David A. Harding [ARCHIVE] on Nostr: π Original date posted:2022-11-26 π Original message: On 2022-11-21 14:26, ...
π
Original date posted:2022-11-26
π Original message:
On 2022-11-21 14:26, Antoine Riard wrote:
>> Clara Shikhelman wrote:
>> 4. How would these tokens work with blinded paths and other
>> privacy-preserving suggestions?
>
> Primarily, the tokens could use the new onion messages and blinded
> paths for the dissemination and renewal rounds. Current design assumes
> they're attached to the HTLC during forward along the payment path,
> though I think one design alternative could be completely detached,
> and the HTLC onion just contains a ref to the tokens.
I'm not sure I understand this answer, so I'll explain in my own words
and kindly ask that you tell me if I'm wrong or missing something
important.
If Alice wants to pay Zed using a blinded path where Zed chooses
terminal channels W->X->Y->Zed, then Zed will need to provide to Alice
the encrypted credential tokens for X, and Y. In theory, if Alice
controls node Y, she can prevent the HTLC from settling and so waste the
value of Zed's provided tokens for node X. However, Alice shouldn't
know where Zed's node is in the LN topography and can't be assured that
he'll forward through her secondary node, so the attack is uncertain to
work. The attack may also have a cost---Alice may need to buy
credential tokens for node W and the hops leading to it from her primary
node---with that cost mitigating the chance of the attack and the
likelihood that it would be profitable.
Thank you both for the interesting proposal and the insightful
questions!,
-Dave
π Original message:
On 2022-11-21 14:26, Antoine Riard wrote:
>> Clara Shikhelman wrote:
>> 4. How would these tokens work with blinded paths and other
>> privacy-preserving suggestions?
>
> Primarily, the tokens could use the new onion messages and blinded
> paths for the dissemination and renewal rounds. Current design assumes
> they're attached to the HTLC during forward along the payment path,
> though I think one design alternative could be completely detached,
> and the HTLC onion just contains a ref to the tokens.
I'm not sure I understand this answer, so I'll explain in my own words
and kindly ask that you tell me if I'm wrong or missing something
important.
If Alice wants to pay Zed using a blinded path where Zed chooses
terminal channels W->X->Y->Zed, then Zed will need to provide to Alice
the encrypted credential tokens for X, and Y. In theory, if Alice
controls node Y, she can prevent the HTLC from settling and so waste the
value of Zed's provided tokens for node X. However, Alice shouldn't
know where Zed's node is in the LN topography and can't be assured that
he'll forward through her secondary node, so the attack is uncertain to
work. The attack may also have a cost---Alice may need to buy
credential tokens for node W and the hops leading to it from her primary
node---with that cost mitigating the chance of the attack and the
likelihood that it would be profitable.
Thank you both for the interesting proposal and the insightful
questions!,
-Dave