Good afternoon list,

I have touched on Link MPP over alternative routes before [0]. The idea is
that a node inside a payment route finds an alternative route to the next
node via one (or more) intermediary nodes. ZmnSCPxj and Christian Decker
were kind enough to discuss the topic with me a bit more, and since it
seemed feasible I went ahead and made a proof of concept by developing a
core-lighting plugin called Payment Splitting & Switching (PSS) [1]. There
is also a screencast showing the plugin in action. [2]

The plugin works as follows. The plugin announces its support for PSS at
`init`. If Alice and Bob both support PSS, and Alice receives a payment to
be relayed to Bob, she can decide to split up the payment into multiple
parts. One part will follow the original route and use the original onion,
but it will commit to an HTLC that carries an amount less than the intended
amount. Upon receiving that HTLC Bob receives the onion that allows him to
forward the payment, but because the HTLC carries less than expected, he
will wait for another payment from Alice. Alice sends that payment like a
normal payment to Bob over an alternative route, e.g. via a single
intermediary node, but contingent on the payment hash of the original
payment. Bob does a little bit of housekeeping to check if the combined
HTLCs are enough for him to forward the payment, and if so, the payment is
forwarded as normal.

My interest in Link MPP and PSS (which is basically Link MPP combined with
JIT-routing [3]) arose through my research in the Balance Discovery Attack
(BDA), aka the probing attack. From the perspective of that attack it is
interesting to note that PSS allows for route changes and amount changes
*without the sender knowing about it*. So when an attacker has to assume
that PSS is used, its interpretation of information obtained through a BDA
changes completely. Using real-world data in an LN simulator I saw up to a
62% drop in information gain when PSS is deployed compared to earlier work
(Alex Biryukov et al.) without PSS [4].

For details I refer to my preprint on the Cryptology ePrint Archive [5].
Any feedback on it would be highly appreciated. I would also love to hear
your thoughts on what role PSS could play, if any, in mitigating probing
and/or jamming.

Because the paper is at times quite technical, I have also written a set of
blog posts introducing the research. [7][8]

Finally, I think PSS would also work with PTLC, but because this post is
long enough as is, I will leave that for another time.

Thank you for your time,

Gijs van Dam
https://www.gijsvandam.nl


[0]:
https://lists.linuxfoundation.org/pipermail/lightning-dev/2021-August/003144.html
[1]: https://github.com/gijswijs/plugins/tree/master/pss
[2]: https://asciinema.org/a/520416
[3]:
https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-March/001891.html
[4]: https://link.springer.com/book/9783031182846
[5]: https://eprint.iacr.org/2023/1360
[7]:
https://www.gijsvandam.nl/post/all-types-of-multi-part-payments-in-lightning-network-explained/
[8]:
https://www.gijsvandam.nl/post/the-effect-of-multi-part-payments-on-the-balance-disovery-attack/
_______________________________________________
Lightning-dev mailing list
Lightning-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev

Reply via email to