1 Privacy Threat Landscape
Payment channel networks leak information at three distinct layers. Click each layer to expand details about what information escapes, who can observe it, and how severe the exposure is.
-
CRITBalance ProbingAttacker sends carefully crafted HTLC payments to infer the exact liquidity distribution in each channel. Binary search converges to 1-sat precision in ~20 probes at near-zero cost.
-
HIGHCapacity Inference (ML)Machine learning on public gossip data (BOLT #7) can predict balance split with ~78% accuracy — no active probing required.
-
MEDGraph TopologyFull channel graph is publicly announced via gossip. Centrality analysis reveals hub nodes, and topology fingerprints nodes even without on-chain links.
-
CRITHTLC Correlation (Wormhole)In HTLC-based LN, the same payment hash is visible to all intermediate hops. Malicious nodes spanning multiple positions can link sender ↔ receiver. PTLC eliminates this.
-
HIGHAmount CorrelationIntermediate nodes see payment amounts. Unique amounts (e.g., exactly 123,456 sat) can be correlated across multiple hops to reconstruct full payment path.
-
MEDFee Pattern AnalysisFee deductions reveal position in route. Last hop pays no fee deduction; first hop sees full amount. Together with timing, route length can be inferred.
-
MEDPayment TimingHTLC lock times are decremented hop-by-hop. A node can bound its position within the route from its observed CLTV value versus network defaults (shadow routing partially mitigates).
-
HIGHIP Address ExposureLN peers connect via TCP/IP. Node IP addresses are announced in gossip (node_announcement). ISPs, governments, or passive observers can link IP → node pubkey → identity.
-
MEDTiming AttacksMonitoring when a node forwards HTLCs (visible to direct peers as TCP traffic bursts) can infer payment timing. Cross-correlation with other nodes narrows route membership.
-
LOWP2P Gossip AnalysisBOLT #7 gossip messages propagate channel announcements with funding txids. Sybil nodes can map gossip propagation to infer network topology and node connectivity.
Information Accessibility by Attacker Position
2 Balance Probing Attack — Step by Step
An attacker learns the exact liquidity in any channel using binary search over failed HTLCs. Each probe costs nearly nothing (failed payments don't pay routing fees in legacy LN).
3 ML Balance Inference (Davis et al. 2023)
Machine learning can infer channel balance distributions from public gossip data alone — no active probing required. A Random Forest trained on historical LN snapshots achieves ~78% directional accuracy.
4 Cross-Layer Deanonymization (Romiti et al.)
Combining on-chain blockchain analysis with off-chain LN gossip allows a passive observer to link Bitcoin UTXOs to LN node identities, IP addresses, and payment patterns — all from public data.
On-Chain Blockchain Analysis HIGH
Data used: Bitcoin blockchain — all transactions are public. Channel open transactions create 2-of-2 multisig outputs with a distinctive UTXO pattern. Taproot channels reduce (but don't eliminate) this fingerprint.
What is revealed: Funding UTXO amount, creation time, spending patterns. Can identify likely LN channel opens by heuristic (cooperative vs force-close signatures).
LN Gossip Analysis — BOLT #7 CRIT
Data used: LN gossip messages. channel_announcement messages include the funding txid directly — this is by protocol design (proof of on-chain existence).
This creates a direct, explicit link: UTXO → LN channel → node pubkeys of both channel partners. No heuristics needed; it is in the specification.
IP Address Correlation HIGH
Data used: node_announcement gossip messages include the node's IP address and port. TCP connections between LN peers are directly observable by ISPs or network-level adversaries.
Linking chain: IP address → LN node pubkey → Bitcoin funding address → channel partners. Tor addresses (onion routing) protect against this, but many nodes do not use Tor.
Payment Tracing via Route Hints MED
Data used: BOLT #11 invoices contain route hints that reveal the receiver's channel partners (for private channels). A receiver with one channel exposes that channel partner in every invoice.
Mitigation: Route blinding (BOLT #12 / BLIP-0039) hides receiver hops behind a blinded path. The sender only knows the entry point of the blinded route, not the final recipient node.
5 Wormhole Attack Visualization
In HTLC-based routing, a malicious node controlling two positions in a route can steal intermediate routing fees and violate payment atomicity. PTLCs (Point Time-Lock Contracts) eliminate this attack.
Honest 4-hop route. Each node forwards the HTLC to the next hop, collecting its routing fee when the preimage propagates back.
Bob controls two nodes (Bob and Bob2). He routes the payment internally, bypassing Carol entirely — collecting Carol's fee while she still pays.
With PTLCs (Point Time-Lock Contracts), each hop uses an independent scalar tweak. Bob cannot link his upstream and downstream positions — the wormhole attack is impossible.
6 Privacy Defense Comparison Matrix
Hover or click any cell for a detailed explanation of why a defense addresses (or fails to address) each threat category.
| Defense | Balance Probing | HTLC Correlation | Deanonymization | Cross-Layer | Status |
|---|
7 Twilight — Differential Privacy for Balance Probing
Twilight adds calibrated Laplace noise to HTLC failure error messages, making it statistically indistinguishable whether a payment failed due to insufficient balance at X vs X+1. Adjust ε to explore the privacy-efficiency tradeoff.
The Laplace mechanism adds noise drawn from Lap(0, 1/ε) to the threshold used in error message generation. Formally, for adjacent balance states b and b+1:
P(response | balance=b) / P(response | balance=b+1) ≤ e^ε
Small ε → strong indistinguishability → more noise → more routing failures as nodes incorrectly report insufficient balance when they have enough. Large ε → weak privacy → less noise → behavior approximates non-private LN.
Twilight (NDSS 2023): Implements this in a TEE (Intel SGX) so the node's own software cannot bias the noisy responses — preventing a malicious node operator from selectively disabling the privacy mechanism for targeted users.