📅 Original date posted:2015-08-29
📝 Original message:
> So, with some prompting from AJ who has been working on node
> incentives, I realized there's a nasty attack available to the network.
> You simply route a payment back to another channel you own, then refuse
> to dislose R.
>
> You have to lock up N bitcoins, but so does every node in the path (and
> nobody gets paid!). Onion routing means nobody knows who to blame (you
> can simply claim there's another hop after you).
Yes, that's a nasty one: the total damage to the network is much larger
than the damage to the attacker, especially when the attacker is free to
choose a very long route. This could be used to perform a DoS attack on
the network.
> I think in this case we need to peel the onion[1]: if a payment takes
> too long you tell the previous node where you sent it (and relay where
> it sent it, etc.) If you're the last in the queue, you also need to
> prove that you closed the channel to the offender[2] (which costs you a
> txfee, providing disincentive).
>
> Anyone see any other problems?
I don't like the "peeling the onion" idea, since it breaks down a very
important privacy layer. This privacy is necessary e.g. to make sure the
network remains open for new participants to start routing, even against
the will of an existing cartel of routers.
Maybe I'm overlooking something, but wouldn't it be enough to add a
fine, to be paid from payee-side of a single link to the payer-side of
the link, if the R value is delayed? It wouldn't even be necessary to
cryptographically enforce such a fine: if the fine isn't paid, the other
node can simply close the channel, isolating the misbehaving node.
Well-behaving nodes will always pay the fine, thereby keeping their link
intact and keeping a healthy network of well-behaving nodes.
In order to punish the attacker, these fines should be accumulated
towards the payee side of the route; this sounds like a similar problem
as the accumulation of ordinary transaction fees across a route.
Intuitively I'd say that, for a mixed source/non-source routing network,
it'd be reasonable that the endpoints of the transaction (final payer
and payee) explicitly pay fees to the source-routed nodes in a route,
and that any fees of non-source routed nodes are covered by the fees
paid to their closest source-routed nodes(**). Explicitly paying fines
to source-routed nodes also provides an incentive(*) to keep routes
short.
CJP
(*) unless the explicit fee is negative of course, but that's a feature,
not a bug.
(**) Example (for ordinary fees, but could be similar for fines):
capitals are source-routed nodes
A - b - c - D - e - F - g - H
A pays 1.000 mBTC to H (main payment from payer A to payee H)
A pays 0.003 mBTC to D (explicit source routing fee; D is the "meeting
point" agreed by A and H)
H pays 0.003 mBTC to F (explicit source routing fee; H selected F for
onion-routing towards D, without A's knowledge)
A pays 0.002 mBTC to b (non-source routing fee)
b pays 0.001 mBTC to c (non-source routing fee)
D pays 0.001 mBTC to c (non-source routing fee)
D pays 0.001 mBTC to e (non-source routing fee)
F pays 0.001 mBTC to e (non-source routing fee)
F pays 0.001 mBTC to g (non-source routing fee)
H pays 0.001 mBTC to g (non-source routing fee)
Net result:
A: -1.005
b: +0.001
c: +0.002
D: +0.001
e: +0.002
F: +0.001
g: +0.002
H: +0.996
CJP [ARCHIVE] /
npub13q…cuzdm
2023-06-09 12:44:07
in reply to nevent1q…nayq
Author Public Key
npub13q863scgpsaanrjhfn7dd4h48lgnupgkcs828arzj4pckrq8hh6s4cuzdmPublished at
2023-06-09 12:44:07Event JSON
{
"id": "0c208d4628ca9c9ceda6a51fa2342ccc090e0fbf1daf136bb9a3796c8fdad1db",
"pubkey": "880fa8c3080c3bd98e574cfcd6d6f53fd13e0516c40ea3f46295438b0c07bdf5",
"created_at": 1686314647,
"kind": 1,
"tags": [
[
"e",
"a92f734d740b85399f0e70711c3ef451f97eec2048c08c21ef8e0700fe174d1c",
"",
"root"
],
