carlaKC
commented
3 years ago Serious thought needs to be put into this feature to actually withstand serious statistical analysis.
Definitely. From what I understand of the timing delays utilized on the base layer, they're ineffective against a large-scale attacker (ie a chainanalysis type), so we wouldn't want to add something like this to lnd if we're not certain that it will have the desired privacy gain. Would you be willing to spend some time looking into the kind of jitter that would be effective?
The feasibility of timing attacks relies on the possibility to build a reliable model of latencies, and on the adversary’s capability of observing and correlating of suitable interactive multi-hop message exchanges, such as the current update_add_htlc, update_fail_htlc, and update_fulfill_htlc message payloads.
The above is from the paper, which I admit to only skimming, I wonder how it will hold up once AMP is deployed and HTLCs that are split into multiple parts have distinct payment hashes?
ajpwahqgbi
The precise timing of HTLC forwards can enable an on-path adversary to determine with some accuracy the full payment path. One possible mitigation is to add jitter to each forwarded HTLC, like this C-Lightning plugin.
Serious thought needs to be put into this feature to actually withstand serious statistical analysis. Of course it should be optional, and off by default.