[Feature Request] Add optional jitter to forwarded HTLCs #5288
Comments
Definitely. From what I understand of the timing delays utilized on the base layer, they're ineffective against a large-scale attacker (ie a chainanalysis type), so we wouldn't want to add something like this to lnd if we're not certain that it will have the desired privacy gain. Would you be willing to spend some time looking into the kind of jitter that would be effective?
The above is from the paper, which I admit to only skimming, I wonder how it will hold up once AMP is deployed and HTLCs that are split into multiple parts have distinct payment hashes? |
Yes, but I can't commit to any specific time line. I'll look into this more deeply "eventually".
It's a good question, but I think the real problem is not this specific attack but that HTLC message timing leaks information about the payment path. In fact the scope of this issue should really go beyond merely adding jitter. Adding noise is only one possible mitigation. It's probably worthwhile to look at the techniques cryptographers use to prevent leakage of secret data through timing and power side-channels. I suspect at least some of those techniques are directly applicable to this problem, too. |
carlaKC
added
brainstorming
The precise timing of HTLC forwards can enable an on-path adversary to determine with some accuracy the full payment path. One possible mitigation is to add jitter to each forwarded HTLC, like this C-Lightning plugin.
Serious thought needs to be put into this feature to actually withstand serious statistical analysis. Of course it should be optional, and off by default.
The text was updated successfully, but these errors were encountered: