📅 Original date posted:2020-10-13
📝 Original message:
I think the mechanism can indeed create interesting dynamics, but not in
a good sense :-)
>> I can still establish channels to various low-reputation nodes, and
>> then use them to grief a high-reputation node. Not only do I get to
>> jam up the high-reputation channels, as a bonus I get the
>> low-reputation nodes to pay for it!
>
> So you're saying:
>
> ATTACKER --(no hold fee)--> LOW-REP --(hold fee)--> HIGH-REP
>
> If I were LOW-REP, I'd still charge an unknown node a hold fee. I
> would only waive the hold fee for high-reputation nodes. In that case,
> the attacker is still paying for the attack. I may be forced to take a
> small loss on the difference, but at least the larger part of the pain
> is felt by the attacker. The assumption is that this is sufficient
> enough to deter the attacker from even trying.
The LOW-REP node being out of pocket is the clue here: if one party
loses funds, even a tiny bit, another party gains some funds. In this
case the HIGH-REP node collaborating with the ATTACKER can extract some
funds from the intermediate node, allowing them to dime their way to all
of LOW-REP's funds. If an attack results in even a tiny loss for an
intermediary and can be repeated, the intermediary's funds can be
syphoned by an attacker.
Another attack that is a spin on ZmnSCPxj's waiting to backpropagate the
preimage is even worse:
- Attacker node `A` charging hold fees receives HTLC from victim `V`
- `A` does not forward the HTLC, but starts charging hold fees
- Just before the timeout for the HTLC would force us to settle onchain
`A` just removes the HTLC without forwarding it or he can try to
forward at the last moment, potentially blaming someone else for its
failure to complete
This results in `A` extracting the maximum hold fee from `V`, without
the downstream hold fees cutting into their profits. By forwarding as
late as possible `A` can cause a downstream failure and look innocent,
and the overall payment has the worst possible outcome: we waited an
eternity for what turns out to be a failed attempt.
Cheers,
Christian
Christian Decker [ARCHIVE] /
npub1wt…gtuyn
2023-06-09 13:01:11
in reply to nevent1q…ev8p
Author Public Key
npub1wtx5qvewc7pd6znlvwktq03mdld05mv3h5dkzfwd3dc30gdmsptsugtuynPublished at
2023-06-09 13:01:11Event JSON
{
"id": "dae3ef75dda3df5cfbeaa22d3559070397ada69178cf8e2d0c61ecfa4ec4952c",
"pubkey": "72cd40332ec782dd0a7f63acb03e3b6fdafa6d91bd1b6125cd8b7117a1bb8057",
"created_at": 1686315671,
"kind": 1,
"tags": [
[
"e",
"2e5ffd65d86c5774dbb4381933898049e781bd6e8719e31c24e98ee704e67d6e",
"",
"root"
],
[
"e",
"8663a5fe690f5765143ecaf8f2df81ee49a038221137ad5f0b7b0451f30ad9c8",
"",
"reply"
],
[
"p",
"ec3fb08b335b94aace30d13181f2ad0280df9bc34f1a99832c4e2da8fb125eb3"
]
],
"content": "📅 Original date posted:2020-10-13\n📝 Original message:\nI think the mechanism can indeed create interesting dynamics, but not in\na good sense :-)\n\n\u003e\u003e I can still establish channels to various low-reputation nodes, and\n\u003e\u003e then use them to grief a high-reputation node. Not only do I get to\n\u003e\u003e jam up the high-reputation channels, as a bonus I get the\n\u003e\u003e low-reputation nodes to pay for it!\n\u003e\n\u003e So you're saying:\n\u003e\n\u003e ATTACKER --(no hold fee)--\u003e LOW-REP --(hold fee)--\u003e HIGH-REP\n\u003e\n\u003e If I were LOW-REP, I'd still charge an unknown node a hold fee. I\n\u003e would only waive the hold fee for high-reputation nodes. In that case,\n\u003e the attacker is still paying for the attack. I may be forced to take a\n\u003e small loss on the difference, but at least the larger part of the pain\n\u003e is felt by the attacker. The assumption is that this is sufficient\n\u003e enough to deter the attacker from even trying.\n\nThe LOW-REP node being out of pocket is the clue here: if one party\nloses funds, even a tiny bit, another party gains some funds. In this\ncase the HIGH-REP node collaborating with the ATTACKER can extract some\nfunds from the intermediate node, allowing them to dime their way to all\nof LOW-REP's funds. If an attack results in even a tiny loss for an\nintermediary and can be repeated, the intermediary's funds can be\nsyphoned by an attacker.\n\nAnother attack that is a spin on ZmnSCPxj's waiting to backpropagate the\npreimage is even worse:\n\n - Attacker node `A` charging hold fees receives HTLC from victim `V`\n - `A` does not forward the HTLC, but starts charging hold fees\n - Just before the timeout for the HTLC would force us to settle onchain\n `A` just removes the HTLC without forwarding it or he can try to\n forward at the last moment, potentially blaming someone else for its\n failure to complete\n\nThis results in `A` extracting the maximum hold fee from `V`, without\nthe downstream hold fees cutting into their profits. By forwarding as\nlate as possible `A` can cause a downstream failure and look innocent,\nand the overall payment has the worst possible outcome: we waited an\neternity for what turns out to be a failed attempt.\n\nCheers,\nChristian",
"sig": "023b505e7e826478806f92cca575f566a1310ec7a8fce08cc02a781874bbd859292118e8c14045174447718cbda5456d479783c791dd4f7ce802b01e0d0fa4e5"
}