Author: Jim Posen 2018-05-10 23:18:08
Published on: 2018-05-10T23:18:08+00:00
In an email discussion on the Lightning-dev mailing list, a participant expressed confusion regarding the concept of directing normal traffic and how routing nodes may or may not have discretion over forwarding payments. The sender constructs the entire circuit, so routing nodes do not have much choice in terms of which nodes to forward payments to; they only determine whether to forward or fail. However, an attacker could perform a loop attack by sending a payment to another node that they control and delay the payment on the receiving end. In this scenario, the sending node loses no reputation, only the receiving node does. Since the hops being attacked are the ones in the middle and they are faithfully enforcing the reputation protocol, the receiving node's reputation should be penalized properly, making it unlikely the attack will succeed in a second attempt.Another participant in the discussion raised the issue of asymmetrical resources and the potential for malevolent nodes to direct normal traffic to sacrificial nodes they control in order to harm a specific small node without acquiring a bad reputation. They could then understate the reputation-risk while having out-of-band influence over the sacrificial node. When the time comes for an attack, the sacrificial node inflicts delay on the victim node, and both parties suffer while the malicious node keeps their reputation clean. The question is whether understating risk of legitimate traffic from the boss node to the sacrificial node effectively allows transfer of reputation to the sacrificial node in preparation for an attack while obscuring their association.
Updated on: 2023-05-25T00:45:55.947325+00:00