Difference between revisions of "Lightning Network"

From CryptoWiki

Line 26: Line 26:
== Bugs ==
== Bugs ==


* Mass exit attacks as a concept were described in a [https://arxiv.org/pdf/2208.01908.pdf thesis] from the University of Illinois at Chicago (8-2022).
* [https://decrypt.co/111642/enormous-multi-sig-transaction-briefly-crashes-bitcoins-lightning-network From] [[Decrypt (DCPT)|Decrypt]] (11-10-2022):
''"A validation bug caused by a complex [[Multi-Signature|multi-sig]] transaction temporarily disrupted a popular implementation of Bitcoin’s Lightning Network. What Burak Keceli, the founder of Bitmatrix, did was to create a 998-of-999 multisig transaction on Bitcoin, meaning it required 998 private key signatures to authenticate the transaction—an enormously complex and unusual task in itself. The Lightning Network never crashed, but instead came out of sync after missing one block."''
*Mass exit attacks as a concept were described in a [https://arxiv.org/pdf/2208.01908.pdf thesis] from the University of Illinois at Chicago (8-2022).
* [[CoinDesk]] [https://www.coindesk.com/bitcoin-lightning-network-vulnerabilities-not-exploited-yet wrote] about 4 vulnerabilities disclosed by a Lightning Network dev and other researchers, at the time of writing these vulnerabilities have not been exploited (28-10-2020).
* [[CoinDesk]] [https://www.coindesk.com/bitcoin-lightning-network-vulnerabilities-not-exploited-yet wrote] about 4 vulnerabilities disclosed by a Lightning Network dev and other researchers, at the time of writing these vulnerabilities have not been exploited (28-10-2020).
* [https://www.coindesk.com/lightning-vulnerability-ind-node-operators-upgrade-asap From] [[Coindesk|CoinDesk]] (9-10-2020):
* [https://www.coindesk.com/lightning-vulnerability-ind-node-operators-upgrade-asap From] [[Coindesk|CoinDesk]] (9-10-2020):

Revision as of 06:15, 13 October 2022

Basics

  • Based on Poon-Dryja’s payment channels construction. The concept of the Lightning Network was proposed in 2015, and the first implementation was launched in 2018.
  • A Second Layer payment service on top of Bitcoin. The Lightning network proposes to reduce transaction costs for Bitcoin by allowing nodes to hold some transaction data in the cache before submitting it to the chain.
  • There are three main lightning network implementations: Acinq’s Eclair, Blockstream’s c-lightning, and Lightning Lab’s lnd.
  • The specs of LN passed a security test done by two scientists (one from IOHK)
  • "Bitcoin Lightning network has reached 4,070 nodes and a ₿338.76 capacity; according to data from 1ML the network now houses 11,448 open payment channels; the average capacity for each node and payment channel comes in at ₿0.114 ($633) and ₿0.019 ($107) respectively, and with transaction fees at 1 satoshi (~ $0.000056); the average age of each node is just 137 days old."

Tech

Watchtowers

"Watchtowers are services that broadcast a pre-programmed transaction if they detect that one of their client’s channels is being closed using an older state; this allows their clients to go offline without risking a loss of funds."

Eltoo

"Eltoo is a proposed enforcement layer for LN that allows any later channel state to replace any earlier channel state. Although eltoo can be used with a penalty mechanism similar to the one used with existing LN channels, eltoo doesn’t need the penality mechanism in order to be secure.

If eltoo is used without a penalty mechanism, there’s no harm in publishing an old state, except that it costs transaction fees to publish. This makes it less dangerous to try to restore an LN node from a backup after a sudden failure or some other problem. It also makes it much simpler for three or more parties to open a single LN channel together, enabling features such as channel factories.

Another consequence of LN channels without penalties is that LN nodes using eltoo only need to store the latest state. For certain devices that lack large amounts of persistent storage (for example, hardware wallets), they may not be able to store enough data to effectively use penalty-based LN—but as long as they can store a few kB, they should be able to use eltoo-based LN."

"Conner Fromknecht started a thread asking what data watchtowers would need to store for eltoo and how that would affect the scalability of watchtowers or the privacy of their clients. One option would be for a watchtower to store only the latest update transaction. This is highly scalabale because it only requires a constant amount of storage per channel, and it’s secure because only the final settlement transaction can spend from the final update transaction. The offline node can broadcast the settlement transaction whenever it next comes online, even if that is months or years later.

