Latency and Privacy in Lightning

Posted by MattCorallo

Jun 2, 2025/19:01 UTC

In the exploration of security vulnerabilities within payment networks, a specific focus is directed toward off-path attacks and their feasibility without extensive pathfinding by the attacker. Off-path attacks are considered especially pertinent in scenarios where the attacker has visibility over network messages across several or critical points of the payment path, such as the initial and final hops. This visibility, coupled with the timing of payments and assuming a moderate flow without deliberate delays, could potentially allow attackers to deduce payment details. The discussion raises questions about the effectiveness of adding intermediate hops as a countermeasure, suggesting that even with one or two additional hops, the attack might still be feasible.

Further analysis touches upon the distinction between on-path attacks and those conducted by network attackers with partial visibility of the payment path. The latter can infer certain details about the payment, albeit with less precision than an on-path attacker who has access to more comprehensive data. The conversation also delves into the implications of transitioning from pre-PTLC (Point Time-Locked Contracts) to post-PTLC environments. In a pre-PTLC context, the payment hash serves as a direct indicator for tracking payments. However, post-PTLC, while the amount becomes a significant piece of information, it's not infallible. The introduction of delays is suggested as a method to diminish the accuracy of amount-based classification by attackers, thereby enhancing security against both on-path and partial visibility attacks.

Link to Raw Post
Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback