From aj at erisian.com.au Fri Aug 21 11:32:50 2015 From: aj at erisian.com.au (Anthony Towns) Date: Fri, 21 Aug 2015 13:32:50 +0200 Subject: [Lightning-dev] Loop attack with onion routing.. In-Reply-To: <20150820235723.GA16993@lightning.network> References: <874mjujyqe.fsf@rustcorp.com.au> <20150820210823.GB1762@lightning.network> <20150820235723.GA16993@lightning.network> Message-ID: On 21 August 2015 at 01:57, Joseph Poon wrote: > On Fri, Aug 21, 2015 at 12:12:15AM +0200, Anthony Towns wrote: > > But C could achieve that outcome on its own, just by delaying > > notifying B until near the timeout; no collusion necessary. In any > > event, if the transaction's going to succeed, the money on the B-C > > channel's HTLC is going to be C's, so C is mainly depriving itself by > > filing to communicate. > Yes, the point is that pending sends between participants in this cartel > have a shorter time than outside this cartel. So the point is that > C<->D<->E links will always have shorter HTLCs in transit than B's. It's > only C holding it up, but before that D and E decided not to hold it up. > ?I'm still not following how that's a problem? If C/D and D/E are really quick and reliable, isn't it desirable to send more transactions their way anyway?? (a) ?Assuming source routing. A chooses to route a payment. Her options are "A->B->C->D->E" or "A->C->D->E". Based on time, she presumably chooses the latter. Based on cost, maybe A->B or B->C has negative fees involved, so she /might/ choose the longer path for slightly lower fees. In that case either B is paying A to get funds on the B side of A->B or C is paying A to get funds on the C side of B->C. In the latter case, I can't imagine why C would want to punish B when she's desperate for funds that she's offering negative fees. So afaics the only case is if B is paying A to get funds to send back to A, So, fund status is: D->E paid B->C locked A->B locked and C->D is either paid or locked, leaving one of C or D out of pocket. That's a cost to C or D of TIMEOUT*AMOUNT worth of funds on the B/C or C/D channels, in order to encourage future transactions to deposit funds on C's side of the A/C channel rather than the B/C channel. Since D doesn't benefit directly, I don't see why he'd suffer the loss rather than letting C do it. But if C's willing to lose TIMEOUT*AMOUNT worth of time-value-of-bitcoin, to encourage transactions over A/C rather than B/C, why doesn't she just offer reduced/negative fees? (b) Assuming onion routing, C/D don't actually know who A is -- it may be someone that only has a connection to B; so if they delay transactions, they run the risk that future txns will be routed A->B->F->E bypassing them completely. (c) Assuming non-source routing, by delaying transactions, they risk B choosing a different route for future transactions, rather than A doing so. I'm not sure how the liklihoods balance out there though. Cheers, aj -- Anthony Towns -------------- next part -------------- An HTML attachment was scrubbed... URL: