Revelio: A Network-Level Privacy Attack in the Lightning Network
Abstract
The Lightning Network (LN) is a widely-adopted off-chain protocol that not only addresses Bitcoin’s scaling problem but also enables anonymous payments. Prior attacks have shown that an adversary controlling several peers at the central position of the network (e.g., by hijacking payment routes) can deanonymize such payments. However, these attacks are highly observable or require many parties to collude. This paper presents Revelio, a stealthier, passive network-level privacy attack against LN that exploits its joint centralization at the application and the network layers. Indeed, network-level adversaries can see most of the LN traffic (e.g., five autonomous systems can see up to 80 % of all observable communication channels) despite the encrypted communication between LN nodes and the widespread usage of Tor. This comprehensive view allows Revelio adversaries not only to estimate the payment amount but also to effectively reduce the anonymity size of its endpoints. We show that the Revelio attack is practical: it perfectly deanonymizes the senders or the receiver in almost one-third of tested payments in today’s LN and underlying network topologies.
Research Area: Network Security
People
BibTex
@INPROCEEDINGS{arx2023revelio,
isbn = {978-1-6654-6512-0},
copyright = {In Copyright - Non-Commercial Use Permitted},
doi = {10.1109/EuroSP57164.2023.00060},
year = {2023},
booktitle = {2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)},
type = {Conference Paper},
author = {von Arx, Theo and Tran, Muoi and Vanbever, Laurent},
abstract = {The Lightning Network (LN) is a widely-adopted off-chain protocol that not only addresses Bitcoin’s scaling problem but also enables anonymous payments. Prior attacks have shown that an adversary controlling several peers at the central position of the network (e.g., by hijacking payment routes) can deanonymize such payments. However, these attacks are highly observable or require many parties to collude.This paper presents Revelio, a stealthier, passive network-level privacy attack against LN that exploits its joint centralization at the application and the network layers. Indeed, network-level adversaries can see most of the LN traffic (e.g., five autonomous systems can see up to 80 % of all observable communication channels) despite the encrypted communication between LN nodes and the widespread usage of Tor. This comprehensive view allows Revelio adversaries not only to estimate the payment amount but also to effectively reduce the anonymity size of its endpoints. We show that the Revelio attack is practical: it perfectly deanonymizes the senders or the receiver in almost one-third of tested payments in today’s LN and underlying network topologies.},
language = {en},
address = {Piscataway, NJ},
publisher = {IEEE},
title = {Revelio: A Network-Level Privacy Attack in the Lightning Network},
PAGES = {942 - 957},
Note = {8th IEEE European Symposium on Security and Privacy (EuroS&P 2023); Conference Location: Delft, Netherlands; Conference Date: July 3-7, 2023}
}
Research Collection: 20.500.11850/611970
Slide Sources: https://gitlab.ethz.ch/projects/41541