search

LNP-BP / LNPBPs

LNP/BP standards for bitcoin layer 2 & 3 protocols
https://standards.lnp-bp.org
202 stars 39 forks source link

Mitigation of Sybil attacks in LN #91

Closed GrandGarcon closed 3 years ago

GrandGarcon commented 3 years ago

Context

Griefling attack countermeasure and UTXO Flood and loot are some of the latest attacks being presented in academia on orignal lightening protocol pecs . so thus the dev team is working on the standards to handle these type of Sybil attacks ( wither via implementation of modified HTLC protocol / new encryption scheme to insure commitments to be consistent during the transaction) .

possible recommendations

UkolovaOlga commented 3 years ago

citing @GrandGarcon from the RGB Q&A chat: "Does RGB protocol in some sense trying to manage the attacks, specially for the transactions in UTXO group, and whether there is any specs that you have been writing to explain the possible solution?"

@dr-orlovsky

rajarshimaitra commented 3 years ago

Most of the attacks, both the above two and in general lightning network attacks have to do with HTLCs. While the defence for griefing attack requires a new form of commitment revocation structure like HTLC-GP, the utxo flood attack is inherent to HTLCs and cant be fixed completely.

It is also a widescale discussion in LN community, because of these problems of HTLC, is to have other forms of commitment revocation structure, like PTLCs and Eltoo.

As far as I understand lnp-node is being specifically designed considering such a situation in mind, where we might need to change the commitment revocation process completely. Thus it is being designed in modular ways. So theoretically it should be possible to run lnp-node with any kind of better substitute of HTLCs.

IMO this is the only logical approach of making a flexible LN node. Because the market cannot build out every solution for all the academic attacks and we don't know which mix of solutions will actually be adopted in large scale. It is very much possible that LN will require deep technical modification to address all these ongoing attack issues, so its important to be versatile enough to adopt whatever solution emerging in the market. And lnp-node is probably the only implementation that can handle such transition/upgrade smoothly.

GrandGarcon commented 3 years ago

Thanks , Indeed your analysis is correct . the initial paper (2016 , Joseph Phoon et al , pg 3.3.1 ) do mention the possibilities of the attacks of flooding in the mempool and unreliable CT's . so in case , there can be addition of the special bits that can given some kind of information to the intermediate nodes , so that they can reject the possible modifications done by the intermediate nodes for changing TS for lockup period etc.