Anthony Towns [ARCHIVE] on Nostr: 📅 Original date posted:2015-10-19 📝 Original message: On Mon, Oct 19, 2015 at ...
📅 Original date posted:2015-10-19
📝 Original message:
On Mon, Oct 19, 2015 at 09:45:34AM +0200, Mats Jerratsch wrote:
> All of your assumptions have the premise though, that choosing a
> 'good' vs a 'bad' guy is pure probability, like picking the right ball
> out of a bag. [...]
Three sorts of attack:
- Vandals randomly join the lightning network with dysfunctional nodes.
They don't have special powers to corrupt your network, and aren't
targetting anyone in specific, just trying to damage things because
they think lightning is a bad idea and want to stop it happening.
This is just a denial of service attack. This is the class of attack
that gives the "pure probability" of hitting a bad node.
- Sybil attack, where someone is targetting you personally, and
controlling all the nodes you connect to. This is the "compromised
wifi or ISP" case, and afaics denial-of-service is trivial here,
so all you can reasonably do is detect that you can't send funds to
anyone usefully, and avoid locking up lots of funds while trying.
- Pervasive attack, where everyone in some large group is
simultaenously suffering from a sybil attack; eg the Chinese gov or an
ISP blocks lightning connections unless they're to one of its nodes,
so they always see both ends of payments between their victims. This
seems very expensive to pull off to me (you have to do deep inspection
of a whole bunch of people's internet connections), but I'm not sure
it can be effectively defended against. "Oh i was just forwarding
that to someone else" doesn't work if there wasn't any way you could
make a channel with anyone else (or if secretly forwarding payments
is criminal in itself).
> Think about an attacker who is able to MITM your internet connection,
> like the hotspot you connect to at a Cafe (or your ISP if hijacked).
> They can build locally a gigantic network, all pointing to the same
> node. You can't tell, and they don't have to necessarily just block
> your payments. (see above)
But you can tell, just by seeing whether a well-known third party's
lightning address is routable? If every node on your network is an
attacker's, then you won't see the third party's address.
If you do see a route to the third party (ie, Me -> Attacker -> Attacker
-> Attacker -> Bob -> Carol -> Third party), then you could work backwards
asking Carol and Bob to connect directly to you, which would get you a
non-attacker node with reasonable probability, assuming there are any.
I guess there's two ways in which a node is "on the network" -- one
is if it's reachable by p2p hopping ("Hey, what are your neighbours'
network addresses?" "Okay, connect to them and repeat"), the other if it's
routable over established channels. If you do a Sybil attack against p2p
hopping; my argument is you can still use the payment channels as a way
of connecting to other nodes. And if you do a Sybil attack against both
p2p hopping /and/ the graph of channels, then that's detectable because
well-known nodes simply won't appear in the graph.
> Only nuisance is that it requires either SPV or full node to check the
> anchor, but I kinda like the idea of having all (or a good amount) of
> lightning nodes be full bitcoin nodes as well.
You need to monitor the blockchain for spends of your own anchors
anyway, so that doesn't seem like a big additional limitation to me.
Cheers,
aj
📝 Original message:
On Mon, Oct 19, 2015 at 09:45:34AM +0200, Mats Jerratsch wrote:
> All of your assumptions have the premise though, that choosing a
> 'good' vs a 'bad' guy is pure probability, like picking the right ball
> out of a bag. [...]
Three sorts of attack:
- Vandals randomly join the lightning network with dysfunctional nodes.
They don't have special powers to corrupt your network, and aren't
targetting anyone in specific, just trying to damage things because
they think lightning is a bad idea and want to stop it happening.
This is just a denial of service attack. This is the class of attack
that gives the "pure probability" of hitting a bad node.
- Sybil attack, where someone is targetting you personally, and
controlling all the nodes you connect to. This is the "compromised
wifi or ISP" case, and afaics denial-of-service is trivial here,
so all you can reasonably do is detect that you can't send funds to
anyone usefully, and avoid locking up lots of funds while trying.
- Pervasive attack, where everyone in some large group is
simultaenously suffering from a sybil attack; eg the Chinese gov or an
ISP blocks lightning connections unless they're to one of its nodes,
so they always see both ends of payments between their victims. This
seems very expensive to pull off to me (you have to do deep inspection
of a whole bunch of people's internet connections), but I'm not sure
it can be effectively defended against. "Oh i was just forwarding
that to someone else" doesn't work if there wasn't any way you could
make a channel with anyone else (or if secretly forwarding payments
is criminal in itself).
> Think about an attacker who is able to MITM your internet connection,
> like the hotspot you connect to at a Cafe (or your ISP if hijacked).
> They can build locally a gigantic network, all pointing to the same
> node. You can't tell, and they don't have to necessarily just block
> your payments. (see above)
But you can tell, just by seeing whether a well-known third party's
lightning address is routable? If every node on your network is an
attacker's, then you won't see the third party's address.
If you do see a route to the third party (ie, Me -> Attacker -> Attacker
-> Attacker -> Bob -> Carol -> Third party), then you could work backwards
asking Carol and Bob to connect directly to you, which would get you a
non-attacker node with reasonable probability, assuming there are any.
I guess there's two ways in which a node is "on the network" -- one
is if it's reachable by p2p hopping ("Hey, what are your neighbours'
network addresses?" "Okay, connect to them and repeat"), the other if it's
routable over established channels. If you do a Sybil attack against p2p
hopping; my argument is you can still use the payment channels as a way
of connecting to other nodes. And if you do a Sybil attack against both
p2p hopping /and/ the graph of channels, then that's detectable because
well-known nodes simply won't appear in the graph.
> Only nuisance is that it requires either SPV or full node to check the
> anchor, but I kinda like the idea of having all (or a good amount) of
> lightning nodes be full bitcoin nodes as well.
You need to monitor the blockchain for spends of your own anchors
anyway, so that doesn't seem like a big additional limitation to me.
Cheers,
aj