📅 Original date posted:2020-02-20
📝 Original message:
lisa neigut <niftynei at gmail.com> writes:
>> With PoDLE this would not be possible I think, as you would not be able
> to open the PoDLE commitment with the other node as the target (if we go
> with the modified PoDLE which also commits to which node an opening is for,
> to prevent the pouncing venus flytrap attack).
>
> Good question. It should be possible to do multi-channel open even with the
> PoDLE signature committing to a node_id.
>
> - An initiator can use the same utxo (h2) as their proof for multiple
> peers; the signatures passed to each peer will have to commit to that
> specific peer's node_id, however.
> - The revised PoDLE signature commitment requires every initiator to
> include at least one of their own inputs in the tx. Attempting to initiate
> an additional open etc using someone else's utxo's won't work (this is the
> pouncing venus flytrap attack which we're preventing). The initiator
> including at least one input is expected behavior, at least in the open
> case, since the opener has to cover the fees for the funding output.
> - Ideally, a node would remove the PoDLE TLV data from any 'forwarded'
> `tx_add_inputs` that isn't the input they're proving for, to prevent
> leaking information about which inputs belong to other parties. I say
> ideally here because even if you fail to do this, the peer can iterate
> through all the provided commitment proofs until one of them
> matches/verifies with the upfront provided PoDLE.
Yes, you need to PoDLE your own contribution I think, which means you
need one UTXO per contributor in the N-way-open who you want to
contribute a UTXO.
Consider Alice trying to create a single-tx to open a channel with both
Bob and Carol, and wants *both* of them to also contribute.
Alice sends her own UTXO1 with proof to Bob, he shares his UTXO back.
Alice sends her own UTXO2 with proof to Carol, she shares a UTXO back.
Alice sets the lower bit on the serial_id from Bob and sends to Carol,
and sets the lower on the serial_id from Carol and sends to Bob. She
similarly reflects everything from Carol to Bob and vice-versa, and
sends both of them the two "channel opening" outputs.
Now all parties have the same tx; unless Bob and Carol chose the same
serial_ids (spec says random, but Bob and Carol don't get along). But
this is trivially identifiable, and you give up on mutual opening.
Cheers,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 12:58:41
in reply to nevent1q…ge06
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 12:58:41Event JSON
{
"id": "77f50d15f95f36bb9cecee5100a65e3467ed26d4fc5732470a85a1a87e1ec9d9",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686315521,
"kind": 1,
"tags": [
[
"e",
"c218110e24b04f0c1c5d2dd6e63487b0dca619f1f570c991ff7f4dc7c65213bd",
"",
"root"
],
[
"e",
"4bad3522ece3218fe240a11263f456ad6a205ba7dc4947a4fa8f7c4856537746",
"",
"reply"
],
[
"p",
"804770eb58d163d63f0f996fd6bebabe1b8c582a5dd544cf61bba0bc5335720a"
]
],
"content": "📅 Original date posted:2020-02-20\n📝 Original message:\nlisa neigut \u003cniftynei at gmail.com\u003e writes:\n\u003e\u003e With PoDLE this would not be possible I think, as you would not be able\n\u003e to open the PoDLE commitment with the other node as the target (if we go\n\u003e with the modified PoDLE which also commits to which node an opening is for,\n\u003e to prevent the pouncing venus flytrap attack).\n\u003e\n\u003e Good question. It should be possible to do multi-channel open even with the\n\u003e PoDLE signature committing to a node_id.\n\u003e\n\u003e - An initiator can use the same utxo (h2) as their proof for multiple\n\u003e peers; the signatures passed to each peer will have to commit to that\n\u003e specific peer's node_id, however.\n\u003e - The revised PoDLE signature commitment requires every initiator to\n\u003e include at least one of their own inputs in the tx. Attempting to initiate\n\u003e an additional open etc using someone else's utxo's won't work (this is the\n\u003e pouncing venus flytrap attack which we're preventing). The initiator\n\u003e including at least one input is expected behavior, at least in the open\n\u003e case, since the opener has to cover the fees for the funding output.\n\u003e - Ideally, a node would remove the PoDLE TLV data from any 'forwarded'\n\u003e `tx_add_inputs` that isn't the input they're proving for, to prevent\n\u003e leaking information about which inputs belong to other parties. I say\n\u003e ideally here because even if you fail to do this, the peer can iterate\n\u003e through all the provided commitment proofs until one of them\n\u003e matches/verifies with the upfront provided PoDLE.\n\nYes, you need to PoDLE your own contribution I think, which means you\nneed one UTXO per contributor in the N-way-open who you want to\ncontribute a UTXO.\n\nConsider Alice trying to create a single-tx to open a channel with both\nBob and Carol, and wants *both* of them to also contribute.\n\nAlice sends her own UTXO1 with proof to Bob, he shares his UTXO back.\nAlice sends her own UTXO2 with proof to Carol, she shares a UTXO back.\nAlice sets the lower bit on the serial_id from Bob and sends to Carol,\nand sets the lower on the serial_id from Carol and sends to Bob. She\nsimilarly reflects everything from Carol to Bob and vice-versa, and\nsends both of them the two \"channel opening\" outputs.\n\nNow all parties have the same tx; unless Bob and Carol chose the same\nserial_ids (spec says random, but Bob and Carol don't get along). But\nthis is trivially identifiable, and you give up on mutual opening.\n\nCheers,\nRusty.",
"sig": "6735c261bfd6a11f484d636ae528793fafe44b43e6505f7f8178068ec0a8e9244405d1a26302167da4a04f05c33c0a2b728bf1100a2dfb26eb2b79eb5e3cb7a8"
}