📅 Original date posted:2015-10-19
📝 Original message:
On Mon, Oct 19, 2015 at 09:45:34AM +0200, Mats Jerratsch wrote:
> All of your assumptions have the premise though, that choosing a
> 'good' vs a 'bad' guy is pure probability, like picking the right ball
> out of a bag. [...]
Three sorts of attack:
- Vandals randomly join the lightning network with dysfunctional nodes.
They don't have special powers to corrupt your network, and aren't
targetting anyone in specific, just trying to damage things because
they think lightning is a bad idea and want to stop it happening.
This is just a denial of service attack. This is the class of attack
that gives the "pure probability" of hitting a bad node.
- Sybil attack, where someone is targetting you personally, and
controlling all the nodes you connect to. This is the "compromised
wifi or ISP" case, and afaics denial-of-service is trivial here,
so all you can reasonably do is detect that you can't send funds to
anyone usefully, and avoid locking up lots of funds while trying.
- Pervasive attack, where everyone in some large group is
simultaenously suffering from a sybil attack; eg the Chinese gov or an
ISP blocks lightning connections unless they're to one of its nodes,
so they always see both ends of payments between their victims. This
seems very expensive to pull off to me (you have to do deep inspection
of a whole bunch of people's internet connections), but I'm not sure
it can be effectively defended against. "Oh i was just forwarding
that to someone else" doesn't work if there wasn't any way you could
make a channel with anyone else (or if secretly forwarding payments
is criminal in itself).
> Think about an attacker who is able to MITM your internet connection,
> like the hotspot you connect to at a Cafe (or your ISP if hijacked).
> They can build locally a gigantic network, all pointing to the same
> node. You can't tell, and they don't have to necessarily just block
> your payments. (see above)
But you can tell, just by seeing whether a well-known third party's
lightning address is routable? If every node on your network is an
attacker's, then you won't see the third party's address.
If you do see a route to the third party (ie, Me -> Attacker -> Attacker
-> Attacker -> Bob -> Carol -> Third party), then you could work backwards
asking Carol and Bob to connect directly to you, which would get you a
non-attacker node with reasonable probability, assuming there are any.
I guess there's two ways in which a node is "on the network" -- one
is if it's reachable by p2p hopping ("Hey, what are your neighbours'
network addresses?" "Okay, connect to them and repeat"), the other if it's
routable over established channels. If you do a Sybil attack against p2p
hopping; my argument is you can still use the payment channels as a way
of connecting to other nodes. And if you do a Sybil attack against both
p2p hopping /and/ the graph of channels, then that's detectable because
well-known nodes simply won't appear in the graph.
> Only nuisance is that it requires either SPV or full node to check the
> anchor, but I kinda like the idea of having all (or a good amount) of
> lightning nodes be full bitcoin nodes as well.
You need to monitor the blockchain for spends of your own anchors
anyway, so that doesn't seem like a big additional limitation to me.
Cheers,
aj
Anthony Towns [ARCHIVE] /
npub17r…x9l2h
2023-06-09 12:44:50
in reply to nevent1q…pdl4
Author Public Key
npub17rld56k4365lfphyd8u8kwuejey5xcazdxptserx03wc4jc9g24stx9l2hPublished at
2023-06-09 12:44:50Event JSON
{
"id": "f53b613a6694b5250bca02fd23d06404d8c39ce9defa7c6ff0e95a09606cf10f",
"pubkey": "f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab",
"created_at": 1686314690,
"kind": 1,
"tags": [
[
"e",
"a852f7164f575698e067e8fc679f5003dd9087247fc7ef7f6067ab966288eef1",
"",
"root"
],
[
"e",
"ac0e4b5eee3bff3817d5594bb36bff69f54f88ccffbd8ba967f8bebfdcbaf528",
"",
"reply"
],
[
"p",
"b8a27d18150405cdfcd44c0dd8db860f5270312300248389bf57ce555c784528"
]
],
"content": "📅 Original date posted:2015-10-19\n📝 Original message:\nOn Mon, Oct 19, 2015 at 09:45:34AM +0200, Mats Jerratsch wrote:\n\u003e All of your assumptions have the premise though, that choosing a\n\u003e 'good' vs a 'bad' guy is pure probability, like picking the right ball\n\u003e out of a bag. [...]\n\nThree sorts of attack:\n\n - Vandals randomly join the lightning network with dysfunctional nodes.\n They don't have special powers to corrupt your network, and aren't\n targetting anyone in specific, just trying to damage things because\n they think lightning is a bad idea and want to stop it happening.\n This is just a denial of service attack. This is the class of attack\n that gives the \"pure probability\" of hitting a bad node.\n\n - Sybil attack, where someone is targetting you personally, and\n controlling all the nodes you connect to. This is the \"compromised\n wifi or ISP\" case, and afaics denial-of-service is trivial here,\n so all you can reasonably do is detect that you can't send funds to\n anyone usefully, and avoid locking up lots of funds while trying.\n\n - Pervasive attack, where everyone in some large group is\n simultaenously suffering from a sybil attack; eg the Chinese gov or an\n ISP blocks lightning connections unless they're to one of its nodes,\n so they always see both ends of payments between their victims. This\n seems very expensive to pull off to me (you have to do deep inspection\n of a whole bunch of people's internet connections), but I'm not sure\n it can be effectively defended against. \"Oh i was just forwarding\n that to someone else\" doesn't work if there wasn't any way you could\n make a channel with anyone else (or if secretly forwarding payments\n is criminal in itself).\n\n\u003e Think about an attacker who is able to MITM your internet connection,\n\u003e like the hotspot you connect to at a Cafe (or your ISP if hijacked).\n\u003e They can build locally a gigantic network, all pointing to the same\n\u003e node. You can't tell, and they don't have to necessarily just block\n\u003e your payments. (see above)\n\nBut you can tell, just by seeing whether a well-known third party's\nlightning address is routable? If every node on your network is an\nattacker's, then you won't see the third party's address.\n\nIf you do see a route to the third party (ie, Me -\u003e Attacker -\u003e Attacker\n-\u003e Attacker -\u003e Bob -\u003e Carol -\u003e Third party), then you could work backwards\nasking Carol and Bob to connect directly to you, which would get you a\nnon-attacker node with reasonable probability, assuming there are any.\n\nI guess there's two ways in which a node is \"on the network\" -- one\nis if it's reachable by p2p hopping (\"Hey, what are your neighbours'\nnetwork addresses?\" \"Okay, connect to them and repeat\"), the other if it's\nroutable over established channels. If you do a Sybil attack against p2p\nhopping; my argument is you can still use the payment channels as a way\nof connecting to other nodes. And if you do a Sybil attack against both\np2p hopping /and/ the graph of channels, then that's detectable because\nwell-known nodes simply won't appear in the graph.\n\n\u003e Only nuisance is that it requires either SPV or full node to check the\n\u003e anchor, but I kinda like the idea of having all (or a good amount) of\n\u003e lightning nodes be full bitcoin nodes as well.\n\nYou need to monitor the blockchain for spends of your own anchors\nanyway, so that doesn't seem like a big additional limitation to me.\n\nCheers,\naj",
"sig": "55fdeff36837e48ae18ab033b687fe236e8c842cf40235efac211fb7750251385aaa479a1c232afd284cf5729c65273d225771c6f8d1f04709c788e63d4b8541"
}