๐
Original date posted:2022-04-01
๐ Original message:
Good morning list,
In the last couple of months, @thomash-acinq and I have spent a lot of time
working on route blinding for payments [1]. As you may know, route blinding
is a prerequisite for onion messages [2] and Bolt 12 offers [3].
Using route blinding to provide anonymity for onion messages is quite
simple, but it is harder to use safely for payments. The reason for that is
that the lightning network is a very heterogeneous channels network.
The parameters used to relay payments vary widely from one channel to the
other, and can dynamically vary over time: if not accounted for, this can
provide an easy fingerprint to let malicious actors guess what channels are
actually used inside a blinded route. The ideas behind these probing attacks
are described in more details in the route blinding proposals [4].
To protect against such attacks, the latest version of the route blinding
specification lets the recipient impose what parameters will be used by
intermediate blinded nodes to relay payments (instead of using the values
they advertise in their `channel_update`). The parameters that matter are:
* `fee_base_msat`
* `fee_proportional_millionths`
* `cltv_expiry_delta`
* `htlc_minimum_msat`
* `features` that impact payment relaying behavior
We'd like help from this list to figure out whether these are the only
parameters that an attacker can use to fingerprint channels, or if there
are others that we need to take into account to guarantee user privacy.
Note that these attacks only work against public channels: wallet users
relying on unannounced channels are not at risk and will more easily
benefit from route blinding.
I spent a lot of time re-working the specification PR to make it as clear
as possible: please have a look at it and let me know if I can do anything
to make it better. Don't hesitate to reach out directly with questions and
feedback. I strongly recommend to start with the high-level design doc [5],
as natural language and detailed examples will help grasp the main ideas
and subtleties of the proposal.
Cheers,
Bastien
[1] https://github.com/lightning/bolts/pull/765
[2] https://github.com/lightning/bolts/pull/759
[3] https://github.com/lightning/bolts/pull/798
[4]
https://github.com/lightning/bolts/blob/route-blinding/proposals/route-blinding.md#attacks
[5]
https://github.com/lightning/bolts/blob/route-blinding/proposals/route-blinding.md
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20220401/6f0347cd/attachment.html>;
Bastien TEINTURIER [ARCHIVE] /
npub17fโฆntr0s
2023-06-09 15:05:41
in reply to nevent1qโฆr6k0
Author Public Key
npub17fjkngg0s0mfx4uhhz6n4puhflwvrhn2h5c78vdr5xda4mvqx89swntr0sPublished at
2023-06-09 15:05:41Event JSON
{
"id": "fce91610316aa95c0a52b345447c6013d0095cec3912430a4bb1dc6879d52954",
"pubkey": "f26569a10f83f6935797b8b53a87974fdcc1de6abd31e3b1a3a19bdaed8031cb",
"created_at": 1686315941,
"kind": 1,
"tags": [
[
"e",
"f459ebb63a15dbab8b35774a24bffda50336133f535bb3d3ce781722a95a7bab",
"",
"reply"
],
[
"p",
"9456f7acb763eaab2e02bd8e60cf17df74f352c2ae579dce1f1dd25c95dd611c"
]
],
"content": "๐
Original date posted:2022-04-01\n๐ Original message:\nGood morning list,\n\nIn the last couple of months, @thomash-acinq and I have spent a lot of time\nworking on route blinding for payments [1]. As you may know, route blinding\nis a prerequisite for onion messages [2] and Bolt 12 offers [3].\n\nUsing route blinding to provide anonymity for onion messages is quite\nsimple, but it is harder to use safely for payments. The reason for that is\nthat the lightning network is a very heterogeneous channels network.\n\nThe parameters used to relay payments vary widely from one channel to the\nother, and can dynamically vary over time: if not accounted for, this can\nprovide an easy fingerprint to let malicious actors guess what channels are\nactually used inside a blinded route. The ideas behind these probing attacks\nare described in more details in the route blinding proposals [4].\n\nTo protect against such attacks, the latest version of the route blinding\nspecification lets the recipient impose what parameters will be used by\nintermediate blinded nodes to relay payments (instead of using the values\nthey advertise in their `channel_update`). The parameters that matter are:\n\n* `fee_base_msat`\n* `fee_proportional_millionths`\n* `cltv_expiry_delta`\n* `htlc_minimum_msat`\n* `features` that impact payment relaying behavior\n\nWe'd like help from this list to figure out whether these are the only\nparameters that an attacker can use to fingerprint channels, or if there\nare others that we need to take into account to guarantee user privacy.\n\nNote that these attacks only work against public channels: wallet users\nrelying on unannounced channels are not at risk and will more easily\nbenefit from route blinding.\n\nI spent a lot of time re-working the specification PR to make it as clear\nas possible: please have a look at it and let me know if I can do anything\nto make it better. Don't hesitate to reach out directly with questions and\nfeedback. I strongly recommend to start with the high-level design doc [5],\nas natural language and detailed examples will help grasp the main ideas\nand subtleties of the proposal.\n\nCheers,\nBastien\n\n[1] https://github.com/lightning/bolts/pull/765\n[2] https://github.com/lightning/bolts/pull/759\n[3] https://github.com/lightning/bolts/pull/798\n[4]\nhttps://github.com/lightning/bolts/blob/route-blinding/proposals/route-blinding.md#attacks\n[5]\nhttps://github.com/lightning/bolts/blob/route-blinding/proposals/route-blinding.md\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20220401/6f0347cd/attachment.html\u003e",
"sig": "cb69d2460ca82984275ce92a4270eabb6ff1679ff819ffe41d2ce13bd0415d9b6a1909beab0b79a4e1d7811abc74d200b3cd5a5f03b58c382f260a1dfaa7386b"
}