📅 Original date posted:2020-10-14
📝 Original message:
Joost Jager <joost.jager at gmail.com> writes:
>>
>> > A crucial thing is that these hold fees don't need to be symmetric. A new
>> > node for example that opens a channel to a well-known, established
>> routing
>> > node will be forced to pay a hold fee, but won't see any traffic coming
>> in
>> > anymore if it announces a hold fee itself. Nodes will need to build a
>> > reputation before they're able to command hold fees. Similarly, routing
>> > nodes that have a strong relation may decide to not charge hold fees to
>> > each other at all.
>>
>> I can still establish channels to various low-reputation nodes, and then
>> use them to grief a high-reputation node. Not only do I get to jam up
>> the high-reputation channels, as a bonus I get the low-reputation nodes
>> to pay for it!
>
> So you're saying:
>
> ATTACKER --(no hold fee)--> LOW-REP --(hold fee)--> HIGH-REP
>
> If I were LOW-REP, I'd still charge an unknown node a hold fee. I would
> only waive the hold fee for high-reputation nodes. In that case, the
> attacker is still paying for the attack. I may be forced to take a small
> loss on the difference, but at least the larger part of the pain is felt by
> the attacker. The assumption is that this is sufficient enough to deter the
> attacker from even trying.
No, because HIGH-REP == ATTACKER and LOW-REP pays.
> I guess your concern is with trying to become a routing node? If nobody
> knows you, you'll be forced to pay hold fees but can't attract traffic if
> you charge hold fees yourself. That indeed means that you'll need to be
> selective with whom you accept htlcs from. Put limits in place to control
> the expenditure. Successful forwards will earn a routing fee which could
> compensate for the loss in hold fees too.
"Be selectinve with whom you accept HTLCs from"... it always comes back
to incentives to de-anonymize the network :(
> I think this mechanism can create interesting dynamics on the network and
> eventually reach an equilibrium that is still healthy in terms of
> decentralization and privacy.
I suspect that if you try to create a set of actual rules for nodes
using actual numbers, I think you'll find you enter a complexity spiral
as you try to play whack-a-mole on all the different ways you can
exploit it.
(This is what happened every time I tried to design a peer-penalty
system).
Cheers,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 13:01:12
in reply to nevent1q…kjxk
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 13:01:12Event JSON
{
"id": "0f4cbf041c3af28180243e59e2c78e4d7a0f4aeba4901ec2e060d849add165a1",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686315672,
"kind": 1,
"tags": [
[
"e",
"2e5ffd65d86c5774dbb4381933898049e781bd6e8719e31c24e98ee704e67d6e",
"",
"root"
],
[
"e",
"7267f6c5de5f6c587c8f06928a9ae1dc740ce8ab5bfb00df731f9f7eb6cc1bd7",
"",
"reply"
],
[
"p",
"72cd40332ec782dd0a7f63acb03e3b6fdafa6d91bd1b6125cd8b7117a1bb8057"
]
],
"content": "📅 Original date posted:2020-10-14\n📝 Original message:\nJoost Jager \u003cjoost.jager at gmail.com\u003e writes:\n\u003e\u003e\n\u003e\u003e \u003e A crucial thing is that these hold fees don't need to be symmetric. A new\n\u003e\u003e \u003e node for example that opens a channel to a well-known, established\n\u003e\u003e routing\n\u003e\u003e \u003e node will be forced to pay a hold fee, but won't see any traffic coming\n\u003e\u003e in\n\u003e\u003e \u003e anymore if it announces a hold fee itself. Nodes will need to build a\n\u003e\u003e \u003e reputation before they're able to command hold fees. Similarly, routing\n\u003e\u003e \u003e nodes that have a strong relation may decide to not charge hold fees to\n\u003e\u003e \u003e each other at all.\n\u003e\u003e\n\u003e\u003e I can still establish channels to various low-reputation nodes, and then\n\u003e\u003e use them to grief a high-reputation node. Not only do I get to jam up\n\u003e\u003e the high-reputation channels, as a bonus I get the low-reputation nodes\n\u003e\u003e to pay for it!\n\u003e\n\u003e So you're saying:\n\u003e\n\u003e ATTACKER --(no hold fee)--\u003e LOW-REP --(hold fee)--\u003e HIGH-REP\n\u003e\n\u003e If I were LOW-REP, I'd still charge an unknown node a hold fee. I would\n\u003e only waive the hold fee for high-reputation nodes. In that case, the\n\u003e attacker is still paying for the attack. I may be forced to take a small\n\u003e loss on the difference, but at least the larger part of the pain is felt by\n\u003e the attacker. The assumption is that this is sufficient enough to deter the\n\u003e attacker from even trying.\n\nNo, because HIGH-REP == ATTACKER and LOW-REP pays.\n\n\u003e I guess your concern is with trying to become a routing node? If nobody\n\u003e knows you, you'll be forced to pay hold fees but can't attract traffic if\n\u003e you charge hold fees yourself. That indeed means that you'll need to be\n\u003e selective with whom you accept htlcs from. Put limits in place to control\n\u003e the expenditure. Successful forwards will earn a routing fee which could\n\u003e compensate for the loss in hold fees too.\n\n\"Be selectinve with whom you accept HTLCs from\"... it always comes back\nto incentives to de-anonymize the network :(\n\n\u003e I think this mechanism can create interesting dynamics on the network and\n\u003e eventually reach an equilibrium that is still healthy in terms of\n\u003e decentralization and privacy.\n\nI suspect that if you try to create a set of actual rules for nodes\nusing actual numbers, I think you'll find you enter a complexity spiral\nas you try to play whack-a-mole on all the different ways you can\nexploit it.\n\n(This is what happened every time I tried to design a peer-penalty\nsystem).\n\nCheers,\nRusty.",
"sig": "a2653c0689086414828be732286a3931bba1cd8729b9120ddbe6062138040c60da67d72a10bd5ac1f0d431c096d5a1e9203a25342881d51ce314a1c33e8da6f4"
}