š
Original date posted:2022-11-28
š Original message:
Good morning David,
> On 2022-11-25 13:12, ZmnSCPxj via Lightning-dev wrote:
>
> > If I am an LSP, and I know my competitor LSP distributes their
> > credentials, then I can simply apply to be a spoke on my competitor
> > and then make several payments to my node, which I then jam up.
> > This reduces the reputation of my competitor LSP.
>
>
> I don't think this how Riard's credentials work. The credential tokens
> are blinded, so forwarding nodes can't use them to determine the origin
> of the payment---thus they can't assign blame.
>
> As I understand them, credential tokens prevent DoS by each token only
> allowing the one-time creation of a single HTLC, so any failed payment
> reduces the sender's supply of tokens. That means, if Mallory becomes a
> client of Bob's and Bob lets Mallory use some of his tokens, Mallory can
> destroy those tokens. Although that's bad for Bob, he can easily limit
> the damage by not giving Mallory more tokens after too many failures.
> If Bob obtained his tokens at a low cost (e.g. by sending many payments
> that were successful and receiving back >100% of the tokens he used to
>
> make those payments) and if Alice has to pay a similar or greater cost
> to become a client of Bob's (e.g. onchain channel open costs), then the
> attack should not be economically rational.
The usual response is to subsequently attack the mitigation, this is a general technique that works on pretty much anything.
Mallory can run multiple nodes.
Mallory can then initially buy a small number of tokens.
Then Mallory sends payments back and forth ensuring success, receiving back >100% tokens used.
This gives Mallory a large number of tokens.
Finally, Mallory launches a wide attack on the network by using its harvested tokens (from the >100% token return from successful payment resolution), trading off reputation for whatever they might gain by attacking the LN.
Unless forwarding nodes charge a large fee on successful resolution of payments, such that the >100% return on tokens is equal to the cost of buying the extra tokens "fresh", then this makes launching the attack cheaper.
> > Thus all reputation still rests with ultimate senders, who have to
> > convince LSPs to sell their reputation to them, because they might
> > secretly be competitor LSPs who have incentive to drain their
> > reputation.
> >
> > If the price of sold reputation is too high, then it is no different
> > from upfront fees.
> >
> > If the price of sold reputation is too low, then I can drain the
> > reputation of competitor LSPs.
>
>
> I think the statement at the top about reputation resting with ultimate
> senders is true but two conditionals below it are not quite right. If
> an LSP helps many clients make successful payments, those clients may
> (at no additional cost to them beyond the forwarding fees they already
> paid) receive more credential tokens than they'll ever need. By
> allowing the LSP to instead use those tokens for other clients
> ("harvesting" them), it's possible for those later clients to avoid
> paying for credential tokens---this is equivalent to free upfront fees.
> As long as the LSP can prevent a client from using too many tokens, and
> requires the client pay other inescapable costs, then it shouldn't be
> possible for a competitor to substantially drain the token capital of a
> LSP without losing a substantial amount of its own money.
It is helpful to consider that jamming attacks require that jamming attackers tie up their funds on Lightning too.
So while a jamming attacker can impose opportunity costs on the rest of the network, it also sacrifices opportunity to instead use the same funds in forwarding.
Thus a jamming attacker can impose costs on others by also losing a substantial amount (in terms of lost opportunity to instead use the same locked funds to earn forwarding fees), meaning that if you are going to make that argument, then the original problem was already solved by its own structure.
