Author: Bastien TEINTURIER 2020-06-19 07:44:11
Published on: 2020-06-19T07:44:11+00:00
The author apologizes for being late to the discussion on a proposal to add more anchors and pre-signed transactions to protect against an attack where an attacker pins a preimage transaction while preventing the victim from learning the preimage for at least `N` blocks. The author has put together a gist of ideas scattered across emails, IRC discussions, and Github issues to help move the discussion forward and provide newcomers with background information. The author's alternative proposal loosely reflects Matt's proposal from the very first email of this thread and includes anchors and new txs only in some places where necessary. The author's current state-of-mind is that adding more anchors and pre-signed txs adds non-negligible complexity and hurts small HTLCs, so it would be better if they did not need it. Additionally, the blind CPFP carve-out trick is a one-shot, so a lot of fees may be required for it to work, potentially making the victim lose money in case of an attack. If we take a step back, the only attack we need to protect against is the attacker pinning a preimage transaction, and the official anchor outputs proposal should be safe enough and much simpler if we have high enough `cltv_expiry_delta`, off-chain preimage broadcast, LN hubs participating in mining pools, and decent mitigations for eclipse attacks.
Updated on: 2023-06-14T00:33:35.674956+00:00