Skip to main content
Book cover

International Conference on Information Systems Security and Privacy

ICISSP 2020: Information Systems Security and Privacy pp 1–21Cite as

Inferring Sensitive Information in Cryptocurrency Off-Chain Networks Using Probing and Timing Attacks

  • 374 Accesses

Part of the Communications in Computer and Information Science book series (CCIS,volume 1545)

Abstract

Off-chain networks have recently emerged as a scalable solution for blockchains, allowing to increase the overall transaction throughput by reducing the number of transactions on the blockchain. However, off-chain networks typically require additional bootstrapping and route discovery functionality to determine viable routes. For example, the Lightning Network (LN) uses two mechanisms in conjunction: gossiping and probing. This paper shows that these mechanisms introduce novel vulnerabilities. In particular, we present two attacks. The first one, which we shall call a probing attack, enables an adversary to determine the (hidden) balance of a channel or route through active probing and differentiating the response messages from the route participants. The second one, which we shall call a timing attack, enables the adversary to determine the logical distance to the target in hops, given that geographical data of LN nodes is often publicly listed, or can be inferred from allocated IP addresses. We explore the setup and implementation of these attacks and address both the theoretical and practical limitations these attacks are subject to. Finally, we propose possible remediations and offer directions for further research on this topic.

Keywords

  • Lightning
  • Confidentiality
  • Probing attack
  • Timing attack

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-94900-6_1
  • Chapter length: 21 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   64.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-94900-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   84.99
Price excludes VAT (USA)
Learn about institutional subscriptions
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.
Fig. 7.
Fig. 8.
Fig. 9.
Fig. 10.
Fig. 11.
Fig. 12.
Fig. 13.
Fig. 14.

References

  1. 1ML - Bitcoin Lightning Analysis Engine (2019). https://1ml.com/. Accessed 10 Nov 2019

  2. c-lightning GitHub Repository (2019). https://github.com/ElementsProject/lightning. Accessed 26 Dec 2019

  3. LND GitHub Repository (2020). https://github.com/lightningnetwork/lnd. Accessed 18 Jan 2020

  4. Antonopoulos, A.M.: Mastering Bitcoin: Unlocking Digital Crypto-Currencies. O’Reilly Media Inc, 1st edn. Newton (2014)

    Google Scholar 

  5. Antonopoulos, A.M., Osuntokun, O., Pickhardt, R.: Mastering the Lightning Network (2019). https://github.com/lnbook/lnbook. Accessed 22 Nov 2019

  6. Béres, F., Seres, I.A., Benczúr, A.A.: A cryptoeconomic traffic analysis of bitcoins lightning network. arXiv abs/1911.09432 (2019)

    Google Scholar 

  7. Danezis, G., Goldberg, I.: Sphinx: A compact and provably secure mix format. In: IEEE Symposium on Security and Privacy, pp. 269–282. IEEE Computer Society (2009)

    Google Scholar 

  8. Fugger, R.: Money as IOUs in social trust networks & a proposal for a decentralized currency network protocol. Hypertext document. Available electronically at http://ripple.sourceforge.net 106 (2004)

  9. Gudgeon, L., Moreno-Sanchez, P., Roos, S., McCorry, P., Gervais, A.: Sok: off the chain transactions. IACR Crypt. ePrint Arch. 2019, 360 (2019)

    Google Scholar 

  10. Herrera-Joancomartí, J., et al.: On the difficulty of hiding the balance of lightning network channels. In: AsiaCCS, pp. 602–612. ACM (2019)

    Google Scholar 

  11. Kate, A., Goldberg, I.: Using sphinx to improve onion routing circuit construction. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 359–366. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_30

    CrossRef  Google Scholar 

  12. Lightning Network: BOLT 1: Base Protocol (2019). https://github.com/lightningnetwork/lightning-rfc/blob/master/01-messaging.md. Accessed 23 Jan 2020

  13. Lightning Network: BOLT 2: Peer Protocol for Channel Management (2019). https://github.com/lightningnetwork/lightning-rfc/blob/master/02-peer-protocol.md. Accessed 6 Jan 2020

