Published on: 2019-01-21T23:15:59+00:00
In a recent email exchange, Olaoluwa Osuntokun suggested that nodes should start using bloom filters to avoid most database lookups for incoming payment hashes. However, Matt expressed concern about this idea as it could potentially lead to timing attacks to discover if a node is the target for a payment. It is important to consider security risks before implementing new strategies in order to protect against potential vulnerabilities.In an email exchange between Olaoluwa Osuntokun and Andrea Raspitzu, they discuss the concept of probing the Lightning Network to check for the liveliness of a path before sending out a payment. Currently, a random payment hash is used that is not redeemable by anyone, and if the destination (and the path) is lively, it will respond with an error. However, this method could be improved by using the padding of the per_hop field of the onion. By adding a single bit of padding, the final node can be informed that this is a probe and not an actual payment, saving the receiving node from doing a database lookup and avoiding revealing anything to intermediate nodes. Nodes may eventually use bloom filters to avoid most database lookups for incoming payment hashes, and hierarchical bloom filter usage by nodes would allow them to avoid almost all database lookups for incoming unknown payment hashes (probes or not). Furthermore, introducing probes that can be dropped and/or prioritized by intermediate nodes is an attractive idea. The sender can send out another different type of probe that would tell the intermediate nodes that the previous one was not actually a payment, allowing the network to free resources. However, introducing probes that can be dropped and/or prioritized by intermediate nodes is a privacy issue and can be abused, as it allows them to respond differently, thus the probe result cannot be trusted entirely. The idea of having a node policy where nodes would temporarily ban a peer that is adding too many unredeemable HTLCs is suggested as a solution for now.The email also mentions aj's prior post on making probe HTLCs identifiable to the receiver and allowing intermediate nodes to drop them. Allowing intermediate nodes to identify probe HTLCs has privacy implications, as it creates two path-level classes of HTLCs. On the other hand, this may help with QoS scheduling on the forwarding plane for nodes, they may want to prioritize actual payments over probes, with some nodes opting to not forward probes altogether.The Lightning Network is a decentralized network that allows for fast and cheap transactions of Bitcoin. One issue the network faces is how to probe the network to check for the liveliness of a path before sending out a payment. Currently, a random payment hash is issued that is not redeemable by anyone; if the destination (and the path) is lively, it will respond with an error. To improve this process, the padding of the per_hop field of the onion can be used. With a single bit of the padding, the final node can be informed that this is a probe and not an actual payment. This saves the receiving node from doing a database lookup and does not reveal anything to intermediate nodes. Nodes may opt to maintain a series of hierarchical bloom filters, with the highest tier filter containing only payment hashes for non-expired invoices, which would allow them to avoid almost all database lookups for incoming unknown payment hashes (probes or not). Laolu recently implemented a type of spontaneous payment that works today in the wild. A requirement for this was fully functional EOB packing logic at the sender, and multi-packet unwrapping at the receiver. All that would need to be done is specify an EOB type for this special probe type of HTLC. As it doesn't need any additional data, it only consumes a single pivot hop and doesn't require the route to be extended. Aj's prior post on this front suggested making probe HTLCs identifiable to the receiver, allowing intermediate nodes to drop them. Allowing intermediate nodes to identify probe HTLCs has privacy implications, as it creates two path-level classes of HTLCs. However, this may help with QoS scheduling on the forwarding plane for nodes, as they may want to prioritize actual payments over probes, with some nodes opting to not forward probes at all.The author of the message is proposing a discussion on whether or not to probe the network to check for the liveliness of a path before sending out a payment. Currently, payments are issued with a random payment_hash that is not redeemable by anyone, and if the destination (and the path) is 'lively', it will respond with an error. The author believes that probing can help reduce the error rate of payments and even detect stale channels. In order to improve this process, the author suggests using the padding of the per_hop field of the onion and with a single bit of the padding, telling the final node that this is a probe and not an actual payment.
Updated on: 2023-07-31T21:24:16.188984+00:00