Author: Matt Corallo 2019-12-16 15:29:28
Published on: 2019-12-16T15:29:28+00:00
In a discussion on the Lightning-dev mailing list, there were concerns raised about possible stealth attacks that would be difficult to detect until it was too late to react. However, David A. Harding argued that these attacks could be detected by comparing the time of the latest block header to real time. He also explained the difference between the normal and pathological cases when Alice requests blocks from honest nodes versus an eclipse attacker. While there are mitigations in Bitcoin Core targeted at different classes of issues, it is unclear what the "emergency action" should be. Additionally, implementing detection and fallback is nontrivial, especially when privacy is a concern. Harding also pointed out that a possibly optimal attack strategy would be to combine commitment/penalty transaction censorship with plausible block delays. By using both deceits in the same attack to the maximum possible degree without triggering an alarm, an attacker can maximize their chance of stealing funds. However, there is an interesting case where a large miner or cartel of miners could deliberately trigger a false positive of block delay protection by manipulating Median Time Past (MTP) to allow them to set their header nTime fields to values from hours or days ago. This problem is partly mitigated by miners keeping MTP far in the past being unable to claim fees from recent time locked transactions.
Updated on: 2023-05-23T02:33:50.091915+00:00