From rusty at rustcorp.com.au Mon Aug 24 10:58:36 2015 From: rusty at rustcorp.com.au (Rusty Russell) Date: Mon, 24 Aug 2015 20:28:36 +0930 Subject: [Lightning-dev] Loop attack with onion routing.. In-Reply-To: References: <874mjujyqe.fsf@rustcorp.com.au> <87k2sljyci.fsf@rustcorp.com.au> Message-ID: <878u91j6lf.fsf@rustcorp.com.au> Anthony Towns writes: > On 24 August 2015 at 02:59, Rusty Russell wrote: >> 2) Dave starts the HTLC process, but then times out (doesn't resolve >> HTLC in 20*11 seconds, and doesn't send back a blame >> packet from Emma, either). >> In the latter case, Carol dumps the commit tx to the blockchain, and the >> screwed-up HTLC (and any other casualty HTLCs in progress, sorry). She >> can include this commit tx + htlc txs in the blame packet back to Bob; >> there's no reason to name Dave AFAICT[1]. > > ?The HTLC txn provides Dave's public key id though (assuming you un-P2SH > it, which you need to to prove that it corresponds with the R you expect), > which is the only name for Dave that matters, isn't it?? There's no reason for the two to be connected. You have a pubkey as your ID for network and routing encryption, but you can offer any transaction as an anchor, and use any keys you want. Now, Joseph was suggested that it doesn't *have* to be this way, such that the blockchain would show all the channels open, but while that's a cute hack I don't think it's necessary. Cheers, Rusty.