Author: Antoine Riard 2022-11-28 18:48:52
Published on: 2022-11-28T18:48:52+00:00
From the conversation between Antoine Riard and David A. Harding, it appears that there is an issue with credential tampering by intermediary nodes in a classic payment path. In this scenario, if Alice controls node Y along the path W->X->Y->Zed, she can waste the credentials value provided. The issue also generalizes for any classic payment path where a routing node can waste the sender's credentials allocated on downstream hops. The discussion on the corresponding BOLT proposal suggests using "staking/reputational" credentials that are dependent on fat errors to assign payment path failure correctly. In the case of blinded paths, the senders may need another round with the recipient to share a subset of the fat error.The usage of blinded paths is further elaborated upon in the conversation. One alternative to sending back fresh credentials if the HTLC succeeds is to use the per-hop shared secret and wrap them in the return HTLC onion. Another alternative is a blinded onion route registered at HTLC forward phase, which is leveraged for the fresh credentials refill. Here, the quantity of credentials could be a privacy-leak itself, and hence, it needs to be masked. David raises a question regarding how tokens would work with blinded paths and other privacy-preserving suggestions. Antoine responds, stating that the tokens could use new onion messages and blinded paths for the dissemination and renewal rounds. The current design assumes that they are attached to the HTLC during forwarding along the payment path. However, one alternative design could be completely detached, and the HTLC onion just contains a reference to the tokens.David clarifies his understanding of the process, where Zed provides encrypted credential tokens for X and Y to Alice when paying through a blinded path. In theory, if Alice controls node Y, she can prevent the HTLC from settling and waste the value of Zed's provided tokens for node X. However, Alice cannot be assured that Zed will forward through her secondary node, making the attack uncertain to work. The attack may also have a cost, and Alice may need to buy credential tokens for node W and the hops leading to it from her primary node, mitigating the chance of the attack and the likelihood that it would be profitable.Overall, the conversation discusses the issue of credential tampering and suggests using staking/reputational credentials dependent on fat errors to assign payment path failure correctly. It also provides alternatives for fresh credentials refill in the case of blinded paths and discusses the potential risks associated with them.
Updated on: 2023-06-03T10:50:29.135100+00:00