š
Original date posted:2019-04-07
š Original message:
Good morning m.a.holden,
Sent with ProtonMail Secure Email.
āāāāāāā Original Message āāāāāāā
On Saturday, April 6, 2019 10:39 AM, m.a.holden m.a.holden at protonmail.com wrote:
> Good morning ZmnSCPxj,
> I'll try to clarify my proposal further, but also have a few questions about yours.
>
> > Now, it seems to me what you propose, is to have octrees contain octrees, and so on.
>
> There's one global tree, which is the same for all users. Every node in the tree has a bucket and exactly 4 child nodes, except leaves have no children. The tree has a max depth, which each client sets itself. The theoretical maximum being HASHLEN/2 (In practice, we're likely to be concerned about <8). Note that every parent's bucket contains all of the information of all of its children's buckets - meaning the root node of the global quadtree is equivalent to the unfiltered global network. Nodes pick a depth and concern themselves with the bucket at that depth, unless it overflows, in which case they increase the depth by 1.
Let me clarify: When you say "node" here, do you mean Lightning Network node?
Or do you mean instead an in-memory node?
If you mean "Lightning Network Node", then how can lookup proceed if a node that should be looked through at some step is brought down by a targeted DDoS?
What happens if a node near the root of the tree, which is handling lookup for much more of the network, is brought down?
In my mechanism, the answer is: you try another node, and as long as that node has a dist(that node, target node) lower than yours, the algorithm will progress.
This is because in my mechanism, each node does not have some fixed set of 4 other nodes that are the only nodes referred to when doing lookup.
If you mean in-memory node, then I do not see how relevant it is, the structure that some implementation uses.
You can use a bag, set, tree, or whatever base structure.
But the number of Lightning Network nodes and channels any one node can store is finite since the memory available to that node is finite.
The issue is how to get help from some other node(s) when the target node is not in your routemap.
--
Any tree structure is, looking only at the nodes and edges, indistinguishable from a hierarchy.
And takeovers of hierarchies are simple: simply attack the easiest target near the top of the hierarchy / root of the tree.
Hierarchies are excessively centralized and we should avoid them on the public network in order to prevent attacks.
Thus I consider my proposal much more resilient compared to yours.
One might say, that my approach creates a circle where all nodes are equal, and where the removal of some node is survivable.
Or: ZmnSCPxj and the nodes of the round table.
> > I can overload those N nodes by generating node addresses that also lie in that octant.
> > By just iterating over scalars, about 1/8 of the generated node addresses will lie in the target octant.
>
> If you target the first layer of the tree only, then once nodes spill to the second layer, they will filter out any gossip which does not concern them. It isn't sufficient to just brute force the first 2 bits, but you need to do it for 2^depth, where depth is the target's maximum they're willing to spill to (which is not shared).
> However, commodity hardware can attempt millions of ec_mult/hash per second, so getting a node into the bucket you want is trivial anyway for small depth.
>
> > In order to disrupt a particular node, I must place fake nodes near that node, in an attempt to force its neighbors to reduce the arc of the circle that they can map.
> > However, I need to generate fake nodes that are nearer to that node than genuine honest nodes.
> > This means the probability of me generating such node addresses are much lower than 1/8, thus requiring that I devote more energy to generating the falsified attack nodes.
>
> I would argue that the above is also true in your approach. It would still be trivial to brute force the prefixes which minimize the distance between themselves and the target, even with a network of tens of millions of nodes. The amount of energy which would need devoting does not seem like it would a deciding factor for this attack.
The issue is not how difficult to attack a single node is.
The issue is: it should be easier to attack a single node, than to attack several nodes simultaneously.
This is how all things should be.
As I understand your proposal, taking over or taking down a node near the root of the tree will make it difficult to look up several nodes at once.
This is because the tree nature makes nodes near the root of the tree (top of the hierarchy) much more important than leaf nodes, which only worry about themselves.
The rest of your argument only answers the specific problem I brought up.
But the issue is simply this:
What happens if a node near the root of the tree is brought down?
In my approach, there is no tree, and therefore each node is far less important.
