Published on: 2022-12-06T04:27:12+00:00
During a conversation between Antoine and Joost, they discuss the issue of preventing jamming attacks on the Lightning Network. They consider implementing solutions such as circuitbreaker, which adds dynamic HTLC slot limits and rate-limits HTLC forwards based on incoming sources. The more nodes that use circuitbreaker, the more difficult it becomes for attackers to carry out jamming attacks. However, implementing circuitbreaker has some downsides, including making low-value slots more vulnerable to jamming and potentially impacting simple payments from lambda users. Joost argues that severely limiting channels would make it much harder for an attacker to achieve the same effect and would require them to have many more channels. This would increase the cost and complexity of launching jamming attacks. They also discuss queuing HTLCs as a congestion control mechanism and suggest that applying congestion control by holding HTLCs could prompt other nodes along the path back to the attacker to apply congestion control as well.The circuitbreaker feature introduces new dynamic HTLC slot limits, which can be rate-limited based on the source of incoming HTLCs. However, this approach may penalize routing hops and should be recursively applied by counterparty nodes on their network topologies. While it increases the cost for attackers to launch jamming attacks on high-value slots, it reduces the cost for attacking low-value slots. The economic proportionality is that an attacker cannot do much with severely limited channels and would need many more to achieve the same effect. Force-closes, which may occur due to bugs or node offline events, are independent of the circuitbreaker feature.Queuing HTLCs itself is valuable as a congestion control mechanism, especially when there is an excess of honest incoming HTLC traffic. It allows routing nodes to earn routing fees on all HTLCs. An advanced idea discussed is based on statistics collection, sending back-pressure messages, or providing HTLC sending scheduling information to upstream hops. The idea is that congestion control by holding HTLCs may prompt other nodes along the path to the attacker to apply congestion control as well.The circuitbreaker feature's limits can be based on HTLC values, such as the Xth slots for HTLCs of certain values. It falls under the reputation-based family of solutions, where reputation is enforced through rate-limiting. A jamming attacker could open new channels during periods of low fees and still launch attacks against distant hops by splitting the jamming traffic between many sources, thus avoiding force-closures. The economic equilibrium and risk structure of this scheme are still uncertain, and there are interdependencies between the HTLC forward "counterparty risk" (real jamming) and the congestion and scheduling of efficient HTLC traffic. The rudimentary interface only supports JIT channel use-case, but the circuitbreaker connects to lnd's htlc interceptor and htlc events interfaces.In a recent email exchange between Joost Jager and Antoine Riard, they discussed the issue of channel jamming and spamming in the Lightning Network. Jager suggested using a lightning firewall like circuitbreaker to combat these issues by setting limits on pending HTLCs or implementing rate limits. However, this approach has limitations, including extra retries and potential penalization of routing nodes that apply limits. Jager proposed an alternative strategy of holding and queuing exceeded HTLCs instead of failing them. This would prevent failures from impacting a routing node's reputation and punish upstream nodes by occupying their HTLC slots and freezing funds. The recursive propagation of limits across the network could push bad senders into corners where they can't cause much harm anymore. However, routing nodes employing the hold strategy may also be punishing themselves, especially if they initiated the channel with many pending HTLCs.Jager has updated circuitbreaker with a queue mode for experimentation, and the email exchange also highlighted the importance of routing nodes carefully examining the source of bad traffic and applying appropriate limits. The discussion emphasizes the challenge of balancing efforts to counter channel jamming and spamming while ensuring efficient HTLC traffic scheduling.Overall, the conversation between Antoine and Joost explores various solutions, such as circuitbreaker and queuing HTLCs, to prevent jamming attacks on the Lightning Network. They consider the economic implications, potential downsides, and the need for careful implementation to strike a balance between countering attacks and maintaining efficient routing.
Updated on: 2023-08-01T00:54:10.168464+00:00