Mariusz Nowostawski

Rene Pickhardt, Sergei Tikhomirov, Alex Biryukov et al.

The Lightning Network (LN) is a prominent payment channel network aimed at addressing Bitcoin's scalability issues. Due to the privacy of channel balances, senders cannot reliably choose sufficiently liquid payment paths and resort to a trial-and-error approach, trying multiple paths until one succeeds. This leaks private information and decreases payment reliability, which harms the user experience. This work focuses on the reliability and privacy of LN payments. We create a probabilistic model of the payment process in the LN, accounting for the uncertainty of the channel balances. This enables us to express payment success probabilities for a given payment amount and a path. Applying negative Bernoulli trials for single- and multi-part payments allows us to compute the expected number of payment attempts for a given amount, sender, and receiver. As a consequence, we analytically derive the optimal number of parts into which one should split a payment to minimize the expected number of attempts. This methodology allows us to define service level objectives and quantify how much private information leaks to the sender as a side effect of payment attempts. We propose an optimized path selection algorithm that does not require a protocol upgrade. Namely, we suggest that nodes prioritize paths that are most likely to succeed while making payment attempts. A simulation based on the real-world LN topology shows that this method reduces the average number of payment attempts by 20% compared to a baseline algorithm similar to the ones used in practice. This improvement will increase to 48% if the LN protocol is upgraded to implement the channel rebalancing proposal described in BOLT14.

Sergei Tikhomirov, Rene Pickhardt, Alex Biryukov et al.

As Lightning network payments are neither broadcasted nor publicly stored. Thus LN has been seen not only as scalability but also as privacy solution for Bitcoin. The protocol guarantees that only the latest channel state can be confirmed on channel closure. LN nodes gossip about channels available for routing and their total capacities. To issue a (multi-hop) payment, the sender creates a route based on its local knowledge of the graph. As local channel balances are not public, payments often fail due to insufficient balance at an intermediary hop. In that case, the payment is attempted along multiple routes until it succeeds. This constitutes a privacy-efficiency tradeoff: hidden balances improve privacy but hinder routing efficiency. In this work, we show that an attacker can easily discover channel balances using probing. This takes under a minute per channel and requires moderate capital commitment and no expenditures. We describe the algorithm and test our proof-of-concept implementation on Bitcoin's testnet. We argue that LN's balance between privacy and routing efficiency is suboptimal: channel balances are neither well protected nor utilized. We outline two ways for LN to evolve in respect to this issue. To emphasize privacy, we propose a modification of error handling that hides details of the erring channel from the sending node. This would break our probing technique but make routing failures more common, as the sender would not know which channel from the attempted route has failed. To improve efficiency, we propose a new API call that would let the sender query balances of channels that it is not a party of. We argue that combining these approaches can help LN take the best of both worlds: hide private data when feasible, and utilize public data for higher routing efficiency.

Rene Pickhardt, Mariusz Nowostawski

Making a payment in a privacy-aware payment channel network is achieved by trying several payment paths until one succeeds. With a large network, such as the Lightning Network, a completion of a single payment can take up to several minutes. We introduce a network imbalance measure and formulate the optimization problem of improving the balance of the network as a sequence of rebalancing operations of the funds within the channels along circular paths within the network. As the funds and balances of channels are not globally known, we introduce a greedy heuristic with which every node despite the uncertainty can improve its own local balance. In an empirical simulation on a recent snapshot of the Lightning Network we demonstrate that the imbalance distribution of the network has a Kolmogorov-Smirnoff distance of 0.74 in comparison to the imbalance distribution after the heuristic is applied. We further show that the success rate of a single unit payment increases from 11.2% on the imbalanced network to 98.3% in the balanced network. Similarly, the median possible payment size across all pairs of participants increases from 0 to 0.5 mBTC for initial routing attempts on the cheapest possible path. We provide an empirical evidence that routing fees should be dropped for proactive rebalancing operations. Executing 4 different strategies for selecting rebalancing cycles lead to similar results indicating that a collaborative approach within the friend of a friend network might be preferable from a practical point of view