Upanzi Seminar: Network-Level Side-Channel Attacks in the Lightning Network
March 26, 2025
2:00 p.m. - 3:00 p.m. CAT
A203
Speaker: Charmaine Ndolo, research associate at the Chair for Privacy and Security at the Dresden University of Technology
Abstract: The Lightning network (LN) offers a solution to Bitcoin’s scalability limitations by providing fast and private off-chain payments. In addition to the LN’s long known application-level centralization, recent work has highlighted its centralization at the network level which makes it vulnerable to attacks on privacy by malicious actors. In this work, we explore the LN’s susceptibility to further attacks by a network-level actor such as a malicious autonomous system. We show that a network-level adversary can identify and interfere with all payments routed via their network by just examining the packet headers. Our results indicate that it is viable to accurately identify LN messages despite the fact that all inter-peer communication is end-to-end encrypted. While this can likely be used to achieve various adversarial objectives, we show how it can be exploited by an adversary to impose payment censorship and induce channel congestion. Additionally, we describe how a network-level observer can determine a node’s role in a payment path based on timing, direction of flow and message type, and demonstrate the approach’s feasibility using experiments in a live instance of the network. Simulations of the attack on a snapshot of the Lightning mainnet suggest that the impact of a congestion attack varies from mild to potentially dramatic depending on the adversary and type of payments that are censored. On the other hand, they show that the impact of a congestion attack, under the assumption that the adversary is not able to jam all channels, is less extreme. We analyze countermeasures the network can implement and come to the conclusion that an adequate solution involves constant message sizes as well as dummy traffic.
Bio: Charmaine Ndolo is a research associate at the Chair for Privacy and Security at the Dresden University of Technology. Her research is focused on blockchain-based peer-to-peer networks such as the Lightning network. In particular, her work studies the security and resilience of such networks. As of September 2022, Charmaine is pursuing a Ph.D. at the Dresden University of Technology. She holds a Bachelor's degree in computer science from the Brandenburg University of Technology and a Master's degree from the Humboldt University of Berlin. Prior to joining the chair for Privacy & Security, she had been involved in research at various labs in Berlin since the latter stages of her undergraduate studies.