📅 Original date posted:2021-06-13 📝 Original message: Hi Z, Thanks again for ...

Lloyd Fournier [ARCHIVE] /

npub1khl…05yp

2023-06-09 12:40:09

in reply to nevent1q…c33f

📅 Original date posted:2021-06-13
📝 Original message:
Hi Z,

Thanks again for getting to the bottom of this. I think we are on the same
page except for one clarification:

On Tue, 8 Jun 2021 at 12:37, ZmnSCPxj <ZmnSCPxj at protonmail.com> wrote:

> Thus, in our model, we have the property that Bob can always recover all
> signatures sent by Alice, even if Carol is corrupted by Alice --- we model
> the signature-deletion attack as impossible, by assumption.
> (This is a strengthening of security assumptions, thus a weakening of the
> security of the scheme --- if Bob does not take the above mitigations, Bob
> ***is*** vulnerable to a signature-deletion attack and might have ***all***
> funds in hostage).
>

Only where ***all*** refers to the funds in the fast forward -- funds
consolidated into the channel balance are not at risk (modulo enforcing
correct state on chain).
I think it should be easy to get a stream of signatures so they can't be
deleted. The user "Bob" is creating and sending the invoices so they can
always demand and save the signatures from "Carol the Cashier" that
correspond to each payment so the "deletion attack" will be thwarted.

LL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20210613/fdeacd68/attachment.html>;

Author Public Key

npub1khlhcuz0jrjwa0ayznq2q9agg4zvxfvx5x7jljrvwnpfzngrcf0q7y05yp

Seen on

wss://relay.nostr.band

Show more details

Published at

2023-06-09 12:40:09

Kind type

1 Short Text Note

Event JSON

{ "id": "6fe2eac313a82809bb5b7668174c1eb4f8f8aed6b5bd2f451bc8863b9b2d5d03", "pubkey": "b5ff7c704f90e4eebfa414c0a017a84544c32586a1bd2fc86c74c2914d03c25e", "created_at": 1686314409, "kind": 1, "tags": [ [ "e", "a245f8ff6948bb87a609d4e4110adba80a8bcbec336d6cbf1557d65b42b7085f", "", "root" ], [ "e", "29d0eee71a4438ac23dc903cd103cec279fde6c5bbe397a0de0f31db79fb6bed", "", "reply" ], [ "p", "4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861" ] ], "content": "📅 Original date posted:2021-06-13\n📝 Original message:\nHi Z,\n\nThanks again for getting to the bottom of this. I think we are on the same\npage except for one clarification:\n\nOn Tue, 8 Jun 2021 at 12:37, ZmnSCPxj \u003cZmnSCPxj at protonmail.com\u003e wrote:\n\n\n\u003e Thus, in our model, we have the property that Bob can always recover all\n\u003e signatures sent by Alice, even if Carol is corrupted by Alice --- we model\n\u003e the signature-deletion attack as impossible, by assumption.\n\u003e (This is a strengthening of security assumptions, thus a weakening of the\n\u003e security of the scheme --- if Bob does not take the above mitigations, Bob\n\u003e ***is*** vulnerable to a signature-deletion attack and might have ***all***\n\u003e funds in hostage).\n\u003e\n\nOnly where ***all*** refers to the funds in the fast forward -- funds\nconsolidated into the channel balance are not at risk (modulo enforcing\ncorrect state on chain).\nI think it should be easy to get a stream of signatures so they can't be\ndeleted. The user \"Bob\" is creating and sending the invoices so they can\nalways demand and save the signatures from \"Carol the Cashier\" that\ncorrespond to each payment so the \"deletion attack\" will be thwarted.\n\nLL\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20210613/fdeacd68/attachment.html\u003e", "sig": "968864445aae98d938c146c24d99a0d48f312a5a3a2ebba79c3f447ec14268ff66dd94526fb8a7eb8a22760abb04e2e348b73f2a074bbf89241c9090dd08708b" }