📅 Original date posted:2016-03-05
📝 Original message:
Mats Jerratsch via Lightning-dev
<lightning-dev at lists.linuxfoundation.org> writes:
> Just discovered that it is possible to attack the onion routing with
> probing too short of an absolute CLTV refund timeout.
>
> When accepting a payment, one will check if the remaining timeout >
> MIN_TIMEOUT.
One mitigation for this particular attack would be to remember the onion
and always fail an identical one. That would allow a single probe,
however (basically, "are you the final destination?").
Also the timeout for the next hop should probably be somewhat
randomized, at least subtracting (MIN_TIMEOUT to MIN_TIMEOUT*2).
The question remains as to what HTLC timeout should be set to initially.
Even if you randomize it, over time the pattern would reveal to your
peer if you are originating all the HTLCS, for example.
Cheers,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 12:45:48
in reply to nevent1q…4l85
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 12:45:48Event JSON
{
"id": "846c02d559b33c935a091aecc62c0e298de736159f1ff2a4db600ca324a2130f",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686314748,
"kind": 1,
"tags": [
[
"e",
"5272205def020e3c5aab3c5851dc225814c5007aed79816e637c6362b3942e81",
"",
"root"
],
[
"e",
"0d0fd11c5b2699e90104ce2f472a94ad90ff765cf5470765dfdd9b86b5de0c92",
"",
"reply"
],
[
"p",
"b8a27d18150405cdfcd44c0dd8db860f5270312300248389bf57ce555c784528"
]
],
"content": "📅 Original date posted:2016-03-05\n📝 Original message:\nMats Jerratsch via Lightning-dev\n\u003clightning-dev at lists.linuxfoundation.org\u003e writes:\n\u003e Just discovered that it is possible to attack the onion routing with\n\u003e probing too short of an absolute CLTV refund timeout.\n\u003e\n\u003e When accepting a payment, one will check if the remaining timeout \u003e\n\u003e MIN_TIMEOUT.\n\nOne mitigation for this particular attack would be to remember the onion\nand always fail an identical one. That would allow a single probe,\nhowever (basically, \"are you the final destination?\").\n\nAlso the timeout for the next hop should probably be somewhat\nrandomized, at least subtracting (MIN_TIMEOUT to MIN_TIMEOUT*2).\n\nThe question remains as to what HTLC timeout should be set to initially.\nEven if you randomize it, over time the pattern would reveal to your\npeer if you are originating all the HTLCS, for example.\n\nCheers,\nRusty.",
"sig": "46f7e8120bed17809070447f9edd9d313c6f84180f5da7967baff0493a4e93014d7d511fb9c295231005bba9924955ae44429d5e7954a977009160560c5e9786"
}