Saved in:
Bibliographic Details
Main Authors: Weintraub, Ben, Kumble, Satwik Prabhu, Nita-Rotaru, Cristina, Roos, Stefanie
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2405.02147
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910433932214272
author Weintraub, Ben
Kumble, Satwik Prabhu
Nita-Rotaru, Cristina
Roos, Stefanie
author_facet Weintraub, Ben
Kumble, Satwik Prabhu
Nita-Rotaru, Cristina
Roos, Stefanie
contents The Lightning Network, a payment channel network with a market cap of over 192M USD, is designed to resolve Bitcoin's scalability issues through fast off-chain transactions. There are multiple Lightning Network client implementations, all of which conform to the same textual specifications known as BOLTs. Several vulnerabilities have been manually discovered, but to-date there have been few works systematically analyzing the security of the Lightning Network. In this work, we take a foundational approach to analyzing the security of the Lightning Network with the help of formal methods. Based on the BOLTs' specifications, we build a detailed formal model of the Lightning Network's single-hop payment protocol and verify it using the Spin model checker. Our model captures both concurrency and error semantics of the payment protocol. We then define several security properties which capture the correct intermediate operation of the protocol, ensuring that the outcome is always certain to both channel peers, and using them we re-discover a known attack previously reported in the literature along with a novel attack, referred to as a Payout Race. A Payout Race consists of a particular sequence of events that can lead to an ambiguity in the protocol in which innocent users can unwittingly lose funds. We confirm the practicality of this attack by reproducing it in a local testbed environment.
format Preprint
id arxiv_https___arxiv_org_abs_2405_02147
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Payout Races and Congested Channels: A Formal Analysis of Security in the Lightning Network
Weintraub, Ben
Kumble, Satwik Prabhu
Nita-Rotaru, Cristina
Roos, Stefanie
Cryptography and Security
The Lightning Network, a payment channel network with a market cap of over 192M USD, is designed to resolve Bitcoin's scalability issues through fast off-chain transactions. There are multiple Lightning Network client implementations, all of which conform to the same textual specifications known as BOLTs. Several vulnerabilities have been manually discovered, but to-date there have been few works systematically analyzing the security of the Lightning Network. In this work, we take a foundational approach to analyzing the security of the Lightning Network with the help of formal methods. Based on the BOLTs' specifications, we build a detailed formal model of the Lightning Network's single-hop payment protocol and verify it using the Spin model checker. Our model captures both concurrency and error semantics of the payment protocol. We then define several security properties which capture the correct intermediate operation of the protocol, ensuring that the outcome is always certain to both channel peers, and using them we re-discover a known attack previously reported in the literature along with a novel attack, referred to as a Payout Race. A Payout Race consists of a particular sequence of events that can lead to an ambiguity in the protocol in which innocent users can unwittingly lose funds. We confirm the practicality of this attack by reproducing it in a local testbed environment.
title Payout Races and Congested Channels: A Formal Analysis of Security in the Lightning Network
topic Cryptography and Security
url https://arxiv.org/abs/2405.02147