<div dir="ltr"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;text-align:left" id="gmail-docs-internal-guid-517ca964-7fff-3748-956f-742cfa4fc5a9"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Hi,</span></font></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">     We went through the discussion of </span><a href="https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-April/002608.html" style="text-decoration:none"><span style="font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Griefing Attack</span></a><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> and after a thorough analysis, we realized that the attack cannot be prevented as the adversary doesn’t suffer any loss of funds.</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">We propose an efficient countermeasure for the attack, known as Griefing-Penalty. Our proposed strategy works for any timelock based payment protocol. The penalty compensates for the loss incurred by the intermediaries, affected by griefing attack. You will find the paper </span><a href="https://arxiv.org/abs/2005.09327" style="text-decoration:none"><span style="font-family:Arial;color:rgb(17,85,204);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Griefing-Penalty: Countermeasure for Griefing Attack in Bitcoin-compatible PCNs</span></a><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> on arXiv. We look forward to hearing from the community on the feasibility of the approach and whether it can be implemented or not.</span></font></p><div style="text-align:left"><br></div><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Our Contribution to the paper:</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">• We propose a countermeasure for mitigating griefing attack in Bitcoin-compatible PCNs, known as Griefing-Penalty. It punishes the griefer by forcing it to pay compensation to all the parties whose funds got locked for a certain time period as a result of the attack.</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">• The loss of funds incurred upon mounting griefing-attack is proportional to the collateral cost of each channel involved in routing the payment.</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">• To illustrate the benefit of the proposed countermeasure, we propose a new payment protocol, called as HTLC-GP or Hashed Timelock Contract with Griefing-Penalty.</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">• We provide a security analysis which proves that our protocol is privacy-preserving as well as mitigates loss due to griefing attack by compensating the honest nodes</span></font></p><div style="text-align:left"><br></div><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">We will briefly summarize the problem and our contribution through an example.</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">The problem of Griefing Attack explained briefly</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Consider the situation where A wants to transfer 1 msat to C. It figures out a path connecting it to C, in the form A->B->C. A establishes an HTLC with B, locking 1 msat in the contract having expiration time of say 2 days. B after receiving the incoming contract, forms a contract with C, locking 1 msat in the contract with locktime of 1 day.</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">A------------------------->B---------------------->C</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">HTLC(1msat, 2 day)     HTLC(1msat, 1 day)</span></font></p><div style="text-align:left"><br></div><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Now if C griefs, funds of A and B remain locked as they cannot resolve HTLC. After an elapsed time of 1 day, the fund gets unlocked and B gets back 1 msat. Similarly, B cancels contract with A after 1 day, A unlocks 1 msat. The problem with this construction is that C doesn’t lose anything.</span></font></p><div style="text-align:left"><br></div><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">Griefing-Penalty: a strategy to penalize the adversary</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Hence we have come up with the following idea:</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">1) An off-chain contract established between 2 parties requires both the parties to lock funds – one party locking the amount that is to be forwarded and the other party locking the fund which can be claimed as a penalty, if this party griefs.</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">2) The penalty locked is proportional to the product of the amount being forwarded and the expiration time of the contract. All the parties affected by griefing must get compensation since their liquidity is tied up for a certain period of time.</span></font></p><div style="text-align:left"><br></div><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Considering the example used for demonstrating griefing attack. We modify the contract and term it as </span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">HTLC-GP (Hashed Timelock Contract with Griefing Penalty).</span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> We assume a rate of penalty, say 0.01 per hour, for calculating the penalty the party has to lock in order to accept an off-chain contract request.</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">A forwards the term of the contract to B, requesting B to lock 0.01*1*48=0.48 msat as a penalty. A locks 1 msat in the contract, so the total amount locked in the contract is 1.48 msat. In the same way, B forwards the term of the contract to C, requesting C to lock 0.01*1*24=0.24 msat as a penalty. B locks 1 msat in the contract, so the total amount locked in the contract is 1.24 msat. If the payment is not resolved within 1 day, all the parties who have forwarded the contract will claim the penalty locked in the contract.</span></font></p><div style="text-align:left"><br></div><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">A-------------------------------------->B-------------------------------->C</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">HTLC-GP(1.48 msat, 2 days)       HTLC-GP(1.24 msat,1 day)</span></font></p><div style="text-align:left"><br></div><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">If C releases the preimage before the expiration of locktime, it will claim the full amount locked in the contract, i.e. 1.24 msat. Similarly, B claims 1.48 msat from the contract established with A.</span></font></p><div style="text-align:left"><br></div><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Suppose C griefs. After an elapse of 1 day, B claims 1.24 msat from the contract. C loses 0.24 msat. When B cancels contract with A, it will settle by paying 1.48 msat to A. But then B loses an additional 0.24 msat. This is not desired as B was not involved in mounting the attack. As per the objective, even B should earn a remuneration as it got affected by griefing.</span></font></p><div style="text-align:left"><br></div><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Hence, B should have asked C to lock funds in the contract which can be used for compensating both B and A. So C must lock 0.48 msat + 0.24 msat = 0.72 msat. So if C griefs, now it loses 0.72 msat (proportional to the collateral cost of the path). B pays 0.48 msat to A, keeping 0.24 msat with itself as compensation.</span></font></p><div style="text-align:left"><br></div><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">A-------------------------------------->B-------------------------------->C</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">HTLC-GP(1.48 msat, 2 days)       HTLC-GP(1.72 msat,1 day)</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">    </span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">    </span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">    </span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"> </span><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">    </span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">A------------------------------------->B-------------------------------->C (griefs)</span></font></p><p dir="ltr" style="line-height:1.2;margin-top:12pt;margin-bottom:0pt;text-align:left"><font size="2"><span style="font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">(A gain 0.48 msat)      (B gain 0.24 msat)              (C loses 0.72 msat)</span></font></p><div style="text-align:left"><br clear="all"><br><font size="2">-- </font><br></div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature" style="text-align:left"><div dir="ltr"><div><div dir="ltr"><font size="2">Yours sincerely,<br>Subhra Mazumdar.<br><br></font></div></div></div></div></div>