Strategic Analysis of Griefing Attack in Lightning Network

Hashed Timelock Contract (\emph{HTLC}) in Lightning Network is susceptible to a \emph{griefing attack}. An attacker can block several channels and stall payments by mounting this attack. A state-of-the-art countermeasure, Hashed Timelock Contract with Griefing-Penalty (\emph{HTLC-GP}) is found to work under the classical assumption of participants being either honest or malicious but fails for rational participants. To address the gap, we introduce a game-theoretic model for analyzing griefing attacks in \emph{HTLC}. We use this model to analyze griefing attacks in \emph{HTLC-GP} and conjecture that it is impossible to design an efficient protocol that will penalize a malicious participant with the current Bitcoin scripting system. We study the impact of the penalty on the cost of mounting the attack and observe that \emph{HTLC-GP} is \emph{weakly effective} in disincentivizing the attacker in certain conditions. To further increase the cost of attack, we introduce the concept of \emph{guaranteed minimum compensation}, denoted as $\zeta$, and modify \emph{HTLC-GP} into $\textrm{HTLC-GP}^{\zeta}$. By experimenting on several instances of Lightning Network, we observe that the capacity locked in the network drops to $28\%$ for $\textrm{HTLC-GP}^{\zeta}$ whereas the capacity locked does not drop below $40\%$ for \emph{HTLC-GP}. These results justify that $\textrm{HTLC-GP}^{\zeta}$ is better than \emph{HTLC-GP} to counter griefing attacks.