Welcome to Latest Strikes, your weekly report of the latest Lightning-related news. Last week caught my eyes with a refreshing VPS-first Lightning node project, an interesting discussion around Onion Message jamming, and Eltoo channels on signet.
I want to preface this edition with a quick question on StackerNews etiquette. Latest Strikes now has its own website, so do you stackerzz still prefer having the full text here, or just a link to the website? Thanks
Virtual Private NodeVirtual Private Node
The v0.4.0 of the Virtual Private Node[1] now ships with LND by default, and a very nice TUI to manage the node. The goal of the project is to provide a one-command installer to let users go from nodeless to node runners in minutes.
This project is quite refreshing and looks pretty gorgeous, so we'll probably follow it closely in future issues. Nice work @ripsline.
Onion Message JammingOnion Message Jamming
A very interesting discussion around Onion Message jamming in the Lightning Network took place on Delving Bitcoin last week. It started with a very clear summary of the issue and proposed solutions by Erick Cestari from Lightning Labs.
Onion Messages (OM) are messages transferred across the network of Lightning nodes using onion routing, akin to how payments are routed across the LN (or how packets travel in the TOR network). One of their primary use cases today is for Bolt12 Offers, where onion messages are used to send invoice requests and invoices themselves across the network in a privacy-preserving manner. An issue is that, much like channel jamming, onion messages can be abused to spam nodes, although the exact nature of the ressource being wasted differs[2]. To prevent spam, all Lightning implementations supporting Onion Messages[3] also ship a rate-limiting mechanism. However, when an attacker engages in a wide spam attack across the network, these rate-limiting mechanisms are triggered at large, disrupting the propagation of onion messages. This is onion message jamming.
The explored solutions are:
- tying onion message forwarding to the payment of an upfront fee, either per message, batched or with a session system ;
- limiting the number of hops (either with a hard limit, or by requesting a PoW which difficulties grows with the number of hops) and tying a node's "onion messaging allowance" to its public capacity ;
- propagating backward a "message dropped" signal when rate limits are reached, instead of silently dropping messages.
Here is a short, non-exhaustive pros and cons table:
| Mitigation Mechanism | Pros | Cons |
| Upfront fee (per payment/batch) | Compensates nodes for the use of their ressources. Makes attacks costlier. | Couples OM forwarding to the channels topology[4] |
| Upfront fee (session) | Like above, but can be paid through other AMP to loosen the coupling to the channel topology | More complexity |
| PoW + capacity-based allowance | Requires a lot of channels to carry out a large attack | Reduces privacy and excludes nodes without public channels |
| Backward Propagation | Lightweight and reactive[5] | An attacker can sustain a low-grade degradation of the network |
This is only a condensed summary of the discussion, and I encourage the reader to delve into Erick Cestari's recap, as well as the resulting discussion. What seem to emerge is that:
- with LND's implementation of Onion Messages coming, now would be a good time to implement at least a minimal OM jamming mitigation mechanism,
- the backward propagation mechanism is the simplest, and could act as a first stepping stone,
- upfront fee-mechanisms are more potent, but also more complex.
Eltoo State Channels On SignetEltoo State Channels On Signet
Aaron Zhang demonstrated an Eltoo channel state chain on the Inquisition signet, going from opening the state channel, to updating its state a few times and settling it on-chain. It uses SIGHASH_ANYPREVOUT (APO) for the state transitions, and settles using CTV.
That's it for last week! Once again, thanks a lot for reading this far, and until next week!
That's a pun on VPS, on which this software is design to run, although it can of course run on any machine. ↩
In channel jamming, the ressource is liquidity. In onion messages, the spam is more akin to the traditional issues linked to wasting ressources and DoS attacks. ↩
Which is all of them, with LND still working on its implementation. ↩
Note that it is already partially the case, since most rate-limiting rules give higher limits to peers with a shared channel. But the upfront fees turns this soft coupling into a hard coupling. ↩
The reactive nature of this mechanism, meaning it only starts after the network begins to be disrupted, can be seen as a drawback. However, it also means that under nominal conditions nothing gets in the way of the flow of onion messages. ↩
I really enjoy reading the full newsletter here (but I realize it's extra work so I subscribed as well).
I'd love to help you find more readers. If there's anything I can do to be helpful on that count, let me know.
Thank you so much for your kind words! Honestly putting the whole piece out on StackerNews isn't that much extra work at all, so I really don't mind (quite the opposite actually!). I was more thinking that maybe stackers prefer links to discussions (when applicable), but if that's not the case I'm quite happy to continue posting the whole thing here.
PS: thanks for the shoutout on nostr 🙏
PPS: I'm running the whole newsletter stack myself, so there are good chances that emails fall in the spams folder. I see that you've successfully confirmed your subscription so you're all set, but some providers tend to put my emails back into the spam folder from time to time. I think adding to contacts or marking as non-spam helps, but I'm still a bit cargo-culting here. Anyway, thanks for subscribing!
Backward propagation as a first step makes sense — it's the lowest friction option and at least gives nodes visibility into what's happening. Starting with upfront fees right away would probably slow down BOLT12 adoption at the worst possible time.
The real question is whether "low-grade degradation" from an attacker under backward propagation is tolerable enough to buy time for a proper fee-based solution later, or if it just becomes the permanent state nobody bothers to fix.