Congestion Attacks in Payment Channel Networks (2002.06564v4)

Abstract: Payment channel networks provide a fast and scalable solution to relay funds, acting as a second layer to slower and less scalable blockchain protocols. In this paper, we present an accessible, low-cost attack in which the attacker paralyzes multiple payment network channels for several days. The attack is based on overloading channels with requests that are kept unresolved until their expiration time. Reaching the maximum allowed unresolved requests (HTLCs) locks the channel for new payments. The attack is in fact inherent to the way off-chain networks are constructed, since limits on the number of unresolved payments are derived from limits on the blockchain. We consider three main versions of the attack: one in which the attacker attempts to block as many high liquidity channels as possible, one in which it disconnects as many pairs of nodes as it can, and one in which it tries to isolate individual nodes from the network. We evaluate the costs of these attacks on Bitcoin's Lightning Network and compare how changes in the network have affected the cost of attack. Specifically, we consider how recent changes to default parameters in each of the main Lightning implementations contribute to the attacks. As we evaluate the attacks, we also look at statistics on parameters in the Lightning Network, which are of independent interest and compare the various implementations of Lightning nodes. Finally, we suggest mitigation techniques that make these attacks much harder to carry out.

• The paper analyzes how attackers can exploit Hashed Time-Lock Contract (HTLC) limitations in payment channel networks like Bitcoin's Lightning Network to cause network congestion and disruption.
• Analysis shows that these congestion attacks are feasible and low-cost, capable of locking a majority of network funds with minimal investment from an adversary.
• Proposed mitigation strategies include enforcing faster HTLC resolution, reducing allowed payment route lengths, and adjusting HTLC limits based on node trust levels.

Congestion Attacks in Payment Channel Networks: An Analytical Perspective

The paper by Mizrahi and Zohar titled "Congestion Attacks in Payment Channel Networks" presents a detailed analysis of vulnerabilities in the design of off-chain payment channel networks, specifically focusing on Bitcoin's Lightning Network. These networks, intended as scalable solutions to blockchain limitations, are susceptible to congestion attacks owing to their intrinsic architecture which is reliant on hashed time-lock contracts (HTLCs). The authors explore the feasibility, cost, and impact of these attacks, providing a clear framework for understanding their implications and proposing mitigation strategies.

Overview of the Attack Mechanism

Payment channel networks are constructed using HTLCs, which allow conditional payments across multiple channels. These contracts require a cryptographic proof within a specified time frame in order for the transaction to execute. A vulnerability arises because each channel has a limit on the number of concurrent unresolved HTLCs. The paper suggests an attack exploiting this limitation by overloading channels with payments that are withheld until expiration, effectively locking the channel and preventing further transactions.

Three variants of the attack are considered:

1. Targeting High Liquidity Channels: This approach seeks to paralyze channels with significant liquidity by filling their HTLC capacity.
2. Network Disconnection: By strategically locking channels, the attacker can disconnect nodes from the network, breaking it into isolated components.
3. Node Isolation: Individual nodes are isolated by saturating their network connections, especially those nodes with significant transactional throughput (hubs).

Analytical Evaluation

The paper employs a varied methodology to analyze these attack vectors, including real-world statutes and simulation-based experiments. Results show that the attacker can employ minimal resources—less than half a Bitcoin—to lock the majority of the funds within the network for extended periods. The network's evolving topography over time has also been examined, revealing heightened vulnerability due to changes in default protocol parameters—specifically the values of cltvdelta and maxlock.

The practical cost of executing these attacks involves the expense associated with opening channels and provisioning them with liquidity, though much of this liquidity is not permanently lost. The evaluation concludes that the Lightning Network as it currently stands can be significantly disrupted without substantial investment from the adversary.

Mitigation Strategies

To counteract these vulnerabilities, several mitigation strategies are proposed:

• Fast HTLC Resolution Enforcement: Implementing a tighter deadline on HTLC resolution to force disconnection with any node attempting to withhold HTLC completion.
• Reduction in Route Length: Reducing the maximum allowable path length for payments to a figure realistic with the network's small-world property.
• Trust-Based HTLC Configuration: Adjusting the maximum number of allowed HTLCs based on the trust level of a node's counterparties.
• Loop Avoidance: Preventing the construction of payment routes that redundantly traverse the same channel multiple times.

These proposed solutions, focused on modifying protocol configurations, aim to reduce the efficiency and feasibility of attacks without diminishing the network's utility.

Conclusions and Future Work

This research highlights fundamental flaws in the architecture of payment channel networks, demanding further exploration into their robustness and scalability. The simplicity with which malicious actions can be performed emphasizes a need for evolving security measures. Future work may explore the balance between channel operational performance and the security measures that must be adopted to ensure adequate protection against such congestion attacks.

In sum, Mizrahi and Zohar provide a critical examination of the Lightning Network's vulnerabilities, presenting insights that are essential for researchers focused on network security and scalability challenges inherent to distributed ledger technologies.