Paper 2021/855

Breaking and Fixing Virtual Channels: Domino Attack and Donner

Lukas Aumayr, TU Wien
Pedro Moreno-Sanchez, IMDEA Software Institute
Aniket Kate, Purdue University
Matteo Maffei, TU Wien
Abstract

Payment channel networks (PCNs) mitigate the scalability issues of current decentralized cryptocurrencies. They allow for arbitrarily many payments between users connected through a path of intermediate payment channels, while requiring interacting with the blockchain only to open and close the channels. Unfortunately, PCNs are (i) tailored to payments, excluding more complex smart contract functionalities, such as the oracle-enabling Discreet Log Contracts and (ii) their need for active participation from intermediaries may make payments unreliable, slower, expensive, and privacy-invasive. Virtual channels are among the most promising techniques to mitigate these issues, allowing two endpoints of a path to create a direct channel over the intermediaries without any interaction with the blockchain. After such a virtual channel is constructed, (i) the endpoints can use this direct channel for applications other than payments and (ii) the intermediaries are no longer involved in updates. In this work, we first introduce the Domino attack, a new DoS/griefing style attack that leverages virtual channels to destruct the PCN itself and is inherent to the design adopted by the existing Bitcoin-compatible virtual channels. We then demonstrate its severity by a quantitative analysis on a snapshot of the Lightning Network (LN), the most widely deployed PCN at present. We finally discuss other serious drawbacks of existing virtual channel designs, such as the support for only a single intermediary, a latency and blockchain overhead linear in the path length, or a non-constant storage overhead per user. We then present Donner, the first virtual channel construction that overcomes the shortcomings above, by relying on a novel design paradigm. We formally define and prove security and privacy properties in the Universal Composability framework. Our evaluation shows that Donner is efficient, reduces the on-chain number of transactions for disputes from linear in the path length to a single one, which is the key to prevent Domino attacks, and reduces the storage overhead from logarithmic in the path length to constant. Donner is Bitcoin-compatible and can be easily integrated in the LN.

Note: To appear at Network and Distributed System Security Symposium (NDSS) 2023.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Network and Distributed System Security Symposium (NDSS) 2023
DOI
10.14722/ndss.2023.24370
Keywords
blockchainsecurityprivacypayment channel networksvirtual channelsBitcoinLightning Network
Contact author(s)
lukas aumayr @ tuwien ac at
pedro moreno @ imdea org
aniket @ purdue edu
matteo maffei @ tuwien ac at
History
2023-01-23: last of 3 revisions
2021-06-24: received
See all versions
Short URL
https://ia.cr/2021/855
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/855,
      author = {Lukas Aumayr and Pedro Moreno-Sanchez and Aniket Kate and Matteo Maffei},
      title = {Breaking and Fixing Virtual Channels: Domino Attack and Donner},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/855},
      year = {2021},
      doi = {10.14722/ndss.2023.24370},
      url = {https://eprint.iacr.org/2021/855}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.