Dear Tony, Thank you for putting emphasis on this. I was actually waiting for someone to publicly exploit this.
> The reason this is possible is because [...] currently channel IDs are > based on UTXO's. Scid aliases may be the biggest benefit here, but the use > of `unknown_next_peer` , `invalid_onion_hmac`, `incorrect_cltv_expiry`, > and `amount_below_minimum` have been the biggest helpers in exploiting > channel privacy. > Just for reference the exploit with short_channel_ids is known since 2019: https://github.com/lightning/bolts/issues/675 Though it is nice you point out explicitly the use of error codes of onions. > By creating a probe guessing the Channel ID based on unspent p2wsh > transactions, it's a `m * n` problem to probe the entire network, where `m` > is utxos and `n` is nodes. > It is the main reason why I didn't do this. Though similar to you probing ACINQ's node one could probabilistically learn which nodes tend to have unannounced channels and gain some speedup by probing those nodes first. Also wallets tend to have poor utxo management. So looking at the on-chain signal one can probably guess for a p2wsh to which two nodes it might belong and try them first. These two strategies should reduce the number of tested nodes for a newly seen p2wsh output significantly and probably make it feasible to probe the network as new blocks come in. With kind regards Rene Pickhardt
_______________________________________________ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev