Revelio: A Network-Level Privacy Attack in the Lightning Network
dc.contributor.author
von Arx, Theo
dc.contributor.author
Tran, Muoi
dc.contributor.author
Vanbever, Laurent
dc.date.accessioned
2023-09-28T05:43:55Z
dc.date.available
2023-05-12T13:08:23Z
dc.date.available
2023-05-23T09:45:07Z
dc.date.available
2023-07-24T13:30:46Z
dc.date.available
2023-09-21T06:39:34Z
dc.date.available
2023-09-21T06:57:42Z
dc.date.available
2023-09-27T13:42:27Z
dc.date.available
2023-09-27T15:49:27Z
dc.date.available
2023-09-28T05:43:55Z
dc.date.issued
2023
dc.identifier.isbn
978-1-6654-6512-0
en_US
dc.identifier.isbn
978-1-6654-6513-7
en_US
dc.identifier.other
10.1109/EuroSP57164.2023.00060
en_US
dc.identifier.uri
http://hdl.handle.net/20.500.11850/611970
dc.identifier.doi
10.3929/ethz-b-000611970
dc.description.abstract
The Lightning Network (LN) is a widely-adopted off-chain protocol that not only addresses Bitcoin’s scaling problem but also enables anonymous payments. Prior attacks have shown that an adversary controlling several peers at the central position of the network (e.g., by hijacking payment routes) can deanonymize such payments. However, these attacks are highly observable or require many parties to collude.
This paper presents Revelio, a stealthier, passive network-level privacy attack against LN that exploits its joint centralization at the application and the network layers. Indeed, network-level adversaries can see most of the LN traffic (e.g., five autonomous systems can see up to 80 % of all observable communication channels) despite the encrypted communication between LN nodes and the widespread usage of Tor. This comprehensive view allows Revelio adversaries not only to estimate the payment amount but also to effectively reduce the anonymity size of its endpoints. We show that the Revelio attack is practical: it perfectly deanonymizes the senders or the receiver in almost one-third of tested payments in today’s LN and underlying network topologies.
en_US
dc.format
application/pdf
en_US
dc.language.iso
en
en_US
dc.publisher
IEEE
en_US
dc.rights.uri
http://rightsstatements.org/page/InC-NC/1.0/
dc.title
Revelio: A Network-Level Privacy Attack in the Lightning Network
en_US
dc.type
Conference Paper
dc.rights.license
In Copyright - Non-Commercial Use Permitted
dc.date.published
2023-07-31
ethz.book.title
2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)
en_US
ethz.pages.start
942
en_US
ethz.pages.end
957
en_US
ethz.version.deposit
acceptedVersion
en_US
ethz.event
8th IEEE European Symposium on Security and Privacy (EuroS&P 2023)
en_US
ethz.event.location
Delft, Netherlands
en_US
ethz.event.date
July 3-7, 2023
en_US
ethz.identifier.wos
ethz.publication.place
Piscataway, NJ
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02140 - Dep. Inf.technologie und Elektrotechnik / Dep. of Inform.Technol. Electrical Eng.::02640 - Inst. f. Technische Informatik und Komm. / Computer Eng. and Networks Lab.::09477 - Vanbever, Laurent / Vanbever, Laurent
en_US
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02140 - Dep. Inf.technologie und Elektrotechnik / Dep. of Inform.Technol. Electrical Eng.::02640 - Inst. f. Technische Informatik und Komm. / Computer Eng. and Networks Lab.::09477 - Vanbever, Laurent / Vanbever, Laurent
en_US
ethz.relation.isSupplementedBy
10.3929/ethz-b-000620361
ethz.date.deposited
2023-05-12T13:08:23Z
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Open access
en_US
ethz.rosetta.installDate
2023-07-24T13:31:28Z
ethz.rosetta.lastUpdated
2024-02-03T04:07:05Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Revelio:%20A%20Network-Level%20Privacy%20Attack%20in%20the%20Lightning%20Network&rft.date=2023&rft.spage=942&rft.epage=957&rft.au=von%20Arx,%20Theo&Tran,%20Muoi&Vanbever,%20Laurent&rft.isbn=978-1-6654-6512-0&978-1-6654-6513-7&rft.genre=proceeding&rft_id=info:doi/10.1109/EuroSP57164.2023.00060&rft.btitle=2023%20IEEE%208th%20European%20Symposium%20on%20Security%20and%20Privacy%20(EuroS&P)
Files in this item
Publication type
-
Conference Paper [35772]