Researchers from the Norwegian University and the University of Luxembourg have published a research paper detailing an attack that can deanonymize transactions broadcast across Bitcoin’s Lightning Network. 

The Lightning Network emerged as a controversial compromise from the Bitcoin (BTC) block limit and scalability debate. It’s a second layer solution that facilitates near-instant, low-cost Bitcoin transactions. Proponents claim it offers privacy by implementing segregated witness (SegWit).

University students crack Lightning channel balances

Four researchers from universities in Norway and Luxembourg including Bitcoin, along with Lightning community developer Ren Pickhardt, contributed to the research. The academics claim to have used transfer routing to ‘probe’ Lightning channels and discover the sum of Bitcoin held in balances. 

The paper describes the ‘probe attack’ as taking “under a minute per channel” and requiring “moderate capital commitment and no expenditures”. 

Routed transfers exploited to reveal balances

Payments are processed over the Lightning Network, either directly between two parties, or routed — that’s where an individual sends funds to a channel they do not have direct access to via a mutual third-parties.

By using a myriad of routed transactions on the Bitcoin testnet the researchers were able to reveal channel balances. The attack is virtually free to execute, with the researchers configuring all transactions underpinning its probing attacks to fail “either due to insufficient balance or due to intentionally wrong hash value.” 

Solutions have privacy-efficiency trade-offs

The team proposes several potential solutions to the probing attack, however, emphasize that each possible fix requires a trade-off between privacy and efficiency.

The scholars proposed modifications to Lightning’s protocol that would reduce transaction efficiency, in addition to new way to broadcast channel balances — although the method undermines privacy.

Ultimately, the researchers argue that a combination of both approaches is the optimal solution — where private data is hidden when feasible, and public data is also utilized for higher routing efficiency.

The Lightning Network currently comprises over 11,000 nodes, 36,000 payment channels, and holds roughly 900 BTC.