Security researcher and developer Antoine Riard is withdrawing from Lightning Network development, citing security issues and fundamental challenges to the bitcoin ecosystem.
According to a thread on the Linux Foundation’s public mailing list, Riard believe The bitcoin community faces a “tough dilemma” as a new class of cyclical replacement attacks puts Lightning in a “dangerous position.”
How does a cyclic lightning replacement attack work?
There is a lot of discussion about this newly discovered vulnerability on mailing lists, but the actual mechanism is a bit difficult to follow.
So here’s an illustrated introduction…
1/n pic.twitter.com/mvvS8bEc5f
– mononaut (@mononautical) October 21, 2023
Lightning Network is the second layer solution built on top of the bitcoin blockchain. It is designed to improve the scalability and efficiency of bitcoin transactions by enabling off-chain peer-to-peer transactions.
Through the Lightning Network, users can open payment channels, make multiple transactions off-chain, and settle the final result on the bitcoin blockchain. The cyclical replacement attack targets these payment channels. It is a new type of attack that allows the attacker to steal funds from a channel participant by exploiting inconsistencies between individual mempools. According to Riard:
“I think this new class of cyclic replacement attacks puts lightning in a very dangerous position, where a sustainable solution can only be achieved at the base layer, for example by adding memory-intensive transaction history or some update consensus. Implemented mitigations are worth something against simple attacks, although I don’t think they are stopping advanced attackers as stated in the first full disclosure email.”
Riard also noted that addressing the new type of attack may require changes to the underlying bitcoin network:
“Those types of changes are those that require maximum transparency and acceptance from the community as a whole, since we are altering the processing requirements of full nodes or the security architecture of the entire decentralized bitcoin ecosystem.”
Lightning developers face challenges, including criticism around the complexity of the network and the demands placed on the user experience. Since its inception in 2018, the Layer 2 network has grown in popularity, with the total value locked reaching $159.5 million at the time of writing. according to DefiLlama data. However, this figure is still very modest compared to bitcoin‘s market capitalization of $587 billion.
Riard plans to focus now on core bitcoin development, but warned of upcoming challenges for the main cryptocurrency ecosystem:
“On the other hand, to fully explain why such changes would be justified for the sake of enlightenment and to design them well, we may need to fully expose the practical and critical attacks on a ~5,355 btc public ecosystem. A dilemma difficult. There could be a lesson in terms of implementation of the bitcoin protocol (…)”
Magazine: Recursive Inscriptions: bitcoin and btc DeFi ‘Supercomputer’ Coming Soon
