Author: Anthony Towns 2015-09-19 01:27:16
Published on: 2015-09-19T01:27:16+00:00
In an email conversation on 19 September 2015, Rusty Russell discussed the possibility of Route Probing Attacks on the R values of HTLCs in the Lightning Network. Without a MAC, a node can replace routing entirely, but if it guesses the final destination right, the HTLC will succeed. One defense is to fail two HTLCs with the same R value, forcing probe serialization, but this enables easy probing back to the source. Probabilistic backoff for duplicate R values may work, but not for more sophisticated probe sequences. Parallel probes are limited by channel capacity, and probing may not be plausible given mass deployment. For a general solution, having two R values, one known only by the recipient and one by the sender, could completely rule out probing. The htlcs would be payable on presentation of both R and S, and S would be encrypted to the final recipient in the onion payload. Munging the payload then makes the htlc irredeemable so misrouting it gives no information.
Updated on: 2023-05-18T00:36:48.263242+00:00