Why Nostr? What is Njump?
2024-09-22 17:25:50
in reply to

Super Testnet on Nostr: I am aware of the first problem and I note that Rene Pickhardt tried to perform this ...

I am aware of the first problem and I note that Rene Pickhardt tried to perform this attack in 2019 with little success. He tried to take a snapshot of the balances of all routing nodes on testnet, and while he did manage to do it, it took him over 9 hours to do so. It would be an even harder task on mainnet due to the larger number of routing nodes.

Since lightning has high volume, I think you wouldn't get good days about the history of transfers on LN unless you could get snapshots of routing node balances every few seconds, rather than once per day or so.

Nonetheless, Rene did find that while it takes a long time to probe the balances of*every node,* each *individual* node only takes about 20 seconds to probe. So if you looked your attack to a single largr routing node you could probably get reasonably good data about what traffic it routes across the network.

Also, the Blinded Paths upgrade mitigates this attack. Part of the plan for Blinded Paths is to remove the distinct error messages revealed by nodes depending on whether the payment made it to its destination or had a routing failure part of the way through. With Blinded Paths, the same error message is displayed for every payment failure, which means Balance Probing as performed by Rene won't work anymore. His technique involved sending multiple fake payments through a routing node and logging whether they failed due to the routing node not having enough capacity or the recipient being unable to finalize the payment. If the latter, it meant the routing node *did* have enough capacity to forward that payment, so Rene would try again and again with larger and larger fake payments until the routing node reported an inability to forward the money, then record the prior amount of the fake payment as their latest balance. This method relies on does not work if all payment failures look the same, so the Blinded Paths upgrade should fix this.
Author Public Key
npub1yxp7j36cfqws7yj0hkfu2mx25308u4zua6ud22zglxp98ayhh96s8c399s