[Lightning-dev] Broken Factory Attack

Alejandro Ranchal Pedrosa a.ranchalpedrosa at gmail.com
Sun Apr 21 02:33:07 UTC 2019

Hi ZmnSCPxj,

I suppose some variant of that proposal might mitigate the attack, but 
it would trigger a race condition between the valid state of the 
sub-factory and the new state of the channel.

Also, as you said, Alice and Bob might be interested in stealing anyways 
from Carol, regardless of losing the race, if the stolen funds are more.



On 17/04/2019 13:45, ZmnSCPxj wrote:

> Good morning Alejandro, and list,
> I am uncertain if this would completely solve it, but Discrete Log Contracts has a mechanism by which an Oracle is enforced to reveal its private key, if it publishes multiple signatures signing different messages for a particular sampling.
> It seems like a way to ensure, that a public key is used only once.
> Can this mechanism be somehow used, so that if Alice and Bob sign an alternate transaction spending the A,B output (thus invalidating the sub-factory transaction), they also reveal to Carol the private key?
> Carol can then punish this behavior by burning the A,B output and sending it all as fees to miners.
> However, it may be insufficient.
> If the A,B channel is very small in capacity, Alice and Bob may be willing to sacrifice it in exchange for stealing larger amounts from Carol.
> Regards,
> ZmnSCPxj

Alejandro Ranchal Pedrosa

More information about the Lightning-dev mailing list