📅 Original date posted:2023-05-09
🗒️ Summary of this message: A potential griefing attack on LSPs providing Just-In-Time channels has been identified. The attack can be prevented by using PTLCs to sign the funding transaction.
📝 Original message:
Hi everyone,
I was chatting with Tony Giorgio the other day and he made me aware of a potential griefing attack that is possible today on LSPs that provide Just-In-Time channels.
The attack is very simple, when the LSP receives the payment and then opens a 0-conf channel to the client, the client could not claim the payment thus resulting in the LSP not getting paid and the client getting a free inbound lightning channel. The LSP could double spend the transaction but they still would lose the miner fees and as we are seeing today, that can be very expensive.
I am not sure if this has been proposed before but we can fix this with PTLCs!
Instead of having the LSP just broadcasting the funding transaction to the mempool, they can sign the funding transaction using adaptor signatures locked to the same secret as the invoice. Then when the client wants to claim the funds they can get the funding txid from the LSP, and then do the PTLC dance with the LSP based on using that funding transaction. If it all goes as planned the LSP can give the funding transaction signed using adaptor sigs to the client and the client can then decrypt the signatures and broadcast the transaction. Then the LSP can find the transaction in the mempool and extract the secret they need to claim the payment, thus making claiming the payment and opening the channel atomic so the client can't grief the LSP.
Not sure if this has been talked about before, if not I think we can throw it in the ever-growing pile of "PTLCs fixes this".
Best,
benthecarman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20230509/c7926ee7/attachment.html>;
Ben Carman [ARCHIVE] /
npub17l…c7hwm
2023-06-19 17:42:32
in reply to nevent1q…fev8
Author Public Key
npub17lts233cksw942zaqq8kkkgrc8hn9pfzgdyrce28nrf2vx49q7wq3c7hwmPublished at
2023-06-19 17:42:32Event JSON
{
"id": "88dd1e4b90a65b3e0135f72220b886c55ffeffe954bfe9ce0d575f1fcb1d48af",
"pubkey": "f7d7054638b41c5aa85d000f6b5903c1ef32852243483c654798d2a61aa5079c",
"created_at": 1687196552,
"kind": 1,
"tags": [
[
"e",
"b56ace52eb64793e1b7bb95af6b849a78e1e0c03f36a32d8674b0277c5ff5523",
"",
"reply"
],
[
"p",
"9456f7acb763eaab2e02bd8e60cf17df74f352c2ae579dce1f1dd25c95dd611c"
]
],
"content": "📅 Original date posted:2023-05-09\n🗒️ Summary of this message: A potential griefing attack on LSPs providing Just-In-Time channels has been identified. The attack can be prevented by using PTLCs to sign the funding transaction.\n📝 Original message:\nHi everyone,\n\nI was chatting with Tony Giorgio the other day and he made me aware of a potential griefing attack that is possible today on LSPs that provide Just-In-Time channels.\n\nThe attack is very simple, when the LSP receives the payment and then opens a 0-conf channel to the client, the client could not claim the payment thus resulting in the LSP not getting paid and the client getting a free inbound lightning channel. The LSP could double spend the transaction but they still would lose the miner fees and as we are seeing today, that can be very expensive.\n\nI am not sure if this has been proposed before but we can fix this with PTLCs!\n\nInstead of having the LSP just broadcasting the funding transaction to the mempool, they can sign the funding transaction using adaptor signatures locked to the same secret as the invoice. Then when the client wants to claim the funds they can get the funding txid from the LSP, and then do the PTLC dance with the LSP based on using that funding transaction. If it all goes as planned the LSP can give the funding transaction signed using adaptor sigs to the client and the client can then decrypt the signatures and broadcast the transaction. Then the LSP can find the transaction in the mempool and extract the secret they need to claim the payment, thus making claiming the payment and opening the channel atomic so the client can't grief the LSP.\n\nNot sure if this has been talked about before, if not I think we can throw it in the ever-growing pile of \"PTLCs fixes this\".\n\nBest,\nbenthecarman\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20230509/c7926ee7/attachment.html\u003e",
"sig": "9b421cf66e11bfe9aae829f634355ba30c32d8e598d4d34eb008a8cc8be89d34766c6e077c1c6996bc98563a88776785674b3734d058afea579e0079703382ba"
}