Author: ZmnSCPxj 2020-04-16 05:09:21
Published on: 2020-04-16T05:09:21+00:00
The Lightning Network is a protocol designed to enable secure and fast transactions for Bitcoin. However, it has some risks associated with it, including griefing attacks, where intermediate nodes can be targeted by payers and payees colluding against them. These attacks occur when someone deliberately sets up a multi-hop payment to be in a pending state for an extended period. Previous proposed solutions to mitigate the effects of griefing attacks either protect the wrong party or create economic barriers against non-malicious payments.A new solution called proof-of-closure is presented in the context, which introduces a "soft" sidereal-time-based timeout that is not enforceable onchain but can protect intermediate nodes against payer/payee collusions. Each node advertises a timeout delta in units of 0.1 seconds, and each invoice contains a final timeout in addition to a block-based final_cltv. The soft timeout is measurable in fractions of a second, and its violation leads to the channel being dropped onchain and reported upstream. The hard block-based timeout has a similar reaction, but it is enforceable onchain. Both the hard and soft timeouts decrement monotonically at each hop, and the payee has the shortest timers. This solution cancels both timeouts if there is a success or failure report via update_fulfill_htlc or update_fail_htlc, and the HTLC is irrevocably removed from the latest commitments/states of the channel. The article also investigates how griefing attacks can be performed. Two ways are by delaying forwarding or failing an incoming HTLC by an intermediate node or delaying claiming an incoming HTLC by a final node. There is no selfishly-rational motivation for an intermediate node to delay a payment attempt. If it forwards as soon as possible, it can earn fees and speed up the release of the HTLC-locked funds to reuse those funds as liquidity for further payment attempts. However, a non-arbitrary payment could be delayed by a node to lock up the liquidity of other nodes and eliminate competition.Enforcing the soft timeout by closing channels is generally negative for the network. To prove its innocence in such a scenario, the intermediate node needs to show willingness to close the channel due to protocol violation and that the closed channel was involved in the same payment attempt. The proof-of-closure should contain an HTLC output, which can be validated to ensure the validity of the transaction. While proof-of-closure triggers a mild privacy loss, it only causes privacy issues when the mechanism is triggered due to violation of the soft timeout. For normal non-malicious payments, proof-of-closure does not cause any privacy loss.In the future, payment points will replace HTLCs, and payment decorrelation will be implemented to prevent privacy loss. Thus, C needs to provide proofs that the singlesig on the unilateral close output is a PTLC and that the PTLC belongs to the same payment attempt as what B offered to C. B then adds its own blinding factor to the reported blinding factor to propagate the proof-of-closure back to A.
Updated on: 2023-06-03T00:39:07.929599+00:00