Leo Wandersleb's avatar
Leo Wandersleb leo@nostr.info 1 year ago
I think the problem is that large LSPs actually have some control over funds as they can close more channels on old states than can actually punish them for doing so (What's the term for this attack?). If there was no way of stealing users' money, reputation would be less of an issue and the stability over TOR ... I'm sure we can fix this. How about TOR nodes that take e-cash for routing? TOR only adds few hops to the route so it shouldn't make LN payments impossible unless the network is saturated which paying for the service should be able to solve.
↑ Parent

Replies (3)

waxwing's avatar
waxwing 1 year ago
I had the same gut reaction. It may at least be possible, if extremely difficult, to get past the need for good repute ... LN penalty not ideal here, clearly.
1 replies ↓
David A. Harding's avatar
David A. Harding dave@dtrt.org 1 year ago
I don't think LN-penalty is the main problem here, as the most powerful form of the attack starts by filling channels with as many expiring HTLCs as possible, which is a problem for any channel design. The only solutions I'm aware of are (1) temporary dynamic block size increases, which only increase the cost of the attack by a small multiple, (2) some form of time stop, although that increases the risk of capital losses from the time value of money, and (3) various bond designs, although they upfront accept losses to the time value of money. Of those options, I think bonds may be under explored but I also think that the main downsides of time stop may be almost entirely mitigated by John Law's hierarchical channel factories design, which would involve channels being opened by three parties, with two preferred partners being able to continue exchanging funds in the channel even if the third counterparty initiated a force close that was taking forever due to a time stop.