[Lightning-dev] Probing final receiver with refund timeout

Rusty Russell rusty at rustcorp.com.au
Sat Mar 5 09:28:36 UTC 2016


Mats Jerratsch via Lightning-dev
<lightning-dev at lists.linuxfoundation.org> writes:
> Just discovered that it is possible to attack the onion routing with
> probing too short of an absolute CLTV refund timeout.
>
> When accepting a payment, one will check if the remaining timeout >
> MIN_TIMEOUT.

One mitigation for this particular attack would be to remember the onion
and always fail an identical one.  That would allow a single probe,
however (basically, "are you the final destination?").

Also the timeout for the next hop should probably be somewhat
randomized, at least subtracting (MIN_TIMEOUT to MIN_TIMEOUT*2).

The question remains as to what HTLC timeout should be set to initially.
Even if you randomize it, over time the pattern would reveal to your
peer if you are originating all the HTLCS, for example.

Cheers,
Rusty.


More information about the Lightning-dev mailing list