Abstract
Lightning, the prevailing solution to Bitcoin's scalability issue, uses onion routing to hide senders and recipients of payments. Yet, the path between the sender and the recipient along which payments are routed is selected such that it is short, cost efficient, and fast. The low degree of randomness in the path selection entails that anonymity sets are small. However, quantifying the anonymity provided by Lightning is challenging due to the existence of multiple implementations that differ with regard to the path selection algorithm and exist in parallel within the network. In this paper, we propose a general method allowing a local internal attacker to determine sender and recipient anonymity sets. Based on an in-depth code review of three Lightning implementations, we analyze how an adversary can predict the sender and the recipient of a multi-hop transaction. Our simulations indicate that only one adversarial node on a payment path uniquely identifies at least one of sender and recipient for around 70% of the transactions observed by the adversary. Moreover, multiple colluding attackers can almost always identify sender and receiver uniquely.
| Original language | English |
|---|---|
| Title of host publication | ARES 2021 |
| Subtitle of host publication | 16th International Conference on Availability, Reliability and Security |
| Place of Publication | New York |
| Publisher | Association for Computing Machinery (ACM) |
| Number of pages | 10 |
| ISBN (Print) | 978-1-4503-9051-4 |
| DOIs | |
| Publication status | Published - 2021 |
| Event | 16th International Conference on Availability, Reliability and Security, ARES 2021 - Virtual, Online, Austria Duration: 17 Aug 2021 → 20 Aug 2021 |
Conference
| Conference | 16th International Conference on Availability, Reliability and Security, ARES 2021 |
|---|---|
| Country/Territory | Austria |
| City | Virtual, Online |
| Period | 17/08/21 → 20/08/21 |
Keywords
- Anonymity
- Lightning
- Payment Channel Networks
- Routing