๐
Original date posted:2015-08-14
๐ Original message:On 08/14/15 00:47, Mark Friedenbach via bitcoin-dev wrote:
> On Thu, Aug 13, 2015 at 4:42 PM, Joseph Poon via bitcoin-dev
> <bitcoin-dev at lists.linuxfoundation.org
> <mailto:bitcoin-dev at lists.linuxfoundation.org>> wrote:
>
> I haven't tested the details of this, but is there another bit available
> for use in the future for the relative blockheight?
>
> I strongly believe that Lightning needs mitigations for a systemic
> supervillan attack which attemps to flood the network with transactions,
> which can hypothetically be mitigated with something like a timestop
> bit (as originally suggested by gmaxwell).
>
>
> This proposal includes no such provision.
>
> Since we talked about it, I spent considerable time thinking about the
> supposed risk and proposed mitigations. I'm frankly not convinced that
> it is a risk of high enough credibility to worry about, or if it is that
> a protocol-level complication is worth doing.
>
> The scenario as I understand it is a hub turns evil and tries to cheat
> every single one of its users out of their bonds. Normally a lightning
> user is protected form such behavior because they have time to broadcast
> their own transactions spending part or all of the balance as fees.
My concern is how the hell do you automate this? Having a threat of
"well, everyone could update their software to a new version which will
destroy all coins right now" is kinda useless, and trying to come up
with a reasonable set of metrics as to how much and when you move from
just paying the fee to destroying coins is really hard, especially if
you assume the attacker is a miner with, say, enough hashrate (maybe
rented) to get one or three blocks in the next day (the timeout period).
> Therefore because of the threat of mutually assured destruction, the
> optimal outcome is to be an honest participant.
>
> But, the argument goes, the hub has many channels with many different
> people closing at the same time. So if the hub tries to cheat all of
> them at once by DoS'ing the network, it can do so and spend more in fees
> than any one participant stands to lose. My issue with this is that
> users don't act alone -- users can be assured that other users will
> react, and all of them together have enough coins to burn to make the
> attack unprofitable.
Now users are coordinating quickly in an attack scenario?
> The hub-cheats-many-users case really is the same
> as the hub-cheats-one-user case if the users act out their role in
> unison, which they don't have to coordinate to do.
>
> Other than that, even if you are still concerned about that scenario,
> I'm not sure timestop is the appropriate solution. A timestop is a
> protocol-level complication that is not trivial to implement, indeed I'm
> not even sure there is a way to implement it at all -- how do you
> differentiate in consensus code a DoS attack from regular old blocks
> filling up? And if you could, why add further complication to the
> consensus protocol?
Yea, implementation is really tricky here. I do not at all think we
should be thinking about implementing this any time soon, and should
assume Lightning will have to stand reasonably on its own without it
first, and only if it gains a lot of traction will there be enough
motivation for making such a change at the Bitcoin protocol level for
Lightning.
> A simpler solution to me seems to be outsourcing the response to an
> attack to a third party
Doesnt that defeat the purpose of Lightning?
> or otherwise engineering ways for users to
> respond-by-default even if their wallet is offline, or otherwise
> assuring sufficient coordination in the event of a bad hub.
I'm not even sure if sufficient coordination is a sufficient solution.
If you assume a hub just shut down, and everyone is trying to flush to
the chain, with a backlog of a few days worth of transactions (with
timeouts of a day or so), and users are even paying huge fees (99% of
what they'd get back), if the former-hub is a miner, it can claim that
last 1% of many of the transactions that take longer than a day to confirm.
