be able to claim, regardless of which implementation you are using.
Aviv Zohar
This, according to the researchers, may be repeated until the network is crashing. “As soon as a payment is received, you can simply refuse to allow them to continue. Once a new route has been selected to be the channel of the attacker’s re-elected, ” says Zohar.
Is too small for it to be covered?
Book explains it in more detail: “I don’t think that the network is still not in heavy use. A disruption is caused is still not enough for the damage. This implies that the researcher is that, when the Lightning Network is large enough, it might be interesting to meet.
Also, it leads to an attack of ‘compensation’ for the attacker. There is only a signal if the Lightning is becoming more popular will increase.
According to rené Drouin, it does not necessarily have to be a cheap attack, in order to carry out:’ attackers have a variety of channels to open and transfer funds into it to save it. When a channel is closed, it should be onchain fees to pay, as soon as the payment has been frozen and cancelled it.”
According to the Zohar, the costs will, however, be overlooked. “You have 20 new channels is necessary in order to have 80% of all transactions are to be covered. I would estimate that the total cost to about $2,000’.
How to stop the attack?
According to the Lightning developers, this is a serious option for any type of attack. “It’s something that is hard to talk about it is because we are routesysteem in the LND still in the making., according to Alex, the Country, the infrastructure lead is in the Lightning Lab.
LND is an implementation of the Lightning network from its quiver of Lightning Labs. Country means that change is soon coming, and that it is a new version of the LND last week, has been launched.
In it are the ‘big changes’ has been included in the route.
“I don’t have the courage to say that there is a solution that permanently put an end to the attacks to make the payments on your hands. This is a peer-to-peer sharing, open source design, so anyone can join in on, and routing to do it or not.”
Alex Bosworth
Changes
The-lightning-the code is changing very fast and there are a lot of changes to it. According to the developers, it is an attack, then it is a lot more complicated.
Drouin says that, in the long term, the more protocols that are designed to be tedious process as punishment. This type of attack will be the head-can be print.
In addition, the user can also choose to be a little more expensive, but familiar way.
“Not only do We need to look for the cheapest route, but also to the older channels. In this way, an attacker will not be well-worn before he has an attack that can be performed. “
Drouin
Thank you for signing up!