Postdoc Researcher Sergei joins Murch and Jonas to talk about channel balance probing in Lightning, privacy concerns in general, and the importance of researcher-developer collaboration.
We discuss:
- Sergei's background (1:50)
- Sergei's homepage with links to all prior research
- Lightning basics (2:50)
- Why LN payments fail (3:40)
- Why privacy is important (5:30)
- Privacy potential of Lightning vs L1 Bitcoin (6:40)
- How probing works (8:40)
- Why is balance discovery bad? (11:30)
- Persistent identities in Lightning (13:00)
- Multi-vector security model and trade-offs (17:45)
- "Twitter for your bank account" meme (20:20)
- The danger of overestimating Bitcoin's privacy (21:00)
- Lightning integrations and walled gardens (22:00)
- Lightning Service Providers and LN's centralized topology (23:05)
- LNBIG booth in El Salvador (25:30)
- Potential oligopoly of large nodes (27:15)
- Probing parallel channels (28:30)
- Analysis and Probing of Parallel Channels paper
- Combining probing with jamming (33:00)
- The limit on in-flight payments (36:00)
- StackExchange answer about transaction size limit
- Bad and good probing (41:20)
- Countermeasures and reputation (44:00)Overview of anti-jamming measures
- Hub-and-spoke terminology and aviation analogy (49:00)
- Doing research in Bitcoin and Lightning (53:10)
- Why Bitcoin is unique (55:10)
- Researcher-developer collaboration (58:00)
Related research:
- On the Difficulty... -- the first paper about LN balance probing
- An Empirical Analysis paper about three LN attack vectors including probing
- Counting Down Thunder paper about timing attacks
- Congestion Attacks paper about jamming
- Cross-layer Deanonymization paper about linking L1 and L2
- Flood & Loot paper about malicious fee negotiation strategies
- Hijacking Routes paper about adversarial fee undercutting
Thanks to Justin for the sound engineering.