📅 Original date posted:2020-12-01
📝 Original message:
Good morning LL, and list,
> That's a very interesting point. If we were to be able to prevent loop attacks by the sender proving the path is well formed (without revealing who they are or any of the other hops) would this be an alternative solution?
> It seems to me that disabling loop attacks might be much easier than stake certificates.
Loop attacks are not about loops, it only requires that the start and end of a payment are controlled by the same entity.
Multiple nodes on the LN may be owned by the same entity.
Nodes, individually as nodes, are trivially cheap and just need 32 bytes of entropy from a `/dev/random` near you.
It is the channels themselves, requiring actual funds, high uptime, and not being a dick to your counterparty, that are fairly expensive.
Thus, a "loop attack" need not involve a loop per se --- a single entity can run any number of nodes with small numbers of channels each, and thereby grief the network.
Stake certificates make the node itself expensive, so a single entity running a number of nodes cannot perform such loop attacks, since it would require entities expensively allocating funds for each node.
On the other hand, if channels are expensive, then a node with channels is expensive.
In https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-November/002890.html , which contains the "Z consideration" you were alluding to, I note that the "point-to-point property" is already proven by the ***existing*** Lightning network without an additional ZK cryptographic proof.
So let me invert that logic and present an even more extreme position:
* There are two griefing attacks:
* Loop attacks, which are deliberate malicious attacks to lock up funds of competitors in order to redirect forwarding towards the attacker.
* Accidental "attacks", which are accidental due to incompetence, where a forwarding node accidentally goes offline and causes payments to be locked up for long periods and making everyone on the network cry when HTLCs time out and things have to be dropped onchain.
* The point-to-point property, which is already proven by the ***existing*** Lightning network, is already sufficient to prevent loop attacks, leaving only accidental incompetence-based "attacks".
* Or: the ***existing*** Lightning Network ***already*** proves the point-to-point property presented by t-bast, and that property is ***already*** sufficient to prevent the loop attacks.
So, maybe we should instead focus on mitigating the effects of the incompetence-based non-attacks [such as this proposal](https://github.com/ElementsProject/lightning/issues/2632#issuecomment-736438980), instead of attempting to defend against the mirage of loop attacks.
I could be utterly wrong here though.
Regards,
ZmnSCPxj
ZmnSCPxj [ARCHIVE] /
npub1g5…3ms3l
2023-06-09 13:01:38
in reply to nevent1q…vrgr
Author Public Key
npub1g5zswf6y48f7fy90jf3tlcuwdmjn8znhzaa4vkmtxaeskca8hpss23ms3lPublished at
2023-06-09 13:01:38Event JSON
{
"id": "282eaf65f233b3aaf2e5fe935d1dd6576aaf1f92e0e8442d013210c45154cc14",
"pubkey": "4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861",
"created_at": 1686315698,
"kind": 1,
"tags": [
[
"e",
"cf62c1c9ba62fff4a5cf755628bee75840429fbdff26c4293acc0bc18dd74e69",
"",
"root"
],
[
"e",
"b2aad28bf65bdf1d7af8baf00d76d9689cdeb1543b14416e1749e03b1511da93",
"",
"reply"
],
[
"p",
"b5ff7c704f90e4eebfa414c0a017a84544c32586a1bd2fc86c74c2914d03c25e"
]
],
"content": "📅 Original date posted:2020-12-01\n📝 Original message:\nGood morning LL, and list,\n\n\n\u003e That's a very interesting point. If we were to be able to prevent loop attacks by the sender proving the path is well formed (without revealing who they are or any of the other hops) would this be an alternative solution?\n\u003e It seems to me that disabling loop attacks might be much easier than stake certificates.\n\nLoop attacks are not about loops, it only requires that the start and end of a payment are controlled by the same entity.\n\nMultiple nodes on the LN may be owned by the same entity.\nNodes, individually as nodes, are trivially cheap and just need 32 bytes of entropy from a `/dev/random` near you.\nIt is the channels themselves, requiring actual funds, high uptime, and not being a dick to your counterparty, that are fairly expensive.\n\nThus, a \"loop attack\" need not involve a loop per se --- a single entity can run any number of nodes with small numbers of channels each, and thereby grief the network.\n\nStake certificates make the node itself expensive, so a single entity running a number of nodes cannot perform such loop attacks, since it would require entities expensively allocating funds for each node.\n\n\n\n\nOn the other hand, if channels are expensive, then a node with channels is expensive.\n\nIn https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-November/002890.html , which contains the \"Z consideration\" you were alluding to, I note that the \"point-to-point property\" is already proven by the ***existing*** Lightning network without an additional ZK cryptographic proof.\n\nSo let me invert that logic and present an even more extreme position:\n\n* There are two griefing attacks:\n * Loop attacks, which are deliberate malicious attacks to lock up funds of competitors in order to redirect forwarding towards the attacker.\n * Accidental \"attacks\", which are accidental due to incompetence, where a forwarding node accidentally goes offline and causes payments to be locked up for long periods and making everyone on the network cry when HTLCs time out and things have to be dropped onchain.\n* The point-to-point property, which is already proven by the ***existing*** Lightning network, is already sufficient to prevent loop attacks, leaving only accidental incompetence-based \"attacks\".\n * Or: the ***existing*** Lightning Network ***already*** proves the point-to-point property presented by t-bast, and that property is ***already*** sufficient to prevent the loop attacks.\n\nSo, maybe we should instead focus on mitigating the effects of the incompetence-based non-attacks [such as this proposal](https://github.com/ElementsProject/lightning/issues/2632#issuecomment-736438980), instead of attempting to defend against the mirage of loop attacks.\n\n\nI could be utterly wrong here though.\n\n\nRegards,\nZmnSCPxj",
"sig": "d1df7e21b2368b9596e180cb2cd4adeedeac993200cad80eb2ad8aa357eb5a217236dc468222bc36d8df1d08010336d2ce28e0edfa28a62961e0c59211043bd1"
}