Regards,
ZmnSCPxj
ZmnSCPxj [ARCHIVE] /
npub1g5ā¦3ms3l
2023-06-09 13:07:27
in reply to nevent1qā¦3g24
Author Public Key
npub1g5zswf6y48f7fy90jf3tlcuwdmjn8znhzaa4vkmtxaeskca8hpss23ms3lPublished at
2023-06-09 13:07:27Event JSON
{
"id": "8b2b17e4d697726d6f0a117cd2b7d000b1370057443c88e1568e62fc2f535399",
"pubkey": "4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861",
"created_at": 1686316047,
"kind": 1,
"tags": [
[
"e",
"9c3a63b3566ad83b1efc2410b067702e12877b167df07023410314f65ebf754b",
"",
"root"
],
[
"e",
"c4b207075758302b23ef460ebea89d72b85c560b17f12264d726a58929aaeb6c",
"",
"reply"
],
[
"p",
"d3574a24208f4e3d0821bb4a69a0c3ae842043d444fa5c4a8c49c369918a6fb2"
]
],
"content": "š
Original date posted:2022-11-28\nš Original message:\nGood morning David,\n\n\u003e On 2022-11-25 13:12, ZmnSCPxj via Lightning-dev wrote:\n\u003e \n\u003e \u003e If I am an LSP, and I know my competitor LSP distributes their\n\u003e \u003e credentials, then I can simply apply to be a spoke on my competitor\n\u003e \u003e and then make several payments to my node, which I then jam up.\n\u003e \u003e This reduces the reputation of my competitor LSP.\n\u003e \n\u003e \n\u003e I don't think this how Riard's credentials work. The credential tokens\n\u003e are blinded, so forwarding nodes can't use them to determine the origin\n\u003e of the payment---thus they can't assign blame.\n\u003e \n\u003e As I understand them, credential tokens prevent DoS by each token only\n\u003e allowing the one-time creation of a single HTLC, so any failed payment\n\u003e reduces the sender's supply of tokens. That means, if Mallory becomes a\n\u003e client of Bob's and Bob lets Mallory use some of his tokens, Mallory can\n\u003e destroy those tokens. Although that's bad for Bob, he can easily limit\n\u003e the damage by not giving Mallory more tokens after too many failures.\n\u003e If Bob obtained his tokens at a low cost (e.g. by sending many payments\n\u003e that were successful and receiving back \u003e100% of the tokens he used to\n\u003e \n\u003e make those payments) and if Alice has to pay a similar or greater cost\n\u003e to become a client of Bob's (e.g. onchain channel open costs), then the\n\u003e attack should not be economically rational.\n\nThe usual response is to subsequently attack the mitigation, this is a general technique that works on pretty much anything.\n\nMallory can run multiple nodes.\nMallory can then initially buy a small number of tokens.\nThen Mallory sends payments back and forth ensuring success, receiving back \u003e100% tokens used.\nThis gives Mallory a large number of tokens.\n\nFinally, Mallory launches a wide attack on the network by using its harvested tokens (from the \u003e100% token return from successful payment resolution), trading off reputation for whatever they might gain by attacking the LN.\n\nUnless forwarding nodes charge a large fee on successful resolution of payments, such that the \u003e100% return on tokens is equal to the cost of buying the extra tokens \"fresh\", then this makes launching the attack cheaper.\n\n\n\u003e \u003e Thus all reputation still rests with ultimate senders, who have to\n\u003e \u003e convince LSPs to sell their reputation to them, because they might\n\u003e \u003e secretly be competitor LSPs who have incentive to drain their\n\u003e \u003e reputation.\n\u003e \u003e \n\u003e \u003e If the price of sold reputation is too high, then it is no different\n\u003e \u003e from upfront fees.\n\u003e \u003e \n\u003e \u003e If the price of sold reputation is too low, then I can drain the\n\u003e \u003e reputation of competitor LSPs.\n\u003e \n\u003e \n\u003e I think the statement at the top about reputation resting with ultimate\n\u003e senders is true but two conditionals below it are not quite right. If\n\u003e an LSP helps many clients make successful payments, those clients may\n\u003e (at no additional cost to them beyond the forwarding fees they already\n\u003e paid) receive more credential tokens than they'll ever need. By\n\u003e allowing the LSP to instead use those tokens for other clients\n\u003e (\"harvesting\" them), it's possible for those later clients to avoid\n\u003e paying for credential tokens---this is equivalent to free upfront fees.\n\u003e As long as the LSP can prevent a client from using too many tokens, and\n\u003e requires the client pay other inescapable costs, then it shouldn't be\n\u003e possible for a competitor to substantially drain the token capital of a\n\u003e LSP without losing a substantial amount of its own money.\n\nIt is helpful to consider that jamming attacks require that jamming attackers tie up their funds on Lightning too.\nSo while a jamming attacker can impose opportunity costs on the rest of the network, it also sacrifices opportunity to instead use the same funds in forwarding.\nThus a jamming attacker can impose costs on others by also losing a substantial amount (in terms of lost opportunity to instead use the same locked funds to earn forwarding fees), meaning that if you are going to make that argument, then the original problem was already solved by its own structure.\n\nRegards,\nZmnSCPxj",
"sig": "f0bc75e21a303987316247daed2079daeaff0caa7f8f849f4de4f244cd7d2274441b1a0b7095d91c1363806211551725f482bf1226317de2c0f8959139dda5be"
}