Postdoc Researcher Sergei joins Murch and Jonas to talk about channel balance probing in Lightning, privacy concerns in general, and the importance of researcher-developer collaboration.

anchor.fm

We discuss:

• Sergei’s background (1:50)
  • Sergei’s homepage with links to all prior research
• Lightning basics (2:50)
• Why LN payments fail (3:40)
• Why privacy is important (5:30)
• Privacy potential of Lightning vs L1 Bitcoin (6:40)
• How probing works (8:40)
• Why is balance discovery bad? (11:30)
• Persistent identities in Lightning (13:00)
• Multi-vector security model and trade-offs (17:45)
  • “Twitter for your bank account” meme (20:20)
• The danger of overestimating Bitcoin’s privacy (21:00)
• Lightning integrations and walled gardens (22:00)
• Lightning Service Providers and LN’s centralized topology (23:05)
• LNBIG booth in El Salvador (25:30)
• Potential oligopoly of large nodes (27:15)
• Probing parallel channels (28:30)
  • Analysis and Probing of Parallel Channels paper
• Combining probing with jamming (33:00)
• The limit on in-flight payments (36:00)
  • StackExchange answer about transaction size limit
• Bad and good probing (41:20)
• Countermeasures and reputation (44:00)
  • Overview of anti-jamming measures
• Hub-and-spoke terminology and aviation analogy (49:00)
• Doing research in Bitcoin and Lightning (53:10)
• Why Bitcoin is unique (55:10)
• Researcher-developer collaboration (58:00)

Related research:

• On the Difficulty… – the first paper about LN balance probing
• An Empirical Analysis paper about three LN attack vectors including probing
• Counting Down Thunder paper about timing attacks
• Congestion Attacks paper about jamming
• Cross-layer Deanonymization paper about linking L1 and L2
• Flood & Loot paper about malicious fee negotiation strategies
• Hijacking Routes paper about adversarial fee undercutting

Thanks to Justin for the sound engineering.