An alternative mechanism discussed would be for the watchtower to also store the settlement transaction. This could provide additional safety in case the node lost all data while it was offline by sending funds to the node’s desired withdrawal address (such as an address in its cold wallet). However, it would increase the storage requirements for watchtowers and, worse, the obvious way to implement it would significantly reduce user privacy by giving watchtowers enough data to learn details about previous payments made in the user’s payment channels. Some participants in the thread discussed ways to obtain the safety benefits while mitigating the privacy loss, although no clear conclusion was reached in the thread as of this writing."

Bugs

"A validation bug caused by a complex multi-sig transaction temporarily disrupted a popular implementation of Bitcoin’s Lightning Network. What Burak Keceli, the founder of Bitmatrix, did was to create a 998-of-999 multisig transaction on Bitcoin, meaning it required 998 private key signatures to authenticate the transaction—an enormously complex and unusual task in itself. The Lightning Network never crashed, but instead came out of sync after missing one block."

  • Mass exit attacks as a concept were described in a thesis from the University of Illinois at Chicago (8-2022).
  • CoinDesk wrote about 4 vulnerabilities disclosed by a Lightning Network dev and other researchers, at the time of writing these vulnerabilities have not been exploited (28-10-2020).
  • From CoinDesk (9-10-2020):

"A vulnerability in LND versions 0.10.x and below has been disclosed to the Lightning Labs team, according to engineer Conner Fromknecht in the Lightning Network developer channel Thursday. In light of the disclosure, the firm is urging node operators to upgrade to versions 0.11.0 or higher as soon as possible."

"Researchers from The Hebrew University of Jerusalem and the University of Vienna published findings regarding how off-chain transaction networks can “introduce a new attack surface which is not well-understood today.” They analyzed “a novel Denial-of-Service attack which is based on route hijacking, i.e., which exploits the way transactions are routed and executed along the created channels of the network,” singling out the Lightning Network as being particularly vulnerable."

Usage

  • Got passed (11-3-2020) in terms of BTC locked up by WBTC. Since than has been completely dwarfed by BTC on Ethereum (6-2021).

"The recent spike in WBTC further extends its lead over Bitcoin’s Lightning Network in terms of value locked. For reference, Bitcoin’s leading scaling solution currently aggregates less than 1,000 BTC locked since launching in January 2018. Now with 2,300 WBTC circulating the Ethereum economy, Ethereum’s BTC alternative has cemented its lead with well-over twice as much value locked."

"Lightning set the prior high of $12.37 million, surpassing the long-standing previous mark of $12.3 million that was reached in early July 2019 and lasted for 405 days. The total number of bitcoins held on Lightning sits at 1,060, up 24% so far this year, but still remains below the record high of 1,105 BTC set in early May 2019."

"There are now 9,300 public nodes in the Lightning Network, an 80% increase year-to-date!"

Projects that use or built on it

  1. "Over 400 merchants claim support for LN payments with the number growing steadily at almost constant pace
  2. 322 apps/projects were observed as part of the Lightning ecosystem (for quick reference the numbers were around 93 and 151 in 2018 and 2019 respectively)
  3. Ecosystem growth is mainly driven by Lightning native projects (282 started in 2017 and later); but adoption of the technology among incumbent crypto companies is also notable (40 companies founded prior to 2017 claim lightning support)
  4. Software components and developer tools came out as the single most represented category with 77 (25%) of all projects indicating that we are now in the active phase of building out the infrastructure layer. The share of this category when combined with Node management would be 120 or 37%)
  5. Financial infrastructure and LiFi (a term supposedly introduced in the Lightning Labs newsletter) is the second prevailing segment (49 or 15%). Yes, we are building a financial system first of all!
  6. Further on, substantial project activity is observed in wallet and gaming segments (90 or 28%) indicating that consumer use cases are dominating the minds of developers
  7. Earning, stacking and tipping are very popular use cases too, though merchant-focused services did not see much innovation in 2020, while experiments with social apps have remained steady."

