Author

Topic: [INFO - DISCUSSION] Wormhole attack in Lightning Network (Read 221 times)

legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
Pardon me, but why isn't this considered an attack? If C doesn't seem to earn from routing transactions coming from either B or D, they can just close the channel. It is also possible to detect this if you spin up two lightning nodes each sharing a channel with B and D respectively. If you make transactions between the two without your main node noticing, you're under a wormhole attack.

Seems to me like the attacker is paying more than the victim.

BUT, it's still not going to generate a profit, just destabilize the LN.
If you're the government, and want to destabilize LN, make a call with Amazon and Google. According to bitcoinist.com, the network relies greatly on Google Cloud services and AWS.

Yeah how much real redundancy does the blockchain have?

But that is an entirely different topic/ thread.

I am still not sure how you would trace A-b-c-d-e in the ops example to prove an attack happened.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
Pardon me, but why isn't this considered an attack? If C doesn't seem to earn from routing transactions coming from either B or D, they can just close the channel. It is also possible to detect this if you spin up two lightning nodes each sharing a channel with B and D respectively. If you make transactions between the two without your main node noticing, you're under a wormhole attack.

Seems to me like the attacker is paying more than the victim.

BUT, it's still not going to generate a profit, just destabilize the LN.
If you're the government, and want to destabilize LN, make a call with Amazon and Google. According to bitcoinist.com, the network relies greatly on Google Cloud services and AWS.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
But, you have to always be in the position to rob the person in the middle. You need a lot of well connected nodes to do this and they have to be the cheapest way of routing. So you are charging low fees and locking up a lot of BTC in the hopes that people route enough money though you for this to work, and the fact that you don't get caught and booted off the network.

-Dave

How would you go about booting a LN router from the whole network? AFAIK, there isn't a banlist like Bitcoin Core has, or even if there is, it is non-trivial to detect that this kind of activity is happening.

For now there is not, but if this does become an issue I'm sure it will be added. Lets face it, many things were added to the BTC protocol over the years because something happened. Or something happening became a larger possibility. But for the moment, if it does happen to someone you can bet after a lot of head scratching and posts on the discussion boards the next time that node did something like that or another node did the same thing a ban list is going to get to the top of the to do list.


Exactly and this is why it will never be a real threat because instead of the third guy whom you want to cheat, you can BE! that guy and take all the fees perfectly normal yourself! Trying to make the route longer but at the same time cheaper will act like the barrier, it's a no go!
I'm curious if such an attack which results in collecting a few milisatoshi now and then will ever make up for all the funding you have to set up in order to deploy your malicious network!

Considering that you'd have to repeat this attack millions of times before you can ever recoup the cost of hosting the servers monthly, I'm inclined to think its not practical.

For any of us here it's not viable, for a government or any organization with a bunch of hardware and a few programmers on staff it's not that difficult to do.
BUT, it's still not going to generate a profit, just destabilize the LN.

-Dave






legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
But, you have to always be in the position to rob the person in the middle. You need a lot of well connected nodes to do this and they have to be the cheapest way of routing. So you are charging low fees and locking up a lot of BTC in the hopes that people route enough money though you for this to work, and the fact that you don't get caught and booted off the network.

-Dave

How would you go about booting a LN router from the whole network? AFAIK, there isn't a banlist like Bitcoin Core has, or even if there is, it is non-trivial to detect that this kind of activity is happening.

Exactly and this is why it will never be a real threat because instead of the third guy whom you want to cheat, you can BE! that guy and take all the fees perfectly normal yourself! Trying to make the route longer but at the same time cheaper will act like the barrier, it's a no go!
I'm curious if such an attack which results in collecting a few milisatoshi now and then will ever make up for all the funding you have to set up in order to deploy your malicious network!

Considering that you'd have to repeat this attack millions of times before you can ever recoup the cost of hosting the servers monthly, I'm inclined to think its not practical.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
You need a lot of well connected nodes to do this and they have to be the cheapest way of routing. So you are charging low fees and locking up a lot of BTC in the hopes that people route enough money though you for this to work, and the fact that you don't get caught and booted off the network.

Exactly and this is why it will never be a real threat because instead of the third guy whom you want to cheat, you can BE! that guy and take all the fees perfectly normal yourself! Trying to make the route longer but at the same time cheaper will act like the barrier, it's a no go!
I'm curious if such an attack which results in collecting a few milisatoshi now and then will ever make up for all the funding you have to set up in order to deploy your malicious network!

Now if D would be able to do that without B, that would change things but since it can't, I think right now it's as dangerous as Foundry colluding with some guy in Nantucket to reverse his coffee purchases.

