Anthony Towns [ARCHIVE] on Nostr: 📅 Original date posted:2015-10-18 📝 Original message: On Sun, Oct 18, 2015 at ...
📅 Original date posted:2015-10-18
📝 Original message:
On Sun, Oct 18, 2015 at 01:25:29PM +0200, Mats Jerratsch wrote:
> > It only works if you actually setup a channel, though -- so you have to
> > lock some money into the channel for however many confirmations until
> > the channel activates, before you can test, plus the OP_CSV delay if
> > the test fails.
> And there's the catch. If an attacker achieves nodes opening up
> channels with him, he already succeeded in vandalism.
I'm not sure this is true? Supposing there are V vandals on the system,
compared to T total nodes, so V/T is your probability of selecting a
vandal. Then, to join the lightning network, you open up N channels
with randomly chosen nodes at $1 each, committing $N in total, and
(if they're all run by vandals and have to get closed) spending about
2*N*2c (so 4%?) in fees. If there are 1000 nodes (ie, lots), then the
probability of finding at least one good node is about 1-(V/T)^N. If you
want a probability of 99% of getting a good node on your first try, then:
V/T = 10%: N = 2
V/T = 20%: N = 3
V/T = 30%: N = 4
V/T = 40%: N = 6
V/T = 50%: N = 7
V/T = 60%: N = 9
V/T = 70%: N = 13
V/T = 80%: N = 21
V/T = 90%: N = 43
V/T = 95%: N = 86
V/T = 99%: N = 368
So with 90% of nodes being hostile, that'd be getting expensive, but
not completely implausible. If 40%-plus of the network is legit, though,
just trying out 10 random nodes seems like it works fine, and only locks
up $10 for a couple of days and costs about 40c in bitcoin fees...
Also, if you've got to run 2.5 times as many vandal nodes as there are
legitimate nodes for people to even really be bothered, I don't think
you'll see many vandals in the first place...
(Once you've got a node that actually works, you can expand your channel
from $1 to $10 or $100, and/or open additional channels, and at that point
(afaics) you're set.)
That's only necessary if you don't know anyone with a lightning account
already, though. Since anyone can forward for you, you could start with
someone you trust in real life -- eg, a friend, a bank, a government,
etc. If Rusty tells me he'll route my payments (as long as they're made
between 10am and 3pm Adelaide time on a weekday, maybe) then I can open
a $5 channel with him, and use that to send 1 satoshi payments to test
connectivity. So, if I'm wondering whether BOBSBANK is reliable, I work
out a route:
aj -> rusty -> a -> b -> c -> BOBSBANK -> x -> y -> z -> rusty -> aj
apply it as an onion so it can't get short-circuited, and see if it gets
back to me, at a cost of maybe 10% of a satoshi (10 hops at 1% each)...
If it does, BOBSBANK is connected and functional, and I can try opening a
channel. If it doesn't, I can try a different route to BOBSBANK, or try
someone else entirely.
> Furthermore, an
> attacker can always play by the rules and forward all payments up to
> one point where he stops.
(For example, he could happily route payments on $1 channels, but refuse
to do likewise when the channel capacity was upped to $10)
In the general case though, does that even count as an attack? Isn't
that just like a web site going down or being put behind a paywall? ie,
annoying, but completely legitimate? I mean, if someone downloads the
lightning software to try it out, runs it for a while, then decides it's
no fun and stops, they'll be "playing by the rules up to one point where
they stop"; but they're not trying to "attack" the system.
Coping with unreliability is definitely important, but running a node that
works sometimes but is deliberately unreliable is a lot more effort than
running a node that claims to work, but never does. It's also more work
(and less profitable) than just running a node that actually work...
> And even worse, if everyone connect to his
> nodes, he can relay all payments, but he is able to distinctively
> identify payee and payers, even with onion routing.
That's a different attack isn't it? To get everyone to connect to your
nodes, you'd have to be running the majority of nodes -- ie, there's
5000 different organisations running lightning nodes, but 4999 of them
run one or two nodes each, but one of them runs 100,000 nodes.
But if it were cheap enough for one org to run 100k nodes, why wouldn't
the others treat it as an arms race and end up running, say, 20-50
nodes each? They'd have an economic incentive to do so, in that it
increases their odds of collecting fees... At that point the attacker's
already reduced to 28%-50% of nodes. ie, I think that's likely to be
self-correcting?
But! An arms race in nodes-per-person would probably cause a scaling
problem for the network (depending on how routing actually works), and
you'd have to address that by creating some cost to run (or at least
register?) a node/channel. But if they're all legitimate nodes, I think
that's just a scaling problem, rather than vandalism per se.
