[Lightning-dev] Mitigations for loop attacks

Fri May 18 05:27:15 UTC 2018

ZmnSCPxj <ZmnSCPxj at protonmail.com> writes:
>>> Please describe the below:
>>>
>>> 1.  Behavior if payment succeeds after T time.
>>> 2.  Behavior if payment fails after T time.
>>>
>>> It seems you only described "Behavior if payment succeeds after T time".
>>
>> Ah, sorry if I didn't make that clear. The reputation is increased in the case of successful payments by the fee collected. The reputation is decreased on the downstream peer proportional to time T regardless of whether the payment succeeds or fails. If a payment succeeds quickly, the increase should outweigh the decrease, but if the payment succeeds after a long time, the change in reputation may be net negative. If the payment fails, the upstream peer's reputation does not change and the downstream peer's reputation always decreases proportional to time T.
>
> Thank you.  So:
>
> 1.  If payment succeeds after T time, upstream reputation is increased by fee earned, downstream reputation is increased by fee earned, downstream reputation is decreased by T * reputation_loss_rate.
> 2.  If payment fails after T time, downstream reputation is decreased by T * reputation_loss_rate.

So, to be clear, there's no *financial* fee on failure, just reputation
fee?

Also, you talked about reputation_loss_rate as being a private per-node
thing, and being an explicit thing in the HTLC.  I'm ignoring the
former, and assuming the latter.

OK, let's consider a 1000 satoshi HTLC, paying a 10ppm fee and with a
1ppm-per-second reputation_loss_rate.

If it succeeds in 1 second (measuring reputation in millisatoshi,
because its cute):

        reputation[source] += 10
        reputation[destination] += 10 - 1

If it succeeds in 10 seconds:

        reputation[source] += 10
        reputation[destination] += 10 - 10

If it fails in 10 seconds:

        reputation[destination] -= 10

And if it falls onto the chain and fails after 144 blocks:

        reputation[destination] -= 86400

In this scheme, it seems that I can destroy N reputation points in 18
nodes for cost N:

        Mallory1 -> Node1 -> Node2 -> ..... -> Node18 -> Mallory2
                                                  \
                                               Mallory3

Mallory2 pays a crapload of fees to Node18 to pay Mallory3, getting a
great reputation.  Then Mallory1 sends a payment to Mallory2, which
takes a day to resolve.

Of course, this is why you want ramped reputation_loss_rate, say 1ppm
for Mallory1->Node1, 2ppm ->Node2.... 19ppm for Mallory2.  That just
means Mallory can destroy 9*N total reputation points, not 18*N.

You can fix this by making it reputation_loss_rate exponential, but I
don't think Node1 could ever get the 262144x reputation to make the
payment in the first place.

What am I missing?

Thanks,
Rusty.