From r.pickhardt at googlemail.com Wed Jun 8 05:42:57 2022 From: r.pickhardt at googlemail.com (=?UTF-8?Q?Ren=C3=A9_Pickhardt?=) Date: Wed, 8 Jun 2022 07:42:57 +0200 Subject: [Lightning-dev] Preliminary Hidden Lightning Network Analysis In-Reply-To: References: Message-ID: Dear Tony, Thank you for putting emphasis on this. I was actually waiting for someone to publicly exploit this. > The reason this is possible is because [...] currently channel IDs are > based on UTXO's. Scid aliases may be the biggest benefit here, but the use > of `unknown_next_peer` , `invalid_onion_hmac`, `incorrect_cltv_expiry`, > and `amount_below_minimum` have been the biggest helpers in exploiting > channel privacy. > Just for reference the exploit with short_channel_ids is known since 2019: https://github.com/lightning/bolts/issues/675 Though it is nice you point out explicitly the use of error codes of onions. > By creating a probe guessing the Channel ID based on unspent p2wsh > transactions, it's a `m * n` problem to probe the entire network, where `m` > is utxos and `n` is nodes. > It is the main reason why I didn't do this. Though similar to you probing ACINQ's node one could probabilistically learn which nodes tend to have unannounced channels and gain some speedup by probing those nodes first. Also wallets tend to have poor utxo management. So looking at the on-chain signal one can probably guess for a p2wsh to which two nodes it might belong and try them first. These two strategies should reduce the number of tested nodes for a newly seen p2wsh output significantly and probably make it feasible to probe the network as new blocks come in. With kind regards Rene Pickhardt -------------- next part -------------- An HTML attachment was scrubbed... URL: