📅 Original date posted:2015-10-18
📝 Original message:
On Sun, Oct 18, 2015 at 01:25:29PM +0200, Mats Jerratsch wrote:
> > It only works if you actually setup a channel, though -- so you have to
> > lock some money into the channel for however many confirmations until
> > the channel activates, before you can test, plus the OP_CSV delay if
> > the test fails.
> And there's the catch. If an attacker achieves nodes opening up
> channels with him, he already succeeded in vandalism.
I'm not sure this is true? Supposing there are V vandals on the system,
compared to T total nodes, so V/T is your probability of selecting a
vandal. Then, to join the lightning network, you open up N channels
with randomly chosen nodes at $1 each, committing $N in total, and
(if they're all run by vandals and have to get closed) spending about
2*N*2c (so 4%?) in fees. If there are 1000 nodes (ie, lots), then the
probability of finding at least one good node is about 1-(V/T)^N. If you
want a probability of 99% of getting a good node on your first try, then:
V/T = 10%: N = 2
V/T = 20%: N = 3
V/T = 30%: N = 4
V/T = 40%: N = 6
V/T = 50%: N = 7
V/T = 60%: N = 9
V/T = 70%: N = 13
V/T = 80%: N = 21
V/T = 90%: N = 43
V/T = 95%: N = 86
V/T = 99%: N = 368
So with 90% of nodes being hostile, that'd be getting expensive, but
not completely implausible. If 40%-plus of the network is legit, though,
just trying out 10 random nodes seems like it works fine, and only locks
up $10 for a couple of days and costs about 40c in bitcoin fees...
Also, if you've got to run 2.5 times as many vandal nodes as there are
legitimate nodes for people to even really be bothered, I don't think
you'll see many vandals in the first place...
(Once you've got a node that actually works, you can expand your channel
from $1 to $10 or $100, and/or open additional channels, and at that point
(afaics) you're set.)
That's only necessary if you don't know anyone with a lightning account
already, though. Since anyone can forward for you, you could start with
someone you trust in real life -- eg, a friend, a bank, a government,
etc. If Rusty tells me he'll route my payments (as long as they're made
between 10am and 3pm Adelaide time on a weekday, maybe) then I can open
a $5 channel with him, and use that to send 1 satoshi payments to test
connectivity. So, if I'm wondering whether BOBSBANK is reliable, I work
out a route:
aj -> rusty -> a -> b -> c -> BOBSBANK -> x -> y -> z -> rusty -> aj
apply it as an onion so it can't get short-circuited, and see if it gets
back to me, at a cost of maybe 10% of a satoshi (10 hops at 1% each)...
If it does, BOBSBANK is connected and functional, and I can try opening a
channel. If it doesn't, I can try a different route to BOBSBANK, or try
someone else entirely.
> Furthermore, an
> attacker can always play by the rules and forward all payments up to
> one point where he stops.
(For example, he could happily route payments on $1 channels, but refuse
to do likewise when the channel capacity was upped to $10)
In the general case though, does that even count as an attack? Isn't
that just like a web site going down or being put behind a paywall? ie,
annoying, but completely legitimate? I mean, if someone downloads the
lightning software to try it out, runs it for a while, then decides it's
no fun and stops, they'll be "playing by the rules up to one point where
they stop"; but they're not trying to "attack" the system.
Coping with unreliability is definitely important, but running a node that
works sometimes but is deliberately unreliable is a lot more effort than
running a node that claims to work, but never does. It's also more work
(and less profitable) than just running a node that actually work...
> And even worse, if everyone connect to his
> nodes, he can relay all payments, but he is able to distinctively
> identify payee and payers, even with onion routing.
That's a different attack isn't it? To get everyone to connect to your
nodes, you'd have to be running the majority of nodes -- ie, there's
5000 different organisations running lightning nodes, but 4999 of them
run one or two nodes each, but one of them runs 100,000 nodes.
But if it were cheap enough for one org to run 100k nodes, why wouldn't
the others treat it as an arms race and end up running, say, 20-50
nodes each? They'd have an economic incentive to do so, in that it
increases their odds of collecting fees... At that point the attacker's
already reduced to 28%-50% of nodes. ie, I think that's likely to be
self-correcting?
But! An arms race in nodes-per-person would probably cause a scaling
problem for the network (depending on how routing actually works), and
you'd have to address that by creating some cost to run (or at least
register?) a node/channel. But if they're all legitimate nodes, I think
that's just a scaling problem, rather than vandalism per se.