[
"e",
"108001f346d2bcad9dbc459244b94e461bf3d19a52aa7edfd45010fead8a227f",
"",
"reply"
],
[
"p",
"13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425"
]
],
"content": "📅 Original date posted:2015-08-29\n📝 Original message:\n\u003e So, with some prompting from AJ who has been working on node\n\u003e incentives, I realized there's a nasty attack available to the network.\n\u003e You simply route a payment back to another channel you own, then refuse\n\u003e to dislose R.\n\u003e \n\u003e You have to lock up N bitcoins, but so does every node in the path (and\n\u003e nobody gets paid!). Onion routing means nobody knows who to blame (you\n\u003e can simply claim there's another hop after you).\n\nYes, that's a nasty one: the total damage to the network is much larger\nthan the damage to the attacker, especially when the attacker is free to\nchoose a very long route. This could be used to perform a DoS attack on\nthe network.\n\n\u003e I think in this case we need to peel the onion[1]: if a payment takes\n\u003e too long you tell the previous node where you sent it (and relay where\n\u003e it sent it, etc.) If you're the last in the queue, you also need to\n\u003e prove that you closed the channel to the offender[2] (which costs you a\n\u003e txfee, providing disincentive).\n\u003e \n\u003e Anyone see any other problems?\n\nI don't like the \"peeling the onion\" idea, since it breaks down a very\nimportant privacy layer. This privacy is necessary e.g. to make sure the\nnetwork remains open for new participants to start routing, even against\nthe will of an existing cartel of routers.\n\nMaybe I'm overlooking something, but wouldn't it be enough to add a\nfine, to be paid from payee-side of a single link to the payer-side of\nthe link, if the R value is delayed? It wouldn't even be necessary to\ncryptographically enforce such a fine: if the fine isn't paid, the other\nnode can simply close the channel, isolating the misbehaving node.\nWell-behaving nodes will always pay the fine, thereby keeping their link\nintact and keeping a healthy network of well-behaving nodes.\n\nIn order to punish the attacker, these fines should be accumulated\ntowards the payee side of the route; this sounds like a similar problem\nas the accumulation of ordinary transaction fees across a route. \n\nIntuitively I'd say that, for a mixed source/non-source routing network,\nit'd be reasonable that the endpoints of the transaction (final payer\nand payee) explicitly pay fees to the source-routed nodes in a route,\nand that any fees of non-source routed nodes are covered by the fees\npaid to their closest source-routed nodes(**). Explicitly paying fines\nto source-routed nodes also provides an incentive(*) to keep routes\nshort.\n\nCJP\n\n(*) unless the explicit fee is negative of course, but that's a feature,\nnot a bug.\n\n(**) Example (for ordinary fees, but could be similar for fines):\ncapitals are source-routed nodes\n\nA - b - c - D - e - F - g - H\n\nA pays 1.000 mBTC to H (main payment from payer A to payee H)\nA pays 0.003 mBTC to D (explicit source routing fee; D is the \"meeting\npoint\" agreed by A and H)\nH pays 0.003 mBTC to F (explicit source routing fee; H selected F for\nonion-routing towards D, without A's knowledge)\nA pays 0.002 mBTC to b (non-source routing fee)\nb pays 0.001 mBTC to c (non-source routing fee)\nD pays 0.001 mBTC to c (non-source routing fee)\nD pays 0.001 mBTC to e (non-source routing fee)\nF pays 0.001 mBTC to e (non-source routing fee)\nF pays 0.001 mBTC to g (non-source routing fee)\nH pays 0.001 mBTC to g (non-source routing fee)\n\nNet result:\nA: -1.005\nb: +0.001\nc: +0.002\nD: +0.001\ne: +0.002\nF: +0.001\ng: +0.002\nH: +0.996",
"sig": "481a8a1a8c3e7dd7434f4fa80058853ce95255e5a65603aa3b6fb574750a6ba33e30b8d37894ba9835296d2cae0bdec85b01a8866048a364e0bd852c6592512b"
}