Mats Jerratsch [ARCHIVE] on Nostr: π Original date posted:2015-10-18 π Original message: > It only works if you ...
π
Original date posted:2015-10-18
π Original message:
> It only works if you actually setup a channel, though -- so you have to
> lock some money into the channel for however many confirmations until
> the channel activates, before you can test, plus the OP_CSV delay if
> the test fails.
And there's the catch. If an attacker achieves nodes opening up
channels with him, he already succeeded in vandalism. Furthermore, an
attacker can always play by the rules and forward all payments up to
one point where he stops. And even worse, if everyone connect to his
nodes, he can relay all payments, but he is able to distinctively
identify payee and payers, even with onion routing.
> [1] Hmm, does forwarding 1 satoshi (2.6 10,000ths of a cent) make
> sense, or would the CPU cycles cost more than the fees you'd make?
> How much does it cost to forward a transaction? In python on my
> laptop, I get about 1000 ECDH operations per second in python, and
> 290k AES ops over a 3kB onion per second, and about 77k SHA256 ops
> per second. So just counting elliptic ops, forwarding a transaction
> requires three ops: an ECDH on the onion message, and an ECDSA on
> the commitment transaction to add the HTLC, and another sometime
> later to remove it. So say 1/350th of a CPU-second. My linode costs
> 3c/hour and seems to be about half as fast on the SHA256 test, but
> gives me two CPUs which evens it out. So so 3/60/60/350 cents is
> about the cost of forwarding a single transaction, which is about
> 2.4e-8 dollars, which is currently about 9.1e-11 bitcoin, which
> is 0.0091 satoshi. Conveniently lightning balances are denominated
> in millisatoshi, so as long as yours increases by 9 or 10, you're
> doing fine. 10 millisatoshi is 1% of 1 satoshi, so that seems like
> the right order of magnitude.
Interesting math, thank you for that!
π Original message:
> It only works if you actually setup a channel, though -- so you have to
> lock some money into the channel for however many confirmations until
> the channel activates, before you can test, plus the OP_CSV delay if
> the test fails.
And there's the catch. If an attacker achieves nodes opening up
channels with him, he already succeeded in vandalism. Furthermore, an
attacker can always play by the rules and forward all payments up to
one point where he stops. And even worse, if everyone connect to his
nodes, he can relay all payments, but he is able to distinctively
identify payee and payers, even with onion routing.
> [1] Hmm, does forwarding 1 satoshi (2.6 10,000ths of a cent) make
> sense, or would the CPU cycles cost more than the fees you'd make?
> How much does it cost to forward a transaction? In python on my
> laptop, I get about 1000 ECDH operations per second in python, and
> 290k AES ops over a 3kB onion per second, and about 77k SHA256 ops
> per second. So just counting elliptic ops, forwarding a transaction
> requires three ops: an ECDH on the onion message, and an ECDSA on
> the commitment transaction to add the HTLC, and another sometime
> later to remove it. So say 1/350th of a CPU-second. My linode costs
> 3c/hour and seems to be about half as fast on the SHA256 test, but
> gives me two CPUs which evens it out. So so 3/60/60/350 cents is
> about the cost of forwarding a single transaction, which is about
> 2.4e-8 dollars, which is currently about 9.1e-11 bitcoin, which
> is 0.0091 satoshi. Conveniently lightning balances are denominated
> in millisatoshi, so as long as yours increases by 9 or 10, you're
> doing fine. 10 millisatoshi is 1% of 1 satoshi, so that seems like
> the right order of magnitude.
Interesting math, thank you for that!