Critiques

  • Mikhail Nikulin; co-founder, CTO of Lykke tried out a Lightning Network kinda version on Lykke itself and now claims that it won't work due to fees for opening channels.
  • This (overall positive post) on LN by BitFury also listed a couple con's
  1. "In the 2018 research paper, How to Charge Lightning, the author states that one of the key unknowns is what economic effect, if any, the Lightning Network will produce on the bitcoin fee market. “As the block reward in bitcoin declines (halving every four years), the reliance on fees increases and these must suffice to pay for enough mining by honest participants,” the report reads. The 28-page study found that, while the Lightning Network does in fact allow a greater number of transactions to pass through the system, that doesn’t necessarily mean higher fees to miners. The report’s authors conclude that this may lead to lower mining participation within the system.
  2. In 2016, Dryja said that making a profit from the Lightning Network would be really hard, as it doesn’t have the similar economic benefit of mining the Bitcoin Blockchain and it is difficult to set up Lightning Network nodes.
  3. In this post, Justin Goro, editor of the Social Revolution, states that while use of the Lightning Network will reduce blockchain fees substantially as competition on the blockchain declines, they won’t be reduced to zero. Lightning fees consist of opening and closing channels and fees for routing payments."
  • Antoine Riard posted (12-2019) to the Lightning-Dev mailing list a description of two attacks possible against LN users if they are eclipse attacked and the attacker delays the relay of blocks.
  • From CoinSpice (26-11-2019) which is a well known Lightning critic:

"The Institute for Computer Science and Control (SZTAKI) in Hungary released, A Cryptoeconomic Traffic Analysis of Bitcoin’s Lightning Network. The 21-page study examined the second layer solution to the notorious scaling issues plaguing the world’s most popular cryptocurrency, BTC. They concluded the Lightning Network (LN) is economically irrational and has privacy shortcomings."

"Released earlier this month, the paper "Lightning Network: a second path towards centralisation of the Bitcoin economy" (by researchers Jian-Hong Lin, Kevin Primicerio, Tiziano Squartini, Christian Decker and Claudio J. Tessone) concludes that lightning has an "unequal wealth distribution" of bitcoin (BTC). Specifically, the researchers found that 10 percent of the nodes control 80 percent of funds on the network. If most of the bitcoin is held mostly on a few nodes, this could make the network more vulnerable to attacks because removing these routing nodes would leave gaping holes.

To be sure, engineer Christian Decker, a lightning engineer at bitcoin tech startup Blockstream and one of the paper's authors, said he is not worried about this state of affairs lasting. This trend toward centralization is "likely temporary," he tweeted. He and other lightning developers are "working to make it easier for operators to build redundancies into the network.""

  • Have to run a node and must be online to receive payments.
  • Using a third party's node means they can spend your coins.
  • Coins are stored as files because there is no LN blockchain, disk corruption with no backup means your money is gone.

Competition

Apart from Layer 1 alternatives (such as Bitcoin Cash proposes) there are also other Layer 2 projects.

Team, Funding, Partners

Team

Lightning Labs

  • From their blog (5-4-2022):

"Today we’re announcing Taro, a new protocol to expand the global reach of bitcoin and Lightning by making it a multi-asset network, along with $70M in Series B funding by investors including Valor, Baillie Gifford, Goldcrest, Kingsway, Stillmark, Brevan Howard, NYDIG, M13, Craft, and more."

"Backed by Silicon Valley and crypto heavy-weights including Twitter and Square CEO Jack Dorsey, Square executive Jacqueline Reses, and Litecoin creator Charlie Lee, Lightning Labs is developing Bitcoin’s much anticipated scaling solution, Lightning. This programmable financial layer for the internet is like the Visa network for bitcoin, enabling instant, high volume transactions with fees far lower than credit cards. Launched in 2016, and helmed by Elizabeth Stark, Lightning Labs follows an unrelenting release schedule to develop the technologies that other lightening startups rely on, like Lightning Loop, which will make it easier to transact over Lightning. In February, the company announced its $10M Series A financing round led by Craft Ventures."

"Lightning Labs today came out with Lightning Pool, a marketplace where node operators can buy the liquidity they need to run the network. On LiFi, “Pool sellers can earn yield on real bitcoin without trusting a third party or losing custody of their funds. This yield is earned from buyers on Pool willing to pay a premium for access to new capital on Lightning without counterparty risk.”"