Onion Message Jamming in the Lightning Network

The recent discussion on the proposed backpressure mechanism in network communication highlights some critical vulnerabilities, particularly in the context of bounce amplification attacks. The main concern revolves around how the onion_message_drop signal, intended to notify nodes of dropped messages due to congestion or other issues, fails to reach the original attacker. This failure occurs because the signal becomes trapped in a loop between the two nodes (V1 and V2) repeatedly attributing the flood to each other. This looping prevents the signal from tracing back to the attacker, who is typically located at an earlier hop in the network path.

To address this issue, a new approach has been suggested which involves implementing a stricter rate limit specifically for the onion_message_drop signals sent between peers. A proposed rate of one signal per second per peer could potentially prevent the escalation of mutual blame among victim nodes, thereby avoiding an infinite loop of drop signals. However, this solution does not entirely mitigate the primary problem where victims inadvertently limit each other’s capacity based on erroneous assumptions of source, with the real attacker remaining unaffected by these measures. This limitation indicates that while the rate limiting could reduce the frequency of incorrect attributions, it does not resolve the core issue of the attacker’s invisibility in this scenario.

These insights underscore the need for further refinement of the backpressure proposal to effectively counteract such sophisticated network attacks without harming innocent nodes caught in the feedback loop. Additional strategies and modifications are required to ensure that protective measures do not inadvertently exacerbate the situation or leave the network vulnerable to other forms of exploitation by malicious entities.