The Lightning Network, as Bitcoin’s second layer for instant payments and greater transaction privacy, requires a matching degree of security robustness. However, due to the differences in its architecture from Bitcoin, the means to guarantee the honesty of participants can’t rely on the same Nakamoto Consensus design. The intricacies of payment channels and network synchronization must punish malevolent operations in an efficient way which deters such behavior.
This is exactly why section Pi (3.1.4) of the Lightning Network white paper introduces a game theory mechanism through which malevolent parties who violate their agreement lose all the money in the channel. After testing this “Justice Transaction” system, the BitMEX Research team recently published empirical evidence which seems to demonstrate its efficiency and efficacy. The data has been collected by the research team since Lightning’s mainnet deployment in late 2017, and the numbers look very promising.More specifically, even in the absence of the upcoming watchtowers, there have been 241 instances in which cheating has been prevented automatically by the client software. The total saved this way amounts to 2.22 BTC, potentially.
"This does not necessarily mean thieves tried and failed to steal 2.22 BTC, as the dishonest nodes may have punished thieves by an amount larger than the value they tried to steal," the report notes.
Furthermore, it points out that it is “also possible that many of the 241 justice transactions do not indicate genuine dishonesty; for instance, it could be users testing the system, where the same user owns both lightning nodes in question. For example BitMEX Research is responsible for 5 of the 241 justice transactions, when there was no victim, as BitMEX owned all the nodes and funds.”
Lightning Labs CEO Elizabeth Stark echoes the clarification that these preventions don’t necessarily indicate attempted fraud.
“I believe most of those were either tests or errors where the funds were returned. So the marketing as ‘thieves’ is misleading,” she said.
The next section will describe the nature of “Justice Transactions” and how malevolent actors can attempt to steal funds from offline channels with which they are connected. As a way to preemptively counter theft, you should never leave your node offline for longer than the consensual time established for closing channels without consent (usually 24 hours).
What Are Lightning ‘Justice Transactions’?
Let’s consider the never-ending transactional affair between Alice and Bob. If they open a Lightning channel between themselves, then they can send each other BTC amounts proportional to the input value. For the sake of convenience, let’s say that they both put in 1 million satoshis (0.01 BTC).
If Alice and Bob both keep their nodes online at all times while transacting, then everything is going to be just fine. It means that, whenever either party decides to close the channel, they’re going to have a consensual scenario where the amounts returning on the main chain follow the exact history of transactions. This can happen cooperatively if they both close the channel, or non-cooperatively if only one of them initiates the settlement and the established closing time passes without an action on the other side. However, this is the ideal state of affairs where nobody can become a victim of theft.
In order for Alice to steal Bob’s funds, she must attempt to close the channel non-cooperatively (without the knowledge of the other party) and speculate at a moment when the other side is not online. If these conditions are met, then Alice will broadcast an older channel state and hope that Bob will not get online within the established time (usually 24 hours) to automatically set the record straight.
Bob’s node knows that the transaction history is different from Alice’s malevolent revisionism, and it will engage the justice system if the internet connection (or power) gets restored before the time limit. If Alice is successful in her attempt, then she will irreversibly steal funds she illegitimately requested from Bob due to the channel closing and the transaction being written in a Bitcoin block. But if Bob returns within the time limit, then Alice will be penalized by losing all of the 0.1 BTC she put in the channel.
In order to test the efficiency of the “Justice Transaction,” the BitMEX research team replicated the steps described above with two of their nodes. The result was positive and pointed toward a great efficiency of the system — their “BitMEXThief” node has lost the 400,000 satoshis with which it opened a channel with “BitMEXResearch.”
This kind of experimentation is useful at a social and engineering level: It creates a greater amount of trust in Lightning by proving its security, while also helping developers understand where their efforts should be directed. As adoption grows and more users integrate the quick and private transactions on Bitcoin’s second layer, the robustness should follow.