Rusty Russell [ARCHIVE] on Nostr: 📅 Original date posted:2016-03-05 📝 Original message: Mats Jerratsch via ...
📅 Original date posted:2016-03-05
📝 Original message:
Mats Jerratsch via Lightning-dev
<lightning-dev at lists.linuxfoundation.org> writes:
> Just discovered that it is possible to attack the onion routing with
> probing too short of an absolute CLTV refund timeout.
>
> When accepting a payment, one will check if the remaining timeout >
> MIN_TIMEOUT.
One mitigation for this particular attack would be to remember the onion
and always fail an identical one. That would allow a single probe,
however (basically, "are you the final destination?").
Also the timeout for the next hop should probably be somewhat
randomized, at least subtracting (MIN_TIMEOUT to MIN_TIMEOUT*2).
The question remains as to what HTLC timeout should be set to initially.
Even if you randomize it, over time the pattern would reveal to your
peer if you are originating all the HTLCS, for example.
Cheers,
Rusty.
Published at
2023-06-09 12:45:48Event JSON
{
"id": "846c02d559b33c935a091aecc62c0e298de736159f1ff2a4db600ca324a2130f",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686314748,
"kind": 1,
"tags": [
[
"e",
"5272205def020e3c5aab3c5851dc225814c5007aed79816e637c6362b3942e81",
"",
"root"
],
[
"e",
"0d0fd11c5b2699e90104ce2f472a94ad90ff765cf5470765dfdd9b86b5de0c92",
"",
"reply"
],
[
"p",
"b8a27d18150405cdfcd44c0dd8db860f5270312300248389bf57ce555c784528"
]
],
"content": "📅 Original date posted:2016-03-05\n📝 Original message:\nMats Jerratsch via Lightning-dev\n\u003clightning-dev at lists.linuxfoundation.org\u003e writes:\n\u003e Just discovered that it is possible to attack the onion routing with\n\u003e probing too short of an absolute CLTV refund timeout.\n\u003e\n\u003e When accepting a payment, one will check if the remaining timeout \u003e\n\u003e MIN_TIMEOUT.\n\nOne mitigation for this particular attack would be to remember the onion\nand always fail an identical one. That would allow a single probe,\nhowever (basically, \"are you the final destination?\").\n\nAlso the timeout for the next hop should probably be somewhat\nrandomized, at least subtracting (MIN_TIMEOUT to MIN_TIMEOUT*2).\n\nThe question remains as to what HTLC timeout should be set to initially.\nEven if you randomize it, over time the pattern would reveal to your\npeer if you are originating all the HTLCS, for example.\n\nCheers,\nRusty.",
"sig": "46f7e8120bed17809070447f9edd9d313c6f84180f5da7967baff0493a4e93014d7d511fb9c295231005bba9924955ae44429d5e7954a977009160560c5e9786"
}