Regards,
ZmnSCPxj
ZmnSCPxj [ARCHIVE] /
npub1g5ā¦3ms3l
2023-06-09 12:54:43
in reply to nevent1qā¦h5ng
Author Public Key
npub1g5zswf6y48f7fy90jf3tlcuwdmjn8znhzaa4vkmtxaeskca8hpss23ms3lPublished at
2023-06-09 12:54:43Event JSON
{
"id": "b5ac9011a82bed361adf4cfc3a25da0c9da6e31eed6256cc9c250050a96e7b2e",
"pubkey": "4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861",
"created_at": 1686315283,
"kind": 1,
"tags": [
[
"e",
"8e4c35cd4e4d6b988c371e901727ca2c2b53df6f6e16dbaf0daabadc6349028e",
"",
"root"
],
[
"e",
"3851219b3cc290921e8398d11f24277e47c02752e65cdfff5ffa9c0fa1aa4c35",
"",
"reply"
],
[
"p",
"c5ac4d3e13f96dd0f580e8dfc5937824fd34336b074c3f0c28c5ca1869c68b9c"
]
],
"content": "š
Original date posted:2019-04-07\nš Original message:\nGood morning m.a.holden,\n\n\nSent with ProtonMail Secure Email.\n\nāāāāāāā Original Message āāāāāāā\nOn Saturday, April 6, 2019 10:39 AM, m.a.holden m.a.holden at protonmail.com wrote:\n\n\u003e Good morning ZmnSCPxj,\n\u003e I'll try to clarify my proposal further, but also have a few questions about yours.\n\u003e\n\u003e \u003e Now, it seems to me what you propose, is to have octrees contain octrees, and so on.\n\u003e\n\u003e There's one global tree, which is the same for all users. Every node in the tree has a bucket and exactly 4 child nodes, except leaves have no children. The tree has a max depth, which each client sets itself. The theoretical maximum being HASHLEN/2 (In practice, we're likely to be concerned about \u003c8). Note that every parent's bucket contains all of the information of all of its children's buckets - meaning the root node of the global quadtree is equivalent to the unfiltered global network. Nodes pick a depth and concern themselves with the bucket at that depth, unless it overflows, in which case they increase the depth by 1.\n\nLet me clarify: When you say \"node\" here, do you mean Lightning Network node?\nOr do you mean instead an in-memory node?\n\nIf you mean \"Lightning Network Node\", then how can lookup proceed if a node that should be looked through at some step is brought down by a targeted DDoS?\nWhat happens if a node near the root of the tree, which is handling lookup for much more of the network, is brought down?\nIn my mechanism, the answer is: you try another node, and as long as that node has a dist(that node, target node) lower than yours, the algorithm will progress.\nThis is because in my mechanism, each node does not have some fixed set of 4 other nodes that are the only nodes referred to when doing lookup.\n\nIf you mean in-memory node, then I do not see how relevant it is, the structure that some implementation uses.\nYou can use a bag, set, tree, or whatever base structure.\nBut the number of Lightning Network nodes and channels any one node can store is finite since the memory available to that node is finite.\nThe issue is how to get help from some other node(s) when the target node is not in your routemap.\n\n--\n\nAny tree structure is, looking only at the nodes and edges, indistinguishable from a hierarchy.\nAnd takeovers of hierarchies are simple: simply attack the easiest target near the top of the hierarchy / root of the tree.\nHierarchies are excessively centralized and we should avoid them on the public network in order to prevent attacks.\nThus I consider my proposal much more resilient compared to yours.\n\nOne might say, that my approach creates a circle where all nodes are equal, and where the removal of some node is survivable.\nOr: ZmnSCPxj and the nodes of the round table.\n\n\u003e \u003e I can overload those N nodes by generating node addresses that also lie in that octant.\n\u003e \u003e By just iterating over scalars, about 1/8 of the generated node addresses will lie in the target octant.\n\u003e\n\u003e If you target the first layer of the tree only, then once nodes spill to the second layer, they will filter out any gossip which does not concern them. It isn't sufficient to just brute force the first 2 bits, but you need to do it for 2^depth, where depth is the target's maximum they're willing to spill to (which is not shared).\n\u003e However, commodity hardware can attempt millions of ec_mult/hash per second, so getting a node into the bucket you want is trivial anyway for small depth.\n\u003e\n\u003e \u003e In order to disrupt a particular node, I must place fake nodes near that node, in an attempt to force its neighbors to reduce the arc of the circle that they can map.\n\u003e \u003e However, I need to generate fake nodes that are nearer to that node than genuine honest nodes.\n\u003e \u003e This means the probability of me generating such node addresses are much lower than 1/8, thus requiring that I devote more energy to generating the falsified attack nodes.\n\u003e\n\u003e I would argue that the above is also true in your approach. It would still be trivial to brute force the prefixes which minimize the distance between themselves and the target, even with a network of tens of millions of nodes. The amount of energy which would need devoting does not seem like it would a deciding factor for this attack.\n\nThe issue is not how difficult to attack a single node is.\n\nThe issue is: it should be easier to attack a single node, than to attack several nodes simultaneously.\nThis is how all things should be.\n\nAs I understand your proposal, taking over or taking down a node near the root of the tree will make it difficult to look up several nodes at once.\nThis is because the tree nature makes nodes near the root of the tree (top of the hierarchy) much more important than leaf nodes, which only worry about themselves.\n\nThe rest of your argument only answers the specific problem I brought up.\nBut the issue is simply this:\n\nWhat happens if a node near the root of the tree is brought down?\n\nIn my approach, there is no tree, and therefore each node is far less important.\n\nRegards,\nZmnSCPxj",
"sig": "ae352c887e0f6eef1c0c307fd48267a8990caee641be2f582ba80519eb7880640f454ec0be38863299f194e10e82eacfe57ca4607492bc3f49a4f862ef942dfa"
}