[Lightning-dev] Loop attack with onion routing..

Rusty Russell rusty at rustcorp.com.au
Thu Aug 20 05:49:29 UTC 2015


Hi all!

        So, with some prompting from AJ who has been working on node
incentives, I realized there's a nasty attack available to the network.
You simply route a payment back to another channel you own, then refuse
to dislose R.

You have to lock up N bitcoins, but so does every node in the path (and
nobody gets paid!).  Onion routing means nobody knows who to blame (you
can simply claim there's another hop after you).

I think in this case we need to peel the onion[1]: if a payment takes
too long you tell the previous node where you sent it (and relay where
it sent it, etc.)  If you're the last in the queue, you also need to
prove that you closed the channel to the offender[2] (which costs you a
txfee, providing disincentive).

Anyone see any other problems?

Thanks,
Rusty.

[1] Which means exposing a set of hashes corresponding to hashes of the
    route steps, and including a nonce inside each route step, so you
    can prove you decrypted it.
[2] eg. provide the commitment tx or mutual close tx, and a signature
    from that node's key provign that they created it with you.


More information about the Lightning-dev mailing list