[Lightning-dev] Byzantine nodes in Lightning network

ZmnSCPxj ZmnSCPxj at protonmail.com
Tue Jan 7 12:18:34 UTC 2020


Good morning Subhra,


> Is there any literature available on how protocols would get affected in presence of Byzantine nodes ?

I am unaware of such.

In any case, when considering Byzantine faults, a Byzantine fault occurs where one node appears functional to some subset of the the system, but appears broken to a different subset.

When considering the channel mechanism (ignoring the payment layer on top that is built on cross-channel atomic swaps that are built on HTLCs), then the channel mechanism involves only two nodes.

Thus a Byzantine fault is impossible, at least when considering the channel mechanism.
Byzantine faults can only occur if at least three nodes exist: node A appears broken to node B but looks perfectly fine to node C.
At the channel mechanism layer, we only consider that if your channel counterparty seems broken, you can always just drop the channel onchain at any time and enforce any state needed by the payment layer onchain.
Thus, the blockchain resistance to Byzantine actors comes into play when you drop channels onchain.

More interesting is considering the payment layer on top of the channel layer.

If the payment is from a payer with a direct channel to the payee, then it is completely uninteresting, as again this is the same impossible-to-Byzantine, two-participant, we-can-always-drop-things-onchain-at-any-time case.

The interesting case is with a forward, wherein some remote payer sends payments through one or more forwarding nodes.
There is already much literature and analysis regarding the multi-hop forwarding mechanism, including the original Poon-Dryja paper, as well as the "multi-hop locks" paper.

For the most part, for a hop node on a payment attempt, there are three participants:

* Itself.
* The incoming node.
* The outgoing node.

Let us consider each case.

* Suppose itself is Byzantine.
  * Suppose it acts correctly to the incoming node, but acts strangely to the outgoing node.
    * Then the outgoing node will not claim the payment and itself will be unable to claim the payment.
      * At worst-case, the HTLC timeout will come into play and force failure of the payment.
  * Suppose it acts correctly to the outgoing node, but acts strangely to the incoming node.
    * The the outgoing node will claim the payment, but itself will be unable to claim the incoming payment.
      * Itself, if it is rational, would avoid this case, since it would end up paying the payee while the supposed payer does not actually give any money.
* Suppose the incoming node is Byzantine.
  * Then itself would not even know what the outgoing node would be, so this devolves to a 2-participant case.
* Suppose the outgoing node is Byzantine.
  * Then the outgoing node would be unable to claim the payment.
    * Itself will then fail the incoming payment.

The same analysis holds for all hop nodes on a single payment attempt.


> For example, consider that a 2 byzantine nodes open a payment channel, since none of the intermediate transaction in a channel gets recorded, will this impact other transactions which gets routed through this channel ?

Do you mean that the 2 cooperating nodes have a direct payment channel with each other and want to somehow negatively affect the rest of the network?

Those two nodes would be indistinguishable from a single node that has the channels of both nodes.

In fact, the channel between those nodes would be "wasted", i.e. locked for no good reason.
The aggregate of the two nodes would own all the money in that payment channel, and would uselessly allocate funds from one node to the other, even though they true owner is their aggregate and it is no different from the aggregate HODLing its funds in a hot wallet.

In such a case, it is immaterial to the rest of the network what games the aggregate of both nodes plays with the money that it holds solely as its own, in much the same way that you might mentally allocate your liquid funds as "okay, I shall spend 10mBTC on buying new anime, 25mBTC on buying figurines of Asuka-sama, and 100mBTC in donating to ZmnSCPxj, the rest I shall keep in reserve" and nobody else would care (because obviously Rei-chan is objectively better than Asuka-sama).

The only interesting case is if the two nodes are truly independent of each other.
But then the Byzantine problem also arises between these two nodes, thus if they are Byzantine anyway, they are far more likely to be unable to coordinate to attack the rest of the network and are far more likely to harm each other (but this is a cop-out).

Regards,
ZmnSCPxj



More information about the Lightning-dev mailing list