I believe that anyone attempting a DOS by forcing on-chain settlement can do it just as easily with asymmetric delays than with symmetric delays.
If my goal is to waste the time-value of your money in a channel, in a world with symmetric delays, I could just publish the commitment transaction and you would have to wait the full delay for access to your funds. True. But with delays asymmetric as they are now, I can just as easily refuse to participate in a mutual close, forcing you to close on-chain. This is just as bad. In fact, I'd argue that it is worse, because I lose less by doing this (in the sense that I as the attacker get immediate access to my funds). So in my assessment, it is a very active attack and symmetric delays are something of a mitigation. You are right that the balance of funds in the channel becomes a factor too, but note that there is the reserve balance, so I'm always losing access to some funds for some time. -jimpo On Sun, Apr 15, 2018 at 6:35 AM, ZmnSCPxj <zmnsc...@protonmail.com> wrote: > Good morning Daniel, > > > This makes a lot of sense to me as a way to correct the incentives for > closing channels. I figure that honest nodes that have truly gone offline > will not require (or be able to take advantage of) immediate access to > their balance, such that this change shouldn't cause too much inconvenience. > > I was trying to think if this could open up a DOS vector - dishonest nodes > performing unilateral closes even when mutual closes are possible just to > lock up the other side's coins - but it seems like not much of a concern. I > figure it's hard to pull off on a large scale. > > > > Now that you bring this up, I think, it is indeed a concern, and one we > should not take lightly. > > As a purely selfish rational being, it matters not to me whether my > commitment transaction will delay your output or not; all that matters is > that it delays mine, and that is enough for me to prefer a bilateral close > if possible. I think we do not need to change commitment transactions to > be symmetrical then --- it is enough that the one holding the commitment > transaction has its own outputs delayed. > > If I had a goal to disrupt rather than cooperate with the Lightning > Network, and commitment transactions would also delay the side not holding > the commitment transaction (i.e. "symmetrical delay" commitments), I would > find it easier to disrupt cheaply if I could wait for a channel to be > unbalanced in your favor (i.e. you own more money on it than I do), then > lock up both our funds by doing a unilateral transaction. Since it is > unbalanced in your favor, you end up losing more utility than I do. > Indeed, in the situation where you are funding a new channel to me, I have > 0 satoshi on the channel and can perform this attack costlessly. > > Now perhaps one may argue, in the case of asymmetric delays, that if I > were evil, I could still disrupt the network by misbehaving and forcing the > other side to push its commitment transaction. Indeed I could even just > accept a channel and then always fail to forward any payment you try to > make over it, performing a disruption costlessly too (as I have no money in > this). But this attack is somewhat more passive than the above attack > under a symmetrical delay commitment transaction scheme. > > Regards, > ZmnSCPxj >
_______________________________________________ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
