Open access
Date
2023-07-06Type
- Other Conference Item
ETH Bibliography
yes
Altmetrics
Abstract
The Lightning Network (LN) is a widely-adopted peer-to-peer network that not only addresses Bitcoin's scaling problem but also enables private payments. LN uses a sophisticated onion encryption and routing scheme to ensure the anonymity of the payer and the payee, as well as the secrecy of the payment amount. Recent work has shown that an application-level attacker can hijack payment routes and use the resulting central position to deanonymize the sender and the receiver of a payment. However, these attacks are visible or require a significant fraction of parties to collude. This paper presents a stealthier, passive network-level attack exploiting the joint centralization of the LN at the application and at the network layers. Five autonomous systems can thus see the traffic of up to 80% of all observable communication channels and infer ongoing payments -- even though the traffic is encrypted, and many participants use Tor to hide themselves. The comprehensive view allows the attacker not only to estimate the value of a payment but also to effectively reduce the anonymity size of its endpoints. We show that this deanonymization attack, which we call Revelio, is practical in today's topology of LN and its underlying infrastructure: Our attack perfectly deanonymizes the senders or the receiver in almost one-third of tested payments. Show more
Permanent link
https://doi.org/10.3929/ethz-b-000620361Publication status
publishedPublisher
ETH ZurichEvent
Organisational unit
09477 - Vanbever, Laurent / Vanbever, Laurent
Related publications and datasets
Is supplement to: https://doi.org/10.3929/ethz-b-000611970
Notes
Presentation given at Session "Crypto + formal methods III"More
Show all metadata
ETH Bibliography
yes
Altmetrics