One of the biggest problems in Lightning finally has a solution.
CHANNEL JAMMING–
A Hybrid Approach:
Firstly, what is channel jamming?
Jamming is a type of denial of service (DDoS) attack on Lightning channels.
The goal of the attack is to make a Lightning channel unusable.
To execute this attack, a malicious actor sets up two nodes and sends payments between them.
However, they don’t release the preimage (the secret number that unlocks funds across the route) for each payment promptly, leaving the payment stuck “in flight”.
By sending a payment to themselves, and never releasing the secret, the attacker can let payments “hang” in flight, until the timelock on the HTLC (hashed timelock contract) expires.
This is a problem because each channel can only have a fixed number of in-flight payments: 483.
Side quest:
Why only 483 max “in flight” HTLCs?
Well, it has to do with the maximum size of an on-chain BTC transaction.
If you had more than 483 HTLCs and needed to close the Lightning channel, the transaction would be too large to enforce on-chain.
So, to summarize:
Jamming is a DDoS attack that makes Lightning channels unusable.
Victims of channel jamming cannot send and receive payments or earn routing revenue.
But how big is this problem?
To put it in perspective, an attacker could potentially jam the entire LN for only 500,000 to 3M sats per month (according to Antoine Riard and Gleb Naumenko)
By jamming only 20% of the channels (14,000 channels), the attacker could make the entire network unusable(1).
As you can see now, this is a pretty serious issue.
So what’s the solution?
We are not cavemen, after all!
Channel jamming has been a known problem in LN since 2015.
As you can imagine, there are many ideas about how to properly solve it.
But for this thread, we’re going to focus solely on Carla Kirk-Cohen, Clara Shik, and Sergei Tikhomirov’s “hybrid” approach.
Their approach is a combination of two main ideas:
1. Unconditional fees2. Reputation scheme
Each idea solves a different type of jamming:
Unconditional fees for “fast” jamming.
Reputation scheme for “slow” jamming.
Just to clarify real quick,
Fast jamming is a constant stream of HTLCs that fail instantly (think of a machine gun).
While slow jams remain “in flight” for hours or even days (more like a hostage situation).
1/ Unconditional fees
A fee should be paid unconditionally, regardless of whether the payment fails or succeeds.
Ideally, this would make fast-jamming attacks prohibitively expensive.
However, that may impose too much of a burden on honest users.
A more realistic goal is to compensate the routing node under attack for the lost revenue.
According to a simulation Clara & Sergei built, if we increase the fees paid by just 2%, routing nodes would be fully compensated for any jamming attacks.
So for example, if a normal payment fee was 100 sats, an additional 2 sats upfront on all payments would be sufficient.
2/ Reputation scheme
While fees are great for addressing fast-jamming attacks, they are ineffective against slow-jamming attacks.
For this reason, the hybrid approach incorporates a reputation scheme.
The reputation scheme is local.
Nodes only assign reputation to their peers.
This reduces a ton of complexity, as local reputation requires no coordination across the network.
So how does the reputation scheme work?
Nodes keep track of their peers’ past history.
If a peer forwards honest payments that bring in sufficient fee revenue, the node considers that peer “high-reputation”.
If a peer constantly forwards jams, the node considers it “low reputation”.
Nodes also have the option to “endorse” payments that they forward.
So for example, a payment endorsed by a high-reputation peer is considered *low-risk*.
While an un-endorsed payment from a low-reputation peer may be considered *HIGH* risk.
By using slot bucketing in combination with this reputation scheme, we can limit the number of “in-flight” high risk payments at any given time.
This prevents a malicious actor from fully jamming a channel.
So let’s say the 4 general slots are all jammed.
If an HTLC isn’t endorsed, we fail it.
We don’t allow the un-endorsed HTLC to use up more of our liquidity.
However, if a payment is endorsed from a high-reputation peer, we will forward it along.
Each node can create their own custom parameters for these slots & reputation based on their risk tolerance.
High risk tolerance? Maybe you allocate more slots toward un-endorsed HTLCs.
Low tolerance? Maybe you only forward endorsed HTLCs.
It’s up to the individual to decide.
TLDR;
The hybrid approach combines unconditional fees (for fast-jamming), and a reputation scheme (for slow-jamming).
An upfront fee increase of 2% can effectively repay routing nodes for fast-jamming attacks, and the local reputation scheme takes advantage of HTLC endorsement and slot bucketing to ensure that a given channel can never be fully jammed.
Resources/Further information:
If you’re running a Lightning node, you can help this research effort!
