Author: Joseph Poon 2016-08-11 04:16:26
Published on: 2016-08-11T04:16:26+00:00
Rusty Russell, a Bitcoin expert, has raised concerns about the security of Lightning Network (LN) which is a system for instant payments that relies on smart contracts. He stated that the eye-witness script used in LN is subject to attacks whereby funds can be stolen from payment channels by attackers who have previously closed the channel. This happens when they broadcast an older version of the channel's state and thereby invalidating later transactions. Rusty Russell further added that this scenario would happen if a breach remedy transaction was used as the mechanism for closing a channel instead of revocable sequence maturity contract (RSMS), as the former provides the watchtower with access to the secret key that allows them to publish the old channel state. Russell suggested using an HMAC of the non-witness transaction as the final step in shachain/elkrem to establish a single leaf. This would work even if revocation hashes are used instead of revocation pubkey. However, it assumes that there are no unknown malleability issues on signatures, which makes some crypto experts nervous. Russell also mentioned that the proposed solution assumes that witnesses can't be set up such that our signature is not second or third in the witness element. Joseph Poon, co-author of the Lightning Network whitepaper, chimed in the discussion, agreeing with Russell's point that the simpler solution may be best. He suggested using a hash function to prevent attackers from stealing funds from the payment channels.
Updated on: 2023-05-24T00:12:37.751505+00:00