lightning-dev

OP_Expire and Coinbase-Like Behavior: Making HTLCs Safer by Letting Transactions Expire Safely

OP_Expire and Coinbase-Like Behavior: Making HTLCs Safer by Letting Transactions Expire Safely

Original Postby Antoine Riard

Posted on: November 2, 2023 05:24 UTC

In the email, Antoine discusses a potential solution for advanced replacement cycling attacks in the context of lightning spending paths.

He mentions the concept of a reverse time-lock, where a lightning spending path becomes invalid after a block height or epoch point. Antoine believes that this solution not only applies to the expiration of htlc-preimage spending paths, but also to channel commitment ones.

Antoine points out a specific attack scenario that is exposed in a GitHub commit (https://github.com/ariard/bitcoin/commits/2023-10-test-mempool-2). He explains that in this scenario, a malicious commitment transaction replaces an honest commitment transaction, and the child-pay-for-parent of the malicious transaction is further replaced by the attacker. This leads to the automatic trimming of the malicious commitment transaction.

Antoine acknowledges that under the lightning protocol semantics, both channel commitments can be legitimately valid. This creates a difficulty as both counterparties cannot trust each other to timely broadcast a commitment state to subsequently claim time-sensitive HTLCs (Hash Time-Locked Contracts).

Antoine suggests that using the new reverse time-lock semantic may safeguard the time-sensitive HTLCs. However, he believes that this would simply shift the security risk from one counterparty to the other. In this case, the forwarding node could receive the preimage off-chain from the payee and block any attempt by the payee to broadcast its commitment transaction before the reverse time-lock expires.

Additionally, Antoine proposes another solution to remove counterparty malleability by setting a package total fees and pre-committing fee-bumping reserves. However, he notes that this approach may require a high level of total reserve for each channel.

In conclusion, Antoine raises important considerations regarding the need for solutions to address advanced replacement cycling attacks and the challenges associated with lightning spending paths and channel commitments.