Author: Bastien TEINTURIER 2020-02-05 09:00:32
Published on: 2020-02-05T09:00:32+00:00
In a discussion between Bastien and Rusty Russell, they explore potential attacks on Lightning Network payments, specifically the scenario where Mallory receives two invoices and wants to verify if they are from the same node. Bastien proposes a solution that uses `payment_secret` and `decoy_key` to derive the `decoy_scid`, which should defend against this attack. However, Rusty points out that Mallory can still include the P_I from the wrong invoice for Bob. To mitigate this, Bob needs to include the scid he used in the update_add_htlc message so that Alice can check. They also discuss their concerns about custodial lightning services restricting what they will pay to due to potential KYC pressure. Bastien believes that there are enough non-custodial wallets available for motivated users to pay whatever they want, even running their own node if needed. Rusty argues that none of the solutions they provide will be useful if regulation requires users to completely reveal who they are paying, regardless of the payment method used. Ultimately, it will be up to the recipient to decide whether they want to use a normal invoice and reveal their identity or pass on that payment.
Updated on: 2023-06-02T22:42:08.246840+00:00