Published on: 2019-04-21T02:33:07+00:00
In an email conversation, ZmnSCPxj and Alejandro discussed a potential solution to mitigate an attack on the sub-factory. The concern raised was that this solution may trigger a race condition between the valid state of the sub-factory and the new state of the channel. Furthermore, even if Alice and Bob lose the race, they might still be interested in stealing from Carol if the stolen funds are greater. To address these concerns, ZmnSCPxj proposed using the mechanism of Discrete Log Contracts. This mechanism ensures that an Oracle reveals its private key if it publishes multiple signatures signing different messages for a specific sampling. By applying this mechanism, if Alice and Bob sign an alternate transaction spending the A,B output, they also reveal the private key to Carol. Carol can then punish this behavior by burning the A,B output and sending it all as fees to miners. However, this solution may not be sufficient if the A,B channel has a small capacity, as Alice and Bob may be willing to sacrifice it to steal larger amounts from Carol.The Discrete Log Contracts mechanism guarantees that a public key is used only once, providing additional security measures. However, in cases where the A,B channel has low capacity, Alice and Bob could still choose to exploit this vulnerability by sacrificing the channel to steal more from Carol.In a recent communication, Alejandro Ranchal Pedrosa apologized for an important typo in his earlier message. The corrected statement pertained to a scenario where Dave is offline or unresponsive, which means he cannot update the channel factory.The email also discusses the construction of channel factories and introduces the splice-out mechanism, which claims to solve a stale factory situation. However, the writer explains that this mechanism, known as the Broken Factory attack, is easily vulnerable to attacks. The scenario presented involves a factory created between Alice, Bob, Carol, and Dave with channels F_AC, F_AB, F_BC, and F_CD. If Dave cannot update the channel factory, the splice-out mechanism should allow them to redirect outputs of the channels to a new factory. However, Alice and Bob can update their former channel state and invalidate the state R1_AB, making it older than a new state R2_AB. This invalidates one of the inputs of the new Hook H_ABC, proving that the splice-out mechanism is not possible without a race condition.
Updated on: 2023-07-31T21:36:06.251256+00:00