From rusty at rustcorp.com.au Mon Aug 31 02:16:38 2015 From: rusty at rustcorp.com.au (Rusty Russell) Date: Mon, 31 Aug 2015 11:46:38 +0930 Subject: [Lightning-dev] Loop attack with onion routing.. In-Reply-To: <1440870652.4197.88.camel@hppg6.kloosterkade> References: <874mjujyqe.fsf@rustcorp.com.au> <1440870652.4197.88.camel@hppg6.kloosterkade> Message-ID: <87oahop5h5.fsf@rustcorp.com.au> CJP <cjp at ultimatestunts.nl> writes: >> So, with some prompting from AJ who has been working on node >> incentives, I realized there's a nasty attack available to the network. >> You simply route a payment back to another channel you own, then refuse >> to dislose R. >> >> You have to lock up N bitcoins, but so does every node in the path (and >> nobody gets paid!). Onion routing means nobody knows who to blame (you >> can simply claim there's another hop after you). > > Yes, that's a nasty one: the total damage to the network is much larger > than the damage to the attacker, especially when the attacker is free to > choose a very long route. This could be used to perform a DoS attack on > the network. Indeed. >> I think in this case we need to peel the onion[1]: if a payment takes >> too long you tell the previous node where you sent it (and relay where >> it sent it, etc.) If you're the last in the queue, you also need to >> prove that you closed the channel to the offender[2] (which costs you a >> txfee, providing disincentive). >> >> Anyone see any other problems? > > I don't like the "peeling the onion" idea, since it breaks down a very Me too. > important privacy layer. This privacy is necessary e.g. to make sure the > network remains open for new participants to start routing, even against > the will of an existing cartel of routers. Fortunately, I've abandoned it :) My latest scheme simply requires you to return some valid unilateral close transaction. If you don't, I will close the channel to you, and use that unilateral close to prevent my upstream from closing on me. I think this has the right incentive; unilateral closes are painful in locked funds, fees and opportunity cost. We might need to get more sophisticated eventually, but I think it's enough for now? Thanks, Rusty.