Aumayr, L., Avarikioti, Z., Maffei, M., & Mazumdar, S. (2024). Securing Lightning Channels against Rational Miners. In B. Luo, X. Liao, & J. Xu (Eds.), Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security (pp. 393–407). https://doi.org/10.1145/3658644.3670373
Payment channel networks (e.g., the Lightning Network in Bit- coin) constitute one of the most popular scalability solutions for blockchains. Their safety relies on parties being online to detect fraud attempts on-chain and being able to timely react by pub- lishing certain transactions on-chain. However, a cheating party may bribe miners in order to censor those transactions, resulting in loss of funds for the cheated party: these attacks are known in the literature as timelock bribing attacks. In this work, we present the first channel construction that does not require parties to be online and, at the same time, is resistant to timelock bribing attacks. We start by proving for the first time that Lightning channels are secure against timelock bribing attacks in the presence of rational channel parties under the assumption that these parties constantly monitor the mempool and never deplete the channel in one di- rection. The latter underscores the importance of keeping a coin reserve in each channel as implemented in the Lightning Network, albeit for different reasons. We show, however, that the security of the Lightning Network against Byzantine channel parties does not carry over to a setting in which miners are rational and accept timelock bribes. Next, we introduce CRAB, the first Lightning-compatible chan- nel construction that provides security against Byzantine channel parties and rational miners. CRAB leverages miners’ incentives to safeguard the channel, thereby also forgoing the unrealistic assump- tion of channel parties constantly monitoring the mempool. Finally, we show how our construction can be refined to elimi- nate the major assumption behind payment channels, i.e., the need for online participation. To that end, we present Sleepy CRAB the first provably secure channel construction under rational miners that enables participants to go offline indefinitely. We also provide a proof-of-concept implementation of Sleepy CRAB and evaluate its cost in Bitcoin, thereby demonstrating its practicality.
This
en
Project title:
Foundations and Tools for Client-Side Web Security: 771527 (Europäischer Forschungsrat (ERC)) Semantische und kryptografische Grundlagen von Informationssicherheit und Datenschutz durch modulares Design: F 8500 (FWF - Österr. Wissenschaftsfonds) Ein zusammensetzbarer rationaler Rahmen für Blockchains: ESP 68-N (FWF - Österr. Wissenschaftsfonds) Privacy-Preserving Regulatory Technologies for Distributed Ledger Technologies: 864738 (FFG - Österr. Forschungsförderungs- gesellschaft mbH) Distributed-Ledger-Entwicklung und -Implementierung: ABC Research GmbH (ABC Research GmbH) Security and Privacy for the COMIT Network: Funding Agreement coblox (CoBloX Pty Ltd.) Blockchaintechnologien für das Internet der Dinge: CDL-BOT (Christian Doppler Forschungsgesells) Scalable, Private, and Interoperable Layer 2: ICT22-045 (WWTF Wiener Wissenschafts-, Forschu und Technologiefonds)
CC BY 4.0
