-
SoK: Cross-Chain Bridging Architectural Design Flaws and Mitigations
Authors:
Jakob Svennevik Notland,
Jinguye Li,
Mariusz Nowostawski,
Peter Halland Haro
Abstract:
Cross-chain bridges are solutions that enable interoperability between heterogeneous blockchains. In contrast to the underlying blockchains, the bridges often provide inferior security guarantees and have been targets of hacks causing damage in the range of 1.5 to 2 billion USD in 2022. The current state of bridge architectures is that they are ambiguous, and there is next to no notion of how diff…
▽ More
Cross-chain bridges are solutions that enable interoperability between heterogeneous blockchains. In contrast to the underlying blockchains, the bridges often provide inferior security guarantees and have been targets of hacks causing damage in the range of 1.5 to 2 billion USD in 2022. The current state of bridge architectures is that they are ambiguous, and there is next to no notion of how different architectures and their components are related to different vulnerabilities. Throughout this study, we have analysed 60 different bridges and 34 bridge exploits in the last three years (2021-2023). Our analyses identified 13 architectural components of the bridges. We linked the components to eight types of vulnerabilities, also called design flaws. We identified prevention measures and proposed 11 impact reduction measures based on the existing and possible countermeasures to address the imminent exploits of the design flaws. The results are meant to be used as guidelines for designing and implementing secure cross-chain bridge architectures, preventing design flaws, and mitigating the negative impacts of exploits.
△ Less
Submitted 1 March, 2024;
originally announced March 2024.
-
An Empirical Study on Governance in Bitcoin's Consensus Evolution
Authors:
Jakob Svennevik Notland,
Mariusz Nowostawski,
Jingyue Li
Abstract:
Blockchain systems run consensus rules as code to agree on the state of the distributed ledger and secure the network. Changing these rules can be risky and challenging. In addition, it can often be controversial and take much effort to make all the necessary participants agree to adopt a change. Arguably, Bitcoin has seen centralisation tendencies in pools and in development. However, how these t…
▽ More
Blockchain systems run consensus rules as code to agree on the state of the distributed ledger and secure the network. Changing these rules can be risky and challenging. In addition, it can often be controversial and take much effort to make all the necessary participants agree to adopt a change. Arguably, Bitcoin has seen centralisation tendencies in pools and in development. However, how these tendencies influence blockchain governance has received minimal community and academic attention. Our study analyses the governmental structures in a blockchain by looking into the history of Bitcoin. We investigate the process of changing consensus rules through a grounded theory analysis comprising quantitative and qualitative data from 34 consensus forks in Bitcoin and Bitcoin Cash. The results reveal the decentralised behaviour in Bitcoin and blockchain. Our results are in contrast to related work, emphasising centralisation among miners and developers. Furthermore, our results show how the consensus-driven deployment techniques and governance of consensus rules are intertwined.
△ Less
Submitted 14 February, 2024; v1 submitted 6 May, 2023;
originally announced May 2023.
-
Security and Privacy of Lightning Network Payments with Uncertain Channel Balances
Authors:
Rene Pickhardt,
Sergei Tikhomirov,
Alex Biryukov,
Mariusz Nowostawski
Abstract:
The Lightning Network (LN) is a prominent payment channel network aimed at addressing Bitcoin's scalability issues. Due to the privacy of channel balances, senders cannot reliably choose sufficiently liquid payment paths and resort to a trial-and-error approach, trying multiple paths until one succeeds. This leaks private information and decreases payment reliability, which harms the user experien…
▽ More
The Lightning Network (LN) is a prominent payment channel network aimed at addressing Bitcoin's scalability issues. Due to the privacy of channel balances, senders cannot reliably choose sufficiently liquid payment paths and resort to a trial-and-error approach, trying multiple paths until one succeeds. This leaks private information and decreases payment reliability, which harms the user experience. This work focuses on the reliability and privacy of LN payments. We create a probabilistic model of the payment process in the LN, accounting for the uncertainty of the channel balances. This enables us to express payment success probabilities for a given payment amount and a path. Applying negative Bernoulli trials for single- and multi-part payments allows us to compute the expected number of payment attempts for a given amount, sender, and receiver. As a consequence, we analytically derive the optimal number of parts into which one should split a payment to minimize the expected number of attempts. This methodology allows us to define service level objectives and quantify how much private information leaks to the sender as a side effect of payment attempts. We propose an optimized path selection algorithm that does not require a protocol upgrade. Namely, we suggest that nodes prioritize paths that are most likely to succeed while making payment attempts. A simulation based on the real-world LN topology shows that this method reduces the average number of payment attempts by 20% compared to a baseline algorithm similar to the ones used in practice. This improvement will increase to 48% if the LN protocol is upgraded to implement the channel rebalancing proposal described in BOLT14.
