Run #LND? get a #TOR running partner

#lightning #privacy #research

Payment Censorship in the Lightning Network Despite Encrypted Communication - Charmaine Ndolo & Florian Tschorsch, 2024

"5.2 Towards a solution

...

The purpose of doing so is to utilise Tor’s implementation of WTF-PAD and not for Tor’s privacy properties. We issued payments in both directions, closed the channel and finally the TCP connection. Not only did all packets have the same packet length (as is expected when using Tor), but the flow of transmitted packets included packets that did not originate from the application.

Consequently, we were not able to detect which packets belonged to which Lightning message by manually inspecting the capture. The rule-based state machine is therefore no longer capable of distinguishing application messages based on the network traces alone. In fact, we conjecture that this approach offers a high degree of protection for

the LN against more sophisticated fingerprinting techniques by network-level adversaries as basically all size and timing features are destroyed.

...

Specifically, we concurrently captured the packets sent locally between the LND node and the Tor SOCKS5 proxy, as well

as the packets sent between the Tor process and Tor network. The former provides data on the packets that actually come from the application while the latter provides data on what a network-level attacker would observe. The captures show a total of 14, 824 bytes transmitted

in 379 TCP packets to/from LND and 929, 596 bytes in 3191 TCP packets to/from the Tor network. This equates to an increase of ≈ 6170% in bandwidth when using Tor. The captures also show a peak rate of 0.116 Mbit/s when using Tor, which clearly should not cause any problems for LN nodes while maintaining their current hardware configurations."