π
Original date posted:2015-10-16
π Original message:
On Fri, Oct 16, 2015 at 02:22:25PM +0100, Mats Jerratsch wrote:
> [...] an attacker could trick it into a fake network, [...]
How do you tell the difference between the "real" network and a "fake"
one? (ie, what does a Turing test for the lightning network look like?)
I think there's two things:
1) you can figure out a route to people you want to pay (and
vice-versa)
2) payments on those routes actually go through
Even better, you can test this! Get a couple of merchant ids you find
interesting, and pay 1 satoshi to each of them, setting the R value as
the (double) SHA256 of the decrypted onion message. [0]
If you spent 1 satoshi to each of 10 merchants every day for a year to
verify connectivity, that'd still only amount to about $0.01 USD total
at current exchange rates, so it seems pretty affordable. [1]
It only works if you actually setup a channel, though -- so you have to
lock some money into the channel for however many confirmations until
the channel activates, before you can test, plus the OP_CSV delay if
the test fails.
But I think that would let people trustlessly avoid "fake" lightning
networks, even with a sybil-esque attack; no extra infrastructure needed.
Cheers,
aj
[0] If you're already on the lightning network, and you're establishing
a new channel as backup, you can just pay yourself 1 satoshi to verify
connectivity. If you have friends on lightning, you could pay them
1 satoshi to verify connectivity rather than a random merchant too.
[1] Hmm, does forwarding 1 satoshi (2.6 10,000ths of a cent) make
sense, or would the CPU cycles cost more than the fees you'd make?
How much does it cost to forward a transaction? In python on my
laptop, I get about 1000 ECDH operations per second in python, and
290k AES ops over a 3kB onion per second, and about 77k SHA256 ops
per second. So just counting elliptic ops, forwarding a transaction
requires three ops: an ECDH on the onion message, and an ECDSA on
the commitment transaction to add the HTLC, and another sometime
later to remove it. So say 1/350th of a CPU-second. My linode costs
3c/hour and seems to be about half as fast on the SHA256 test, but
gives me two CPUs which evens it out. So so 3/60/60/350 cents is
about the cost of forwarding a single transaction, which is about
2.4e-8 dollars, which is currently about 9.1e-11 bitcoin, which
is 0.0091 satoshi. Conveniently lightning balances are denominated
in millisatoshi, so as long as yours increases by 9 or 10, you're
doing fine. 10 millisatoshi is 1% of 1 satoshi, so that seems like
the right order of magnitude.
Anthony Towns [ARCHIVE] /
npub17rβ¦x9l2h
2023-06-09 12:44:48
in reply to nevent1qβ¦gan9
Author Public Key
npub17rld56k4365lfphyd8u8kwuejey5xcazdxptserx03wc4jc9g24stx9l2hPublished at
2023-06-09 12:44:48Event JSON
{
"id": "42ce21142ac6c31fdefb4953bc12f34da65919fd8bf5ce73b5f3024266d98a13",
"pubkey": "f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab",
"created_at": 1686314688,
"kind": 1,
"tags": [
[
"e",
"a852f7164f575698e067e8fc679f5003dd9087247fc7ef7f6067ab966288eef1",
"",
"root"
],
[
"e",
"4468ca3af17059c85330e9db86b0a9753b0fd9fac406f968f9e5c21eb5249b71",
"",
"reply"
],
[
"p",
"13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425"
]
],
"content": "π
Original date posted:2015-10-16\nπ Original message:\nOn Fri, Oct 16, 2015 at 02:22:25PM +0100, Mats Jerratsch wrote:\n\u003e [...] an attacker could trick it into a fake network, [...]\n\nHow do you tell the difference between the \"real\" network and a \"fake\"\none? (ie, what does a Turing test for the lightning network look like?)\n\nI think there's two things:\n\n 1) you can figure out a route to people you want to pay (and\n vice-versa)\n\n 2) payments on those routes actually go through\n\nEven better, you can test this! Get a couple of merchant ids you find\ninteresting, and pay 1 satoshi to each of them, setting the R value as\nthe (double) SHA256 of the decrypted onion message. [0]\n\nIf you spent 1 satoshi to each of 10 merchants every day for a year to\nverify connectivity, that'd still only amount to about $0.01 USD total\nat current exchange rates, so it seems pretty affordable. [1]\n\nIt only works if you actually setup a channel, though -- so you have to\nlock some money into the channel for however many confirmations until\nthe channel activates, before you can test, plus the OP_CSV delay if\nthe test fails.\n\nBut I think that would let people trustlessly avoid \"fake\" lightning\nnetworks, even with a sybil-esque attack; no extra infrastructure needed.\n\nCheers,\naj\n\n[0] If you're already on the lightning network, and you're establishing\n a new channel as backup, you can just pay yourself 1 satoshi to verify\n connectivity. If you have friends on lightning, you could pay them\n 1 satoshi to verify connectivity rather than a random merchant too.\n\n[1] Hmm, does forwarding 1 satoshi (2.6 10,000ths of a cent) make\n sense, or would the CPU cycles cost more than the fees you'd make?\n How much does it cost to forward a transaction? In python on my\n laptop, I get about 1000 ECDH operations per second in python, and\n 290k AES ops over a 3kB onion per second, and about 77k SHA256 ops\n per second. So just counting elliptic ops, forwarding a transaction\n requires three ops: an ECDH on the onion message, and an ECDSA on\n the commitment transaction to add the HTLC, and another sometime\n later to remove it. So say 1/350th of a CPU-second. My linode costs\n 3c/hour and seems to be about half as fast on the SHA256 test, but\n gives me two CPUs which evens it out. So so 3/60/60/350 cents is\n about the cost of forwarding a single transaction, which is about\n 2.4e-8 dollars, which is currently about 9.1e-11 bitcoin, which\n is 0.0091 satoshi. Conveniently lightning balances are denominated\n in millisatoshi, so as long as yours increases by 9 or 10, you're\n doing fine. 10 millisatoshi is 1% of 1 satoshi, so that seems like\n the right order of magnitude.",
"sig": "86913526504a3458007ef397e918dc69cdbe7b316eb72c8b3c3c8382e6865d801cfed4ed971b21f15471c69f85adf35c91ba40ba87669211fe260005f4c7d630"
}