△ Less
Submitted 15 March, 2021;
originally announced March 2021.
-
Probing Channel Balances in the Lightning Network
Authors:
Sergei Tikhomirov,
Rene Pickhardt,
Alex Biryukov,
Mariusz Nowostawski
Abstract:
As Lightning network payments are neither broadcasted nor publicly stored. Thus LN has been seen not only as scalability but also as privacy solution for Bitcoin. The protocol guarantees that only the latest channel state can be confirmed on channel closure. LN nodes gossip about channels available for routing and their total capacities. To issue a (multi-hop) payment, the sender creates a route b…
▽ More
As Lightning network payments are neither broadcasted nor publicly stored. Thus LN has been seen not only as scalability but also as privacy solution for Bitcoin. The protocol guarantees that only the latest channel state can be confirmed on channel closure. LN nodes gossip about channels available for routing and their total capacities. To issue a (multi-hop) payment, the sender creates a route based on its local knowledge of the graph. As local channel balances are not public, payments often fail due to insufficient balance at an intermediary hop. In that case, the payment is attempted along multiple routes until it succeeds. This constitutes a privacy-efficiency tradeoff: hidden balances improve privacy but hinder routing efficiency. In this work, we show that an attacker can easily discover channel balances using probing. This takes under a minute per channel and requires moderate capital commitment and no expenditures. We describe the algorithm and test our proof-of-concept implementation on Bitcoin's testnet. We argue that LN's balance between privacy and routing efficiency is suboptimal: channel balances are neither well protected nor utilized. We outline two ways for LN to evolve in respect to this issue. To emphasize privacy, we propose a modification of error handling that hides details of the erring channel from the sending node. This would break our probing technique but make routing failures more common, as the sender would not know which channel from the attempted route has failed. To improve efficiency, we propose a new API call that would let the sender query balances of channels that it is not a party of. We argue that combining these approaches can help LN take the best of both worlds: hide private data when feasible, and utilize public data for higher routing efficiency.
△ Less
Submitted 1 April, 2020;
originally announced April 2020.
-
Imbalance measure and proactive channel rebalancing algorithm for the Lightning Network
Authors:
Rene Pickhardt,
Mariusz Nowostawski
Abstract:
Making a payment in a privacy-aware payment channel network is achieved by trying several payment paths until one succeeds. With a large network, such as the Lightning Network, a completion of a single payment can take up to several minutes. We introduce a network imbalance measure and formulate the optimization problem of improving the balance of the network as a sequence of rebalancing operation…
▽ More
Making a payment in a privacy-aware payment channel network is achieved by trying several payment paths until one succeeds. With a large network, such as the Lightning Network, a completion of a single payment can take up to several minutes. We introduce a network imbalance measure and formulate the optimization problem of improving the balance of the network as a sequence of rebalancing operations of the funds within the channels along circular paths within the network. As the funds and balances of channels are not globally known, we introduce a greedy heuristic with which every node despite the uncertainty can improve its own local balance. In an empirical simulation on a recent snapshot of the Lightning Network we demonstrate that the imbalance distribution of the network has a Kolmogorov-Smirnoff distance of 0.74 in comparison to the imbalance distribution after the heuristic is applied. We further show that the success rate of a single unit payment increases from 11.2% on the imbalanced network to 98.3% in the balanced network. Similarly, the median possible payment size across all pairs of participants increases from 0 to 0.5 mBTC for initial routing attempts on the cheapest possible path. We provide an empirical evidence that routing fees should be dropped for proactive rebalancing operations. Executing 4 different strategies for selecting rebalancing cycles lead to similar results indicating that a collaborative approach within the friend of a friend network might be preferable from a practical point of view
△ Less
Submitted 19 December, 2019;
originally announced December 2019.