(An additional but: even if spamming the list of nodes doesn't work as
an effective attack, if you can spam the list of *channels* with valid
looking edges that won't actually route payments successfully, you can
screw over the network pretty well)
Cheers,
aj
📝 Original message:
On Sun, Oct 18, 2015 at 01:25:29PM +0200, Mats Jerratsch wrote:
> > It only works if you actually setup a channel, though -- so you have to
> > lock some money into the channel for however many confirmations until
> > the channel activates, before you can test, plus the OP_CSV delay if
> > the test fails.
> And there's the catch. If an attacker achieves nodes opening up
> channels with him, he already succeeded in vandalism.
I'm not sure this is true? Supposing there are V vandals on the system,
compared to T total nodes, so V/T is your probability of selecting a
vandal. Then, to join the lightning network, you open up N channels
with randomly chosen nodes at $1 each, committing $N in total, and
(if they're all run by vandals and have to get closed) spending about
2*N*2c (so 4%?) in fees. If there are 1000 nodes (ie, lots), then the
probability of finding at least one good node is about 1-(V/T)^N. If you
want a probability of 99% of getting a good node on your first try, then:
V/T = 10%: N = 2
V/T = 20%: N = 3
V/T = 30%: N = 4
V/T = 40%: N = 6
V/T = 50%: N = 7
V/T = 60%: N = 9
V/T = 70%: N = 13
V/T = 80%: N = 21
V/T = 90%: N = 43
V/T = 95%: N = 86
V/T = 99%: N = 368
So with 90% of nodes being hostile, that'd be getting expensive, but
not completely implausible. If 40%-plus of the network is legit, though,
just trying out 10 random nodes seems like it works fine, and only locks
up $10 for a couple of days and costs about 40c in bitcoin fees...
Also, if you've got to run 2.5 times as many vandal nodes as there are
legitimate nodes for people to even really be bothered, I don't think
you'll see many vandals in the first place...
(Once you've got a node that actually works, you can expand your channel
from $1 to $10 or $100, and/or open additional channels, and at that point
(afaics) you're set.)
That's only necessary if you don't know anyone with a lightning account
already, though. Since anyone can forward for you, you could start with
someone you trust in real life -- eg, a friend, a bank, a government,
etc. If Rusty tells me he'll route my payments (as long as they're made
between 10am and 3pm Adelaide time on a weekday, maybe) then I can open
a $5 channel with him, and use that to send 1 satoshi payments to test
connectivity. So, if I'm wondering whether BOBSBANK is reliable, I work
out a route:
aj -> rusty -> a -> b -> c -> BOBSBANK -> x -> y -> z -> rusty -> aj
apply it as an onion so it can't get short-circuited, and see if it gets
back to me, at a cost of maybe 10% of a satoshi (10 hops at 1% each)...
If it does, BOBSBANK is connected and functional, and I can try opening a
channel. If it doesn't, I can try a different route to BOBSBANK, or try
someone else entirely.
> Furthermore, an
> attacker can always play by the rules and forward all payments up to
> one point where he stops.
(For example, he could happily route payments on $1 channels, but refuse
to do likewise when the channel capacity was upped to $10)
In the general case though, does that even count as an attack? Isn't
that just like a web site going down or being put behind a paywall? ie,
annoying, but completely legitimate? I mean, if someone downloads the
lightning software to try it out, runs it for a while, then decides it's
no fun and stops, they'll be "playing by the rules up to one point where
they stop"; but they're not trying to "attack" the system.
Coping with unreliability is definitely important, but running a node that
works sometimes but is deliberately unreliable is a lot more effort than
running a node that claims to work, but never does. It's also more work
(and less profitable) than just running a node that actually work...
> And even worse, if everyone connect to his
> nodes, he can relay all payments, but he is able to distinctively
> identify payee and payers, even with onion routing.
That's a different attack isn't it? To get everyone to connect to your
nodes, you'd have to be running the majority of nodes -- ie, there's
5000 different organisations running lightning nodes, but 4999 of them
run one or two nodes each, but one of them runs 100,000 nodes.
But if it were cheap enough for one org to run 100k nodes, why wouldn't
the others treat it as an arms race and end up running, say, 20-50
nodes each? They'd have an economic incentive to do so, in that it
increases their odds of collecting fees... At that point the attacker's
already reduced to 28%-50% of nodes. ie, I think that's likely to be
self-correcting?
But! An arms race in nodes-per-person would probably cause a scaling
problem for the network (depending on how routing actually works), and
you'd have to address that by creating some cost to run (or at least
register?) a node/channel. But if they're all legitimate nodes, I think
that's just a scaling problem, rather than vandalism per se.
(An additional but: even if spamming the list of nodes doesn't work as
an effective attack, if you can spam the list of *channels* with valid
looking edges that won't actually route payments successfully, you can
screw over the network pretty well)
Cheers,
aj