Towards a Formal Verification of the Lightning Network with TLA+

Payment channel networks are an approach to improve the scalability of blockchain-based cryptocurrencies. Because payment channel networks are used for transfer of financial value, their security in the presence of adversarial participants should be verified formally. We formalize the protocol of the Lightning Network, a payment channel network built for Bitcoin, and show that the protocol fulfills the expected security properties. As the state space of a specification consisting of multiple participants is too large for model checking, we formalize intermediate specifications and use a chain of refinements to validate the security properties where each refinement is justified either by model checking or by a pen-and-paper proof

Do Payment Channel Networks Need a Blockchain? - Rethinking Blockchain Layers

One of the fundamental problems in designing digital currencies is the prevention of double-spends. The breakthrough of Bitcoin lies in its seminal idea to use a global blockchain to verify whether a coin has already been spent. Bitcoin’s approach to prevent double-spends, however, has the drawback that it does not scale in the number of transactions issued per second. To address this problem, current research explores building second layer architectures on top of the blockchain, such as payment channel networks. Although these architectures use a blockchain as their underlying layer, they need to solve the problem of preventing double-spends again. As it seems inefficient to solve the same problem multiple times, we explore whether payment channel networks with their way of preventing double-spends can be used to create an architecture for digital payments that is to some extent decentralized but does not require a blockchain as its underlying layer. A payment channel requires from its underlying layer a way to lock a channel’s funds during the lifetime of the channel. Instead of locking funds on a blockchain, this can be implemented by depositing funds at a trusted third party who is trusted to make the funds available again upon channel closure. In our current financial system, users deposit money into their bank accounts and trust their bank to make these funds available upon request. Making use of this trust, we build on the ideas of Tremback et al. and propose an architecture for a payment channel network where banks, or similar entities, perform the role of the underlying blockchain. In this architecture, a bank provides each channel with a unique identifier and locks a channel’s funds. When one party closes the channel, the bank informs the other party. In case of dispute about the channel’s closing state, the bank has to decide which state is most current and close the channel accordingly. By connecting multiple payment channels, a payment channel network can be created, which allows for decentralized payments using traditional currencies. Similar to cash, single payments cannot be tracked by banks in this architecture. To prevent the architecture from attracting illegal activities, the capacity of payment channels could be limited to a maximum value. Compared to exchanging traditional currencies for cryptocurrencies to use a payment channel network, this architecture removes the cost of currency exchanges and the risk introduced by exchange rate fluctuations

Verifying Payment Channels with TLA+

A payment channel protocol does not only have to provide the payment functionality, it also has to fulfill security guarantees such as ensuring that an honest party receives their correct balance. For complexity reasons, it is typically difficult to assess the security of such a protocol or to find counterexamples in insecure protocols. In this poster, we present an approach to specify functional as well as security properties for a payment channel protocol in TLA+ and show that a Lightning Network-style protocol fulfills the required properties. In case a counterexample is found, we provide protocol developers with a graphical and intuitive output. We present the challenges we faced and our approach to meeting these challenges

Decentralizing Watchtowers for Payment Channels using IPFS

Payment channels have been proposed as a way to improve the scalability of blockchains such as Bitcoin. However, payment channel protocols require that participating parties watch the blockchain regularly for new transactions. If a party observes, in a given period of time, a fraudulent transaction that closes the payment channel in an outdated state, the fraudulent transaction can be revoked. Previous work has proposed to outsource this task to a third party, a so called watchtower. A user of a payment channel employs a dedicated watchtower and sends the data to the watchtower that the watchtower requires to revoke fraudulent transactions. In this paper, we replace the strict binding of a user to a watchtower by a decentralized approach for watchtowers that requires no direct interaction between a party of a payment channel and the watchtower. This decentralized approach uses IPFS to publicly store the information required by a watchtower. With this approach, anyone can detect and revoke a fraud by watching the blockchain and reading a file from IPFS that contains information for each outdated commitment transaction. A reward for successful revocations can be used as incentive

Finding Temporally Consistent Occlusion Boundaries in Videos using Geometric Context

