reply on: Mass Exit Attacks on the Lightning Network [PDF] \ stacker news ~bitcoin

340 sats \ 4 replies \ @om 8 Aug 2022 \ parent \ on: Mass Exit Attacks on the Lightning Network [PDF] bitcoin

Attack 1. Bad guys maneuver themselves into key positions in LN and then suddenly turn off their nodes. Result: LN will experience problems for a short time until somebody opens new channels to fix the problem. Also it's not like maneuvering into key positions is an easy feat to accomplish.

Attack 2: Bad guys open a $100 channel, pay $100 to their other node but then close the $100 channel pretending that they never paid the $100. Watchtowers must slash the bad guys. The point of the paper is that if the bad guys do this a lot and if the watchtowers are not ready to pay higher fees then some stupid watchtowers might fail to slash before the deadline. This raises 2 questions:

why is the window to slash is currently just 3 days? it should be about 2 weeks at least
why the watchtowers are not prepared to pay a higher fee if they're about to lose $100?

167 sats \ 1 reply \ @notgeld 8 Aug 2022

So basically this is the same as Flood and loot described in some paper 1 or 2 years ago.

139 sats \ 0 replies \ @notgeld 8 Aug 2022

Yes, and authors say

The exploited mechanisms partially differ from those used by the attacks presented in this paper, since we do not make use of multi-hop payments, but rather direct channels between nodes.

Translation from academic: we confirm Flood & Loot scheme. However, this attack was being discussed once with Anton Kumaigorodsky who was quite skeptic about attack trade-offs by itself. Attacker has to spend a lot of money to cause congestion and after attack the outcome is not clear.

Looking deeper into history there where 3 papers about LN attacks which released simultaneously, these are:

📍 Counting Down Thunder: Timing Attacks on Privacy in Payment Channel Networks 📍 Flood & Loot: A Systemic Attack On The Lightning Network 📍 Time-Dilation Attacks on the Lightning Network

25 sats \ 1 reply \ @tbonesteaks 8 Aug 2022

Are node operators supposed to run their own watchtowers? Or, do you pay a third party to manage a watchtower for you? I think I'm not understanding where a watchtower sits in the lightning network.

127 sats \ 0 replies \ @om 8 Aug 2022

if you run a node on a desktop or a server, you'd normally have the watchtower built in
if you have a mobile node that only turns on temporarily, then you might want to run a separate watchtower; but if your setup includes both a desktop and a mobile then you probably want to run a normal node on the desktop and Zeus on the mobile
older incarnation of SBW was called BLW and offered watchtowers for rent, I'm not sure what SBW does
Phoenix would connect to a random Electrum server and would remind you to run the app periodically
Breez by default connects to Bitcoin server of Breez itself so the user just has to trust Breez not to steal