From rusty at rustcorp.com.au Thu Aug 20 05:49:29 2015 From: rusty at rustcorp.com.au (Rusty Russell) Date: Thu, 20 Aug 2015 15:19:29 +0930 Subject: [Lightning-dev] Loop attack with onion routing.. Message-ID: <874mjujyqe.fsf@rustcorp.com.au> Hi all! So, with some prompting from AJ who has been working on node incentives, I realized there's a nasty attack available to the network. You simply route a payment back to another channel you own, then refuse to dislose R. You have to lock up N bitcoins, but so does every node in the path (and nobody gets paid!). Onion routing means nobody knows who to blame (you can simply claim there's another hop after you). I think in this case we need to peel the onion[1]: if a payment takes too long you tell the previous node where you sent it (and relay where it sent it, etc.) If you're the last in the queue, you also need to prove that you closed the channel to the offender[2] (which costs you a txfee, providing disincentive). Anyone see any other problems? Thanks, Rusty. [1] Which means exposing a set of hashes corresponding to hashes of the route steps, and including a nonce inside each route step, so you can prove you decrypted it. [2] eg. provide the commitment tx or mutual close tx, and a signature from that node's key provign that they created it with you.