From rusty at rustcorp.com.au Sat Mar 5 09:28:36 2016 From: rusty at rustcorp.com.au (Rusty Russell) Date: Sat, 05 Mar 2016 19:58:36 +1030 Subject: [Lightning-dev] Probing final receiver with refund timeout In-Reply-To: <56D6CEA3.3020902@blockchain.com> References: <56D6CEA3.3020902@blockchain.com> Message-ID: <8737s5mfy3.fsf@rustcorp.com.au> Mats Jerratsch via Lightning-dev writes: > Just discovered that it is possible to attack the onion routing with > probing too short of an absolute CLTV refund timeout. > > When accepting a payment, one will check if the remaining timeout > > MIN_TIMEOUT. One mitigation for this particular attack would be to remember the onion and always fail an identical one. That would allow a single probe, however (basically, "are you the final destination?"). Also the timeout for the next hop should probably be somewhat randomized, at least subtracting (MIN_TIMEOUT to MIN_TIMEOUT*2). The question remains as to what HTLC timeout should be set to initially. Even if you randomize it, over time the pattern would reveal to your peer if you are originating all the HTLCS, for example. Cheers, Rusty.