(An additional but: even if spamming the list of nodes doesn't work as
an effective attack, if you can spam the list of *channels* with valid
looking edges that won't actually route payments successfully, you can
screw over the network pretty well)
Cheers,
aj
Anthony Towns [ARCHIVE] /
npub17r…x9l2h
2023-06-09 12:44:49
in reply to nevent1q…29s6
Author Public Key
npub17rld56k4365lfphyd8u8kwuejey5xcazdxptserx03wc4jc9g24stx9l2hPublished at
2023-06-09 12:44:49Event JSON
{
"id": "4ae5ebda4c4e87697cc519afd57c4b295babb73c081508e8ba964ce1bed87c80",
"pubkey": "f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab",
"created_at": 1686314689,
"kind": 1,
"tags": [
[
"e",
"a852f7164f575698e067e8fc679f5003dd9087247fc7ef7f6067ab966288eef1",
"",
"root"
],
[
"e",
"5c907ce10e064d684bf5cb757a7401c7a9d0b73fdd83d428a4cb0c949686fd40",
"",
"reply"
],
[
"p",
"b8a27d18150405cdfcd44c0dd8db860f5270312300248389bf57ce555c784528"
]
],
"content": "📅 Original date posted:2015-10-18\n📝 Original message:\nOn Sun, Oct 18, 2015 at 01:25:29PM +0200, Mats Jerratsch wrote:\n\u003e \u003e It only works if you actually setup a channel, though -- so you have to\n\u003e \u003e lock some money into the channel for however many confirmations until\n\u003e \u003e the channel activates, before you can test, plus the OP_CSV delay if\n\u003e \u003e the test fails.\n\u003e And there's the catch. If an attacker achieves nodes opening up\n\u003e channels with him, he already succeeded in vandalism.\n\nI'm not sure this is true? Supposing there are V vandals on the system,\ncompared to T total nodes, so V/T is your probability of selecting a\nvandal. Then, to join the lightning network, you open up N channels\nwith randomly chosen nodes at $1 each, committing $N in total, and\n(if they're all run by vandals and have to get closed) spending about\n2*N*2c (so 4%?) in fees. If there are 1000 nodes (ie, lots), then the\nprobability of finding at least one good node is about 1-(V/T)^N. If you\nwant a probability of 99% of getting a good node on your first try, then:\n\n V/T = 10%: N = 2\n V/T = 20%: N = 3\n V/T = 30%: N = 4\n V/T = 40%: N = 6\n V/T = 50%: N = 7\n V/T = 60%: N = 9\n V/T = 70%: N = 13\n V/T = 80%: N = 21\n V/T = 90%: N = 43\n V/T = 95%: N = 86\n V/T = 99%: N = 368\n\nSo with 90% of nodes being hostile, that'd be getting expensive, but\nnot completely implausible. If 40%-plus of the network is legit, though,\njust trying out 10 random nodes seems like it works fine, and only locks\nup $10 for a couple of days and costs about 40c in bitcoin fees...\n\nAlso, if you've got to run 2.5 times as many vandal nodes as there are\nlegitimate nodes for people to even really be bothered, I don't think\nyou'll see many vandals in the first place...\n\n(Once you've got a node that actually works, you can expand your channel\nfrom $1 to $10 or $100, and/or open additional channels, and at that point\n(afaics) you're set.)\n\nThat's only necessary if you don't know anyone with a lightning account\nalready, though. Since anyone can forward for you, you could start with\nsomeone you trust in real life -- eg, a friend, a bank, a government,\netc. If Rusty tells me he'll route my payments (as long as they're made\nbetween 10am and 3pm Adelaide time on a weekday, maybe) then I can open\na $5 channel with him, and use that to send 1 satoshi payments to test\nconnectivity. So, if I'm wondering whether BOBSBANK is reliable, I work\nout a route:\n\n aj -\u003e rusty -\u003e a -\u003e b -\u003e c -\u003e BOBSBANK -\u003e x -\u003e y -\u003e z -\u003e rusty -\u003e aj\n\napply it as an onion so it can't get short-circuited, and see if it gets\nback to me, at a cost of maybe 10% of a satoshi (10 hops at 1% each)...\nIf it does, BOBSBANK is connected and functional, and I can try opening a\nchannel. If it doesn't, I can try a different route to BOBSBANK, or try\nsomeone else entirely.\n\n\u003e Furthermore, an\n\u003e attacker can always play by the rules and forward all payments up to\n\u003e one point where he stops.\n\n(For example, he could happily route payments on $1 channels, but refuse\nto do likewise when the channel capacity was upped to $10)\n\nIn the general case though, does that even count as an attack? Isn't\nthat just like a web site going down or being put behind a paywall? ie,\nannoying, but completely legitimate? I mean, if someone downloads the\nlightning software to try it out, runs it for a while, then decides it's\nno fun and stops, they'll be \"playing by the rules up to one point where\nthey stop\"; but they're not trying to \"attack\" the system.\n\nCoping with unreliability is definitely important, but running a node that\nworks sometimes but is deliberately unreliable is a lot more effort than\nrunning a node that claims to work, but never does. It's also more work\n(and less profitable) than just running a node that actually work...\n\n\u003e And even worse, if everyone connect to his\n\u003e nodes, he can relay all payments, but he is able to distinctively\n\u003e identify payee and payers, even with onion routing.\n\nThat's a different attack isn't it? To get everyone to connect to your\nnodes, you'd have to be running the majority of nodes -- ie, there's\n5000 different organisations running lightning nodes, but 4999 of them\nrun one or two nodes each, but one of them runs 100,000 nodes.\n\nBut if it were cheap enough for one org to run 100k nodes, why wouldn't\nthe others treat it as an arms race and end up running, say, 20-50\nnodes each? They'd have an economic incentive to do so, in that it\nincreases their odds of collecting fees... At that point the attacker's\nalready reduced to 28%-50% of nodes. ie, I think that's likely to be\nself-correcting?\n\nBut! An arms race in nodes-per-person would probably cause a scaling\nproblem for the network (depending on how routing actually works), and\nyou'd have to address that by creating some cost to run (or at least\nregister?) a node/channel. But if they're all legitimate nodes, I think\nthat's just a scaling problem, rather than vandalism per se.\n\n(An additional but: even if spamming the list of nodes doesn't work as\nan effective attack, if you can spam the list of *channels* with valid\nlooking edges that won't actually route payments successfully, you can\nscrew over the network pretty well)\n\nCheers,\naj",
"sig": "d4a9b18c90e32f24955f55c61eb7ac8b0ab82d33a57ebc5ea895ece33da87fc8aad95e083ca9b75817badd1268b3735b6be19d39f63370301a3442e231fda2bc"
}