According to developers, the privacy and efficiency level in Lightning Network is not optimal. They propose including a process for routing and another for privacy.
A group of developers recently submitted a proposal to improve the routing and privacy efficiency of Lightning Network’s payment channels. Said document describes their aim to improve the ability of the network to correct errors in those two aspects.
The submission of the proposal occurred at the beginning of April. This idea stems from a study on privacy on the Lightning Network by developers René Pickhardt, Sergei Tikhomirov, Alex Biryukov, and Mariusz Nowostawski.
In their study, this group determined that an attacker could easily discover channel balances using probing. In other words, the privacy of the channels on the network is at risk. The text especially highlights that an attack like that lasts less than a minute per channel and requires a moderate commitment of capital with no expenditure.
Those findings led the team behind the study to conclude that the balance between the privacy and the efficiency of LN’s routing is “suboptimal”. In other words, the channels are “not well protected”.
To solve the problem of privacy, the group proposes a change in the handling of errors that hides the details from the wrong channel of the sending node. They consider that this modification would break with the probing technique that allowed them to discover the balances. However, it would put efficiency at risk, making routing failures more common.
According to the developers, a new API (Application Programming Interface) call would solve this second element, since it would allow the sender to check the balances of the channels of which it is not part. By doing so, they seek to improve the process of finding the route to process payments.
Recent LN Vulnerabilities and Proposals
Amid the continued development of the Lightning Network, there are several recently released vulnerabilities and improvement proposals. Among them, the most prominent is the launch of Loop Beta, a product that Lightning Labs developed to improve liquidity and facilitate the management of payment channels.
More recently, the same startup introduced LSAT, a new standard for authentication and payments for online services through the Lightning Network.
Among the vulnerabilities, one of the most relevant is the appearance of “zombie channels”, which used to be active but look as though they still were. However, they are not currently useful. These channels violate the bandwidth of the network and alter the routing performance by inflating the number of available channels.
In early March, a group of researchers from the University of Jerusalem published a study in which they determined that LN is vulnerable to overload attacks or congestion on payment channels.
Among the conclusions of the study, the experts also establish that this type of attack would not have a high cost for those who conduct it. Similarly, the Pickhardt team determined that probing threatens privacy in the Lightning Network.
By Alexander Salazar