Counting Down Thunder: Timing Attacks on Privacy in Payment Channel Networks

TL;DR

This paper demonstrates that timing attacks on the Lightning Network's HTLC messages can significantly compromise user privacy, enabling adversaries to deanonymize payment endpoints with high accuracy.

Contribution

It introduces timing attack methods against Lightning Network's privacy guarantees and provides empirical evidence of their effectiveness through simulations and a proof-of-concept node.

Findings

Timing attacks can reduce anonymity in Lightning Network

Controlling few malicious nodes suffices for large-scale observation

High-precision deanonymization of payment endpoints is achievable

Abstract

The Lightning Network is a scaling solution for Bitcoin that promises to enable rapid and private payment processing. In Lightning, multi-hop payments are secured by utilizing Hashed Time-Locked Contracts (HTLCs) and encrypted on the network layer by an onion routing scheme to avoid information leakage to intermediate nodes. In this work, we however show that the privacy guarantees of the Lightning Network may be subverted by an on-path adversary conducting timing attacks on the HTLC state negotiation messages. To this end, we provide estimators that enable an adversary to reduce the anonymity set and infer the likeliest payment endpoints. We developed a proof-of-concept measurement node that shows the feasibility of attaining time differences and evaluate the adversarial success in model-based network simulations. We find that controlling a small number malicious nodes is sufficient to observe a large share of all payments, emphasizing the relevance of the on-path adversary model. Moreover, we show that adversaries of different magnitudes could employ timing-based attacks to deanonymize payment endpoints with high precision and recall.