Lightning Security and Privacy Research

The Lightning Network is the most deployed Bitcoin scaling solution aiming to serve as the next platform for the open financial future. The ambitious design of the LN comes with new classes of security and privacy attacks. Researching and mitigating them early is important to boost Lightning’s long-term trustworthiness and success.

We have raised awareness around Time-Dilation attacks, a variant of Eclipse attacks targeting multi-party, time-sensitive L2 protocols. Breaking the stronger security assumptions of Lightning around liveliness, they are particulary concerning for lightclients, this category of bitcoin clients coming in practice with easier-to-exploit P2P stacks.

We’ve also investigated Tx-Relay Jamming attacks, a class of vulnerabilities obstrucating the propagation of a Lightning transaction on the P2P network to steal funds from a channel as a malicious counterparty. Composed of different flavors like Transaction Pinning or Standardness Malleability, we have found such vulnerabilites in the Lightning specification or directly in the wild.

Status

We continue to search for new ways to break Ligthning and similar L2 protocol security (see CoinSwap discussion), and working with the wider development community to mitigate the class of known attacks.