Published on: 2023-07-26T01:30:20+00:00
A potential security risk has been identified in the Lightning Network (LN) where a third-party eavesdropper can deduce the content of messages by analyzing packet sizes. To address this, it is proposed to ensure uniform packet sizes in the BOLT8 specification. The solution involves transforming the object responsible for encrypting messages into a "buffer" in addition to being a tunnel encrypter. This modified object will have entry points for sending BOLT8 messages and flushing the buffer. It will maintain an internal buffer of fixed size, transmitting it as a packet when full, ensuring uniform packet sizes. The "flush" entry point appends a `pong` message to pad the buffer until it reaches capacity. Handling overflow scenarios is also important. Incorporating the `pong` message into the stream of BOLT8 messages allows combining multiple messages into a single fixed-size packet or sequence of packets. A randomized timer can be used to trigger a self-flush operation to enhance robustness against bugs. It is recommended to match the buffer size with the packet size of `update_add_htlc` for optimal latency. These measures strengthen the security of communication between LN nodes.
Updated on: 2023-08-11T15:52:24.298926+00:00