0
Following requirements have been placed on the receiving nodes related to the channel_update message in BOLT #7.
- if timestamp is NOT greater than that of the last-received
channel_updatefor thisshort_channel_idAND fornode_id:
- SHOULD ignore the message.
- otherwise:
- if the timestamp is equal to the last-received
channel_updateAND the fields (other than signature) differ:
- MAY blacklist this
node_id.- MAY forget all channels associated with it.
According to my understanding the receiving node will first check the signature of related the dsha256 of the entire message before verifying the timestamp and not check the remainder of the message if the signature is invalid. So if other fields apart from signature are changed, then the signature will not be valid (as the message has changed) and the node will not process the message further.
Now here's the thing I'm wrestling with: If the node still plans to check the message (as shown in the quoted text above) even though the signature is invalid and then go forward to blacklist the node, it can give rise to DoS attacks. A malicious nodes will just take a channel_update message that it received in the past from a node, change some fields like htlc_minimum_msat and rebroadcast to other nodes. Those receiving nodes will then simply blacklist the node_id without any wrongdoing from its part as (1