Security researcher and developer Antoine Riard takes a look at the development of the Lightning Network, discussing security issues and fundamental challenges in the Bitcoin ecosystem.
According to a thread on the Linux Foundation public mailing list, Riard believes that the Bitcoin community is facing a “difficult problem” as a new type of cyclical substitution attacks puts Lightning in a “dangerous position.”
How does a lightning strike cyclic attack work?
There is a lot of discussion about this newly discovered vulnerability in mailing lists, but the actual mechanism is a bit hard to follow.
So here is an illustrated manual…
The Lightning Network is a second layer solution built on top of the Bitcoin blockchain. It is designed to improve the scalability and efficiency of Bitcoin transactions by enabling off-chain peer-to-peer transactions.
Through the Lightning Network, users will be able to open payment channels, perform multiple transactions off-chain, and settle the final result on the Bitcoin blockchain. Attacking the substitution cycle targets these payment channels. This is a new type of attack that allows the attacker to steal funds from a channel participant by exploiting conflicts between individual mempools. According to Riard:
“I think this new type of cyclical replacement attacks puts Lightning in a very dangerous position, where a lasting fix can only happen at the base layer, for example by adding a memory-intensive history of all transactions seen or some consensus update. The sent Mitigations have some value against simple attacks, although I don’t think they will stop advanced attackers, as stated before full disclosure email.
Riard also noted that addressing this new type of attack may require changes to the underlying Bitcoin network:
“Those types of changes are the ones that require the highest transparency and acceptance from the community as a whole, because we change the processing requirements of all nodes or the security architecture of the decentralized bitcoin ecosystem as a whole.”
Lightning developers face challenges, including critical network complexity and demands placed on user experience.. Since its inception in 2018, the Layer 2 network has grown in popularity, with the total amount locked up reaching $159.5 million at the time of writing, according to data from DefiLlama. However, this number is very small compared to the $587 billion market capitalization of Bitcoin.
Riard plans to focus now on Bitcoin’s core development, but warns of challenges ahead for the mainstream cryptocurrency ecosystem:
“On the other hand, to fully explain why such changes can be justified for enlightenment and to design them well, we need to fully expose the practical and critical attacks on a ~5,355 BTC public ecosystem. Difficult problem. There may be a lesson in terms of deploying the bitcoin protocol (…)”