Matt Corallo [ARCHIVE] /
npub1e4โฆjxmcu
2023-06-07 15:46:49
in reply to nevent1qโฆesyp
Author Public Key
npub1e46n428mcyfwznl7nlsf6d3s7rhlwm9x3cmkuqzt3emmdpadmkaqqjxmcuSeen on
wss://relay.nostr.bandPublished at
2023-06-07 15:46:49Event JSON
{
"id": "969c8379997691156fa38368753675ef2eb7a2835e47eb1a00b93f7fead06c43",
"pubkey": "cd753aa8fbc112e14ffe9fe09d3630f0eff76ca68e376e004b8e77b687adddba",
"created_at": 1686152809,
"kind": 1,
"tags": [
[
"e",
"6086ec24c7436956a4324b488abdb6aa06edbf1e682d11a0a5b70b6f8e62e6f3",
"",
"root"
],
[
"e",
"a9c9c8e6354c2b5e2483d49c0a7d39d7a796a753ccc98b39473404a9c51187c4",
"",
"reply"
],
[
"p",
"1c61d995949cbfaf14f767784e166bde865c7b8783d7aa3bf0a1d014b70c0069"
]
],
"content": "๐
Original date posted:2015-08-14\n๐ Original message:On 08/14/15 00:47, Mark Friedenbach via bitcoin-dev wrote:\n\u003e On Thu, Aug 13, 2015 at 4:42 PM, Joseph Poon via bitcoin-dev\n\u003e \u003cbitcoin-dev at lists.linuxfoundation.org\n\u003e \u003cmailto:bitcoin-dev at lists.linuxfoundation.org\u003e\u003e wrote:\n\u003e \n\u003e I haven't tested the details of this, but is there another bit available\n\u003e for use in the future for the relative blockheight?\n\u003e \n\u003e I strongly believe that Lightning needs mitigations for a systemic\n\u003e supervillan attack which attemps to flood the network with transactions,\n\u003e which can hypothetically be mitigated with something like a timestop\n\u003e bit (as originally suggested by gmaxwell).\n\u003e \n\u003e \n\u003e This proposal includes no such provision.\n\u003e \n\u003e Since we talked about it, I spent considerable time thinking about the\n\u003e supposed risk and proposed mitigations. I'm frankly not convinced that\n\u003e it is a risk of high enough credibility to worry about, or if it is that\n\u003e a protocol-level complication is worth doing.\n\u003e \n\u003e The scenario as I understand it is a hub turns evil and tries to cheat\n\u003e every single one of its users out of their bonds. Normally a lightning\n\u003e user is protected form such behavior because they have time to broadcast\n\u003e their own transactions spending part or all of the balance as fees.\n\nMy concern is how the hell do you automate this? Having a threat of\n\"well, everyone could update their software to a new version which will\ndestroy all coins right now\" is kinda useless, and trying to come up\nwith a reasonable set of metrics as to how much and when you move from\njust paying the fee to destroying coins is really hard, especially if\nyou assume the attacker is a miner with, say, enough hashrate (maybe\nrented) to get one or three blocks in the next day (the timeout period).\n\n\u003e Therefore because of the threat of mutually assured destruction, the\n\u003e optimal outcome is to be an honest participant.\n\u003e \n\u003e But, the argument goes, the hub has many channels with many different\n\u003e people closing at the same time. So if the hub tries to cheat all of\n\u003e them at once by DoS'ing the network, it can do so and spend more in fees\n\u003e than any one participant stands to lose. My issue with this is that\n\u003e users don't act alone -- users can be assured that other users will\n\u003e react, and all of them together have enough coins to burn to make the\n\u003e attack unprofitable.\n\nNow users are coordinating quickly in an attack scenario?\n\n\u003e The hub-cheats-many-users case really is the same\n\u003e as the hub-cheats-one-user case if the users act out their role in\n\u003e unison, which they don't have to coordinate to do.\n\u003e \n\u003e Other than that, even if you are still concerned about that scenario,\n\u003e I'm not sure timestop is the appropriate solution. A timestop is a\n\u003e protocol-level complication that is not trivial to implement, indeed I'm\n\u003e not even sure there is a way to implement it at all -- how do you\n\u003e differentiate in consensus code a DoS attack from regular old blocks\n\u003e filling up? And if you could, why add further complication to the\n\u003e consensus protocol?\n\nYea, implementation is really tricky here. I do not at all think we\nshould be thinking about implementing this any time soon, and should\nassume Lightning will have to stand reasonably on its own without it\nfirst, and only if it gains a lot of traction will there be enough\nmotivation for making such a change at the Bitcoin protocol level for\nLightning.\n\n\u003e A simpler solution to me seems to be outsourcing the response to an\n\u003e attack to a third party\n\nDoesnt that defeat the purpose of Lightning?\n\n\u003e or otherwise engineering ways for users to\n\u003e respond-by-default even if their wallet is offline, or otherwise\n\u003e assuring sufficient coordination in the event of a bad hub.\n\nI'm not even sure if sufficient coordination is a sufficient solution.\nIf you assume a hub just shut down, and everyone is trying to flush to\nthe chain, with a backlog of a few days worth of transactions (with\ntimeouts of a day or so), and users are even paying huge fees (99% of\nwhat they'd get back), if the former-hub is a miner, it can claim that\nlast 1% of many of the transactions that take longer than a day to confirm.",
"sig": "072925298bd906f57fc4ff49503f04d8910dd79034c7d25b194818e7a5f6033f27be93cf87fedad05bf05178f2a179015f1c60964ed0f6a18af0faf4f5421e40"
}