From matsjj at gmail.com Sun Oct 18 11:25:29 2015 From: matsjj at gmail.com (Mats Jerratsch) Date: Sun, 18 Oct 2015 13:25:29 +0200 Subject: [Lightning-dev] Preventing MITM - Providing new nodes with real pubkeys In-Reply-To: <20151016230141.GA22262@navy> References: <20151016230141.GA22262@navy> Message-ID: > It only works if you actually setup a channel, though -- so you have to > lock some money into the channel for however many confirmations until > the channel activates, before you can test, plus the OP_CSV delay if > the test fails. And there's the catch. If an attacker achieves nodes opening up channels with him, he already succeeded in vandalism. Furthermore, an attacker can always play by the rules and forward all payments up to one point where he stops. And even worse, if everyone connect to his nodes, he can relay all payments, but he is able to distinctively identify payee and payers, even with onion routing. > [1] Hmm, does forwarding 1 satoshi (2.6 10,000ths of a cent) make > sense, or would the CPU cycles cost more than the fees you'd make? > How much does it cost to forward a transaction? In python on my > laptop, I get about 1000 ECDH operations per second in python, and > 290k AES ops over a 3kB onion per second, and about 77k SHA256 ops > per second. So just counting elliptic ops, forwarding a transaction > requires three ops: an ECDH on the onion message, and an ECDSA on > the commitment transaction to add the HTLC, and another sometime > later to remove it. So say 1/350th of a CPU-second. My linode costs > 3c/hour and seems to be about half as fast on the SHA256 test, but > gives me two CPUs which evens it out. So so 3/60/60/350 cents is > about the cost of forwarding a single transaction, which is about > 2.4e-8 dollars, which is currently about 9.1e-11 bitcoin, which > is 0.0091 satoshi. Conveniently lightning balances are denominated > in millisatoshi, so as long as yours increases by 9 or 10, you're > doing fine. 10 millisatoshi is 1% of 1 satoshi, so that seems like > the right order of magnitude. Interesting math, thank you for that!