Fill out their survey here:
Google Docs
Mainnet Data Collection Volunteer Form
If you would like to volunteer to run *local* data collection to help further inform the specification of hybrid solutions to channel jamming mitig...
Check out the BOLT PR here:
GitHub
draft: HTLC Endorsement to Mitigate Channel Jamming by carlaKC · Pull Request #1071 · lightning/bolts
This PR introduces an endorsed TLV to update_add_htlc as a way for nodes to indicate whether they expect a HTLC to resolve "honestly". No...
And here’s a summary of the full research paper:
Unjamming Lightning · Chaincode Labs Research
Sources:(1):
That’s it!
We hope you learned something new.
Special thanks to Carla, Clara, Sergei, and Chaincode Labs for their awesome work on this🙏🏻
Follow us for more!
1/
What is script?
Script is a simple programming language that is not Turing complete.
It lacks certain logical functionality, including loops, to prevent people from spamming the network and harming nodes.
Script logic is used to check the validity of signatures in bitcoin transactions.
If a script is valid- nodes will relay the tx to other nodes.
Script executes in a stack data structure, similar to an array.
The most common script type is Pay to Public Key Hash (P2PKH), a simple script that pays to the hash of a public key, otherwise known as an address.
However, since the advent of SegWit, we’ve seen a marked increase in the amount of Pay to Witness Script Hash (P2WSH) outputs.
There are many different types of Script, including:
Pay to Pubkey (P2PK)
Pay to Pubkey Hash (P2PKH)
Pay to Script Hash (P2SH)
Pay to Witness Pubkey Hash (P2WPKH)
Pay to Witness Script Hash (P2WSH)
Pay to Multisig (P2MS)
Pay to Taproot (P2TR)
NULLdata (OP_RETURN)
The simplest script is Pay to Pubkey.
It has one operator, “Checksig”.
All it does is compare the signature of the tx to the public key, to verify that the signature could only have been produced by the person with the private key that was used to derive the public key.
In fact, the first-ever coinbase transaction from the genesis block in 2009 was a Pay to Pubkey output.
There are tons of different functions that script can execute.
They are defined by the Opcodes used to construct the script.
Here are some of the most common Opcodes:
The SHA256 and RIPEMD160 functions are pretty straightforward.
They just compute the hash of a given input.
CHECKSIG consumes a public key and checks the validity of a signature, like in the Pay to Pubkey example.
CHECKMULTISIG consumes multiple public keys and multiple signatures, and checks to make sure that there are enough valid signatures to unlock the BTC.
You can also execute addition, subtraction, duplication, and a myriad of other functions.
TLDR;
Bitcoin Script is a simple programming language that isn't Turing complete.
It’s used to lock and unlock bitcoin, not to build applications.
Nodes run script when they receive a tx to verify its validity.
Opcodes execute different functions within a script.
We hope you learned something new from this thread!
Special thanks to Greg Walker for his amazing tutorials and graphics.
Follow us for more Bitcoin and Lightning content.
If you didn’t already know, BOLT stands for Basis of Lightning Technology.
BOLTs are like BIPs for the Lightning Network.
BOLT 12 is already supported experimentally on Blockstream’s Core Lightning and is also being actively implemented by the teams at Acinq, LDK, & Lightning Labs.
BOLT 12 is distinct from BOLT 11 (the current invoicing spec on LN) in a bunch of different ways.
The main component of BOLT 12 is a new type of invoice called an “offer”.
An offer can be thought of as a ‘meta’ invoice- an invoice on top of an invoice.
Offers are useful because they are persistent and static.
This means that you can use them for donation pages, billboards, and zapping fellow plebs on Nostr!
BOLT 11 invoices, on the other hand, can only be used once, and must be generated in real-time.
BOLT 12 offers also allow you to create recurring subscriptions denominated in sats OR dollars.
This could be used to fund paid relays or creators (Patreon style), and for other subscription services.
BOLT 12 is Lightning native, which means that it’s different from LNURL/Static LN addresses because you aren’t required to run a web server to generate invoices.
Your Lightning node handles all the work.
This allows for fully self-custodial zapping⚡️
TLDR;
BOLT 12 would be a dramatic improvement for Lightning and Nostr.
BOLT 12 allows for:
-Subscriptions denominated in USD (but settled in sats)
-Static Zapping
-Self-Custodial Zapping
Thanks for reading.
We’re going to start posting all our threads on here.
Follow for more!
Also, if you run a large Lightning node and you haven’t tried Torq yet, you’re seriously missing out!
Check it out on Umbrel & Btcpayserver or download it straight from GitHub: