According to security researchers Saar Tochner, Aviv Zohar, and Stefan Schmid in a new paper, Bitcoin’s Lightning Network is potentially vulnerable to a relatively simple form of disruption.
A Thundering Economic Attack Against Lightning Network
The researchers write:
“We […] study an external attacker who creates links to the network and draws more routes through its nodes by asking for lower fees. We find that just five new links are enough to draw the majority (65% – 75%) of the traffic regardless of the implementation being used. The cost of creating these links is very low.”
The attack method is simple and economical at present, but so far hasn’t been exercised in any major way.
Basically, using the channel system itself, an attacker could thwart the network by creating supposedly low-fee channels.
Later in the paper, they continue:
“[…] [T]he concepts are similar in other networks as well. In the Lightning off-chain network, the channels are established by the nodes for secure payments. Every two nodes that are willing to create such a channel, need to make a commitment: they need to execute a Bitcoin transaction that locks money (i.e., liquidity) for this channel. A transaction is then simply an agreement between the two end-points of the channel, which leads to a different split of the money. The intermediate states resulting from this transaction do not have to be committed to the blockchain: Once they will commit the state into the blockchain, the channel will be closed (because it “wastes” the original transaction). Until this occurs, the channel can remain operational and the internal split of funds can be adjusted by the participants. As the intermediate states of channels are built, older states are “revoked”: if one tries to commit an old state, the other participant can claim funds back. This recovery of funds can only be done within a certain pre-set period of time.”
How Will Bitcoin Deal With Trust?
Obviously, there are methods the Lightning Network can use to fix this apparent vulnerability.
Bitcoin is meant to be trustless. Nevertheless, a system like Lightning implies trust in at least node operators.
One simple way to help secure the network is to assign a trust score of nodes based on their participation in the network.
If funds are always successfully delivered at a given node, that should be known to the user. If the Lightning node has never moved any funds, that should also be apparent.
Off-chain networks like Lightning will always struggle with some form of trust issue. Node operators are in a great position of power in a world where Lightning payments are the norm — a world brought nearer by the advent of Electrum’s recent adoption.
The “attack” outlined by the researchers may be dealt with in a number of ways.
Other crypto networks like Bitcoin Cash don’t currently face such troubles, as they have enough block space to support thousands of extremely cheap transactions.