  14. Lightning Network: BOLT 4: Onion Routing Protocol (2019). https://github.com/lightningnetwork/lightning-rfc/blob/master/04-onion-routing.md Accessed 3 Jan 2020

  15. Lightning Network: BOLT 7: P2P Node and Channel Discovery (2019). https://github.com/lightningnetwork/lightning-rfc/blob/master/07-routing-gossip.md Accessed 4 Dec 2019

  16. Lightning Network: BOLT 8: Encrypted and authenticated transport (2019). https://github.com/lightningnetwork/lightning-rfc/blob/master/08-transport.md. Accessed 4 Jan 2020

  17. Lightning Network: Lightning Network Specifications (2019). https://github.com/lightningnetwork/lightning-rfc/. Accessed 29 Nov 2019

  18. Lightning Network: Lightning RFC: Lightning Network Specifications (2019). https://github.com/lightningnetwork/lightning-rfc. Accessed 18 Nov 2019

  19. Nisslmueller, U.: Python code repository (2020). https://github.com/utzn42/icissp_2020_lightning. Accessed 02 Jan 2020

  20. Nisslmueller, U., Foerster, K.T., Schmid, S., Decker, C.: Toward active and passive confidentiality attacks on cryptocurrency off-chain networks. In: Proceedings of 6th International Conference on Information Systems Security and Privacy (ICISSP) (2020)

    Google Scholar 

  21. Poon, J., Dryja, T.: The bitcoin lightning network: Scalable off-chain instant payments (2016). https://lightning.network/lightning-network-paper.pdf. Accessed 3 Jan 2020

  22. Raiden Network: Raiden Network (2020). https://raiden.network/. Accessed 02 Jan 2020

  23. Rohrer, E., Malliaris, J., Tschorsch, F.: Discharged payment channels: quantifying the lightning network’s resilience to topology-based attacks. In: EuroS and P Workshops, pp. 347–356. IEEE (2019)

    Google Scholar 

  24. Russell, R.: lightning-getroute - Command for routing a payment (low-level) (2019). https://lightning.readthedocs.io/lightning-getroute.7.html. Accessed 6 Dec 2019

  25. Russell, R.: lightning-sendpay - Low-level command for sending a payment via a route (2019). https://lightning.readthedocs.io/lightning-sendpay.7.html. Accessed 4 Jan 2020

  26. Tochner, S., Schmid, S., Zohar, A.: Hijacking routes in payment channel networks: a predictability tradeoff. arXiv abs/1909.06890 (2019)

    Google Scholar 

  27. Wang, P., Xu, H., Jin, X., Wang, T.: Flash: efficient dynamic routing for offchain networks. In: CoNEXT, pp. 370–381. ACM (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science, University of Vienna, Vienna, Austria

    Utz Nisslmueller, Klaus-Tycho Foerster & Stefan Schmid

  2. Blockstream, Zurich, Switzerland

    Christian Decker

Authors
  1. Utz Nisslmueller
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Klaus-Tycho Foerster
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefan Schmid
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christian Decker
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Klaus-Tycho Foerster .

Editor information

Editors and Affiliations

  1. Plymouth University, Plymouth, UK

    Steven Furnell

  2. Istituto di Informatica e Telematica, Pisa, Italy

    Paolo Mori

  3. University of Vienna, Vienna, Austria

    Edgar Weippl

  4. MODESTE/ESEO, Angers Cedex 2, France

    Olivier Camp

Ethics declarations

A preliminary version of this article appeared at ICISSP 2020 [20].

Rights and permissions

Reprints and Permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Nisslmueller, U., Foerster, KT., Schmid, S., Decker, C. (2022). Inferring Sensitive Information in Cryptocurrency Off-Chain Networks Using Probing and Timing Attacks. In: Furnell, S., Mori, P., Weippl, E., Camp, O. (eds) Information Systems Security and Privacy. ICISSP 2020. Communications in Computer and Information Science, vol 1545. Springer, Cham. https://doi.org/10.1007/978-3-030-94900-6_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-94900-6_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-94899-3

  • Online ISBN: 978-3-030-94900-6

  • eBook Packages: Computer ScienceComputer Science (R0)