From dave at dtrt.org  Sat Nov 26 20:48:49 2022
From: dave at dtrt.org (David A. Harding)
Date: Sat, 26 Nov 2022 10:48:49 -1000
Subject: [Lightning-dev] Mitigating Channel Jamming with Reputation
 Credentials: a Protocol Sketch
In-Reply-To: <CALZpt+F3_HejMCt0ZEa0FoMwTMP_dQ_zic220+iuAVo3G2TtJQ@mail.gmail.com>
References: <CALZpt+FRj4yjfkXYaXP6u9rDYSJGktpT-+ZJs4AVCxyb300S-A@mail.gmail.com>
 <CACtNmG6mC1a=ay-poikBT5isQumuBKYY6LzZeRfSCotof7Ap6w@mail.gmail.com>
 <CALZpt+F3_HejMCt0ZEa0FoMwTMP_dQ_zic220+iuAVo3G2TtJQ@mail.gmail.com>
Message-ID: <62fb0b4f81e9367f87fbf923f191db05@dtrt.org>

On 2022-11-21 14:26, Antoine Riard wrote:
>> Clara Shikhelman wrote:
>> 4. How would these tokens work with blinded paths and other
>> privacy-preserving suggestions?
> 
> Primarily, the tokens could use the new onion messages and blinded
> paths for the dissemination and renewal rounds. Current design assumes
> they're attached to the HTLC during forward along the payment path,
> though I think one design alternative could be completely detached,
> and the HTLC onion just contains a ref to the tokens.

I'm not sure I understand this answer, so I'll explain in my own words 
and kindly ask that you tell me if I'm wrong or missing something 
important.

If Alice wants to pay Zed using a blinded path where Zed chooses 
terminal channels W->X->Y->Zed, then Zed will need to provide to Alice 
the encrypted credential tokens for X, and Y.  In theory, if Alice 
controls node Y, she can prevent the HTLC from settling and so waste the 
value of Zed's provided tokens for node X.  However, Alice shouldn't 
know where Zed's node is in the LN topography and can't be assured that 
he'll forward through her secondary node, so the attack is uncertain to 
work.  The attack may also have a cost---Alice may need to buy 
credential tokens for node W and the hops leading to it from her primary 
node---with that cost mitigating the chance of the attack and the 
likelihood that it would be profitable.

Thank you both for the interesting proposal and the insightful 
questions!,

-Dave