We present an algorithm for finding temporally consistent occlusion boundaries in videos to support segmentation of dynamic scenes. We learn occlusion boundaries in a pairwise Markov random field (MRF) framework. We first estimate the probability of an spatio-temporal edge being an occlusion boundary by using appearance, flow, and geometric features. Next, we enforce occlusion boundary continuity in a MRF model by learning pairwise occlusion probabilities using a random forest. Then, we temporally smooth boundaries to remove temporal inconsistencies in occlusion boundary estimation. Our proposed framework provides an efficient approach for finding temporally consistent occlusion boundaries in video by utilizing causality, redundancy in videos, and semantic layout of the scene. We have developed a dataset with fully annotated ground-truth occlusion boundaries of over 30 videos ($5000 frames). This dataset is used to evaluate temporal occlusion boundaries and provides a much needed baseline for future studies. We perform experiments to demonstrate the role of scene layout, and temporal information for occlusion reasoning in dynamic scenes.Comment: Applications of Computer Vision (WACV), 2015 IEEE Winter Conference o

Exploiting Transaction Accumulation and Double Spends for Topology Inference in Bitcoin

Bitcoin relies on a peer-to-peer network for communication between participants. Knowledge of the network topology is of scientific interest but can also facilitate attacks on the users’ anonymity and the system’s availability. We present two approaches for inferring the network topology and evaluate them in simulations and in real-world experiments in the Bitcoin testnet. The first approach exploits the accumulation of multiple transactions before their announcement to other peers. Despite the general feasibility of the approach, simulation and experimental results indicate a low inference quality. The second approach exploits the fact that double spending transactions are dropped by clients. Experimental results show that inferring the neighbors of a specific peer is possible with a precision of 71 % and a recall of 87 % at low cost

Banklaves: Concept for a Trustworthy Decentralized Payment Service for Bitcoin

We explore challenges of and present a concept for a decentralized payment service which is based on trusted execution environments. The system guarantees that users can always cash out their funds without depending on the cooperation of other network members, hence minimizing the trust required in other network members. We present an overview of the system, motivate key components for a secure architecture and provide a communication protocol. We prove that the payment service users can cash out their funds at any time without any dependence on other network members

On the Estimation of the Number of Unreachable Peers in the Bitcoin P2P Network by Observation of Peer Announcements

Bitcoin is based on a P2P network that is used to propagate transactions and blocks. While the P2P network design intends to hide the topology of the P2P network, information about the topology is required to understand the network from a scientific point of view. Thus, there is a natural tension between the \u27desire\u27 for unobservability on the one hand, and for observability on the other hand. On a middle ground, one would at least be interested on some statistical features of the Bitcoin network like the number of peers that participate in the propagation of transactions and blocks. This number is composed of the number of reachable peers that accept incoming connections and unreachable peers that do not accept incoming connections. While the number of reachable peers can be measured, it is inherently difficult to determine the number of unreachable peers. Thus, the number of unreachable peers can only be estimated based on some indicators. In this paper, we first define our understanding of unreachable peers and then propose the PAL (Passive Announcement Listening) method which gives an estimate of the number of unreachable peers by observing ADDR messages that announce active IP addresses in the network. The PAL method allows for detecting unreachable peers that indicate that they provide services useful to the P2P network. In conjunction with previous methods, the PAL method can help to get a better estimate of the number of unreachable peers. We use the PAL method to analyze data from a long-term measurement of the Bitcoin P2P network that gives insights into the development of the number of unreachable peers over more than five years from 2015 to 2020. Results show that about 31,000 unreachable peers providing useful services were active per day at the end of the year 2020. An empirical validation indicates that the approach finds about 50 % of unreachable peers that provide useful services

On the Peer Degree Distribution of the Bitcoin P2P Network

A recent spam wave of IP addresses in the Bitcoin P2P network allowed us to estimate the degree distribution of reachable peers. The resulting distribution indicates that about half of the reachable peers run with Bitcoin Core’s default setting of a maximum of 125 concurrent connections and nearly all connection slots are taken. We validate this result empirically. We use our observations of the spam wave to group IP addresses that belong to the same peer. By doing this grouping, we improve on previous measurements of the number of reachable peers and show that simply counting IP addresses overestimates the number of reachable peers by 15 %. We revalidate previous work by using our observations to estimate the number of unreachable peers