Unless they guy in Nantucket owns part of Foundry.

I know I have used it as an example before but I have to come back to the TV series Breaking In [ https://www.imdb.com/title/tt1630574/?ref_=fn_al_tt_3 ]
They had to steal a exotic car to test the dealers security and came up with a mission impossible type plan, with hacking key cards, defeating the alarm system, etc....
Wound up stealing the wrong car from the wrong car dealer [it's not great TV] but came back to the right car dealer and while standing in front of it, trying to figure out how to get the right car one of them turns to the other and says 'they really should have a gate here' picks up a rock and smashes the large window to get in and get the car.

Wormhole attacks ARE viable, but by the time you do your mission impossible plan someone came in and put up a $5 phony website selling something and got way more BTC then you can doing this attack.

Not saying that they should not be working on ways to mitigate it, just that it's not that big a deal.

-Dave
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
You need a lot of well connected nodes to do this and they have to be the cheapest way of routing. So you are charging low fees and locking up a lot of BTC in the hopes that people route enough money though you for this to work, and the fact that you don't get caught and booted off the network.

Exactly and this is why it will never be a real threat because instead of the third guy whom you want to cheat, you can BE! that guy and take all the fees perfectly normal yourself! Trying to make the route longer but at the same time cheaper will act like the barrier, it's a no go!
I'm curious if such an attack which results in collecting a few milisatoshi now and then will ever make up for all the funding you have to set up in order to deploy your malicious network!

Now if D would be able to do that without B, that would change things but since it can't, I think right now it's as dangerous as Foundry colluding with some guy in Nantucket to reverse his coffee purchases.

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
But, you have to always be in the position to rob the person in the middle. You need a lot of well connected nodes to do this and they have to be the cheapest way of routing. So you are charging low fees and locking up a lot of BTC in the hopes that people route enough money though you for this to work, and the fact that you don't get caught and booted off the network.

-Dave
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
Attack is always a reason for concern and I'm not a coder but wormhole attack seems to be very, very unlikely?

It depends.

Unlikely in the sense that it's hard to implement?
No, it seems like a rather straightforward attack.

Unlikely in the sense that one probably wouldn't run into it in the wild?
Yes, because it doesn't look especially profitable and worth the time beyond curiousity. (at least at a first glance, I might be missing something)
legendary
Activity: 4256
Merit: 8551
'The right to privacy matters'
today i would like to present you 4 slides about 'wormhole attack in lightning network'.
in a wormhole attack, a node operator with two nodes at the beginning and end of the route forwards a payment to itself, but cheats to steal honest charges from the nodes in the middle of the route.
in a nutshell, the wormhole attack allows two colliding users on a payment path to exclude intermediate users from participating in the successful completion of a payment, thereby stealing the payment fees which were intended for honest path nodes.

in the following github link this process is also explained: https://github.com/raiden-network/raiden/issues/3758
i also found a very interesting 30-page report on the subject: https://eprint.iacr.org/2018/472.pdf



https://twitter.com/BTCillustrated


So have any proven cases happened?

Seems to me in your example C would not be aware of the cheating or am I misunderstanding the reporting from node to node.

Would C say hey why did D not report to me.


Better yet is the A>B>C>D>E path traceable at all?

If it is not traceable and the node path can't be followed I see a lot of other issues.
member
Activity: 116
Merit: 76
Attack is always a reason for concern and I'm not a coder but wormhole attack seems to be very, very unlikely?
Like, if we will get visited by Aliens from a different Galaxy next 100 years? It is similarly unlikely.

Is it even possible to have a scenario where Lightning at a certain scale can be attacked? Even if, coders will have already a solution to prevent it?


What I want to ask:
Participants in a wormhole attack will suffer a loss or get punished? What is coder's approach to prevent such attack?
As usual, Bitcoin devs are known for developing a safe solution.
legendary
Activity: 3304
Merit: 8633
Crypto Swap Exchange
today i would like to present you 4 slides about 'wormhole attack in lightning network'.
in a wormhole attack, a node operator with two nodes at the beginning and end of the route forwards a payment to itself, but cheats to steal honest charges from the nodes in the middle of the route.
in a nutshell, the wormhole attack allows two colliding users on a payment path to exclude intermediate users from participating in the successful completion of a payment, thereby stealing the payment fees which were intended for honest path nodes.

in the following github link this process is also explained: https://github.com/raiden-network/raiden/issues/3758
i also found a very interesting 30-page report on the subject: https://eprint.iacr.org/2018/472.pdf



https://twitter.com/BTCillustrated
Jump to: