Posted by MattCorallo
Jun 2, 2025/19:01 UTC
In the exploration of security vulnerabilities within payment networks, a specific focus is directed toward off-path attacks and their feasibility without extensive pathfinding by the attacker. Off-path attacks are considered especially pertinent in scenarios where the attacker has visibility over network messages across several or critical points of the payment path, such as the initial and final hops. This visibility, coupled with the timing of payments and assuming a moderate flow without deliberate delays, could potentially allow attackers to deduce payment details. The discussion raises questions about the effectiveness of adding intermediate hops as a countermeasure, suggesting that even with one or two additional hops, the attack might still be feasible.
Further analysis touches upon the distinction between on-path attacks and those conducted by network attackers with partial visibility of the payment path. The latter can infer certain details about the payment, albeit with less precision than an on-path attacker who has access to more comprehensive data. The conversation also delves into the implications of transitioning from pre-PTLC (Point Time-Locked Contracts) to post-PTLC environments. In a pre-PTLC context, the payment hash serves as a direct indicator for tracking payments. However, post-PTLC, while the amount becomes a significant piece of information, it's not infallible. The introduction of delays is suggested as a method to diminish the accuracy of amount-based classification by attackers, thereby enhancing security against both on-path and partial visibility attacks.
TLDR
We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.
We'd love to hear your feedback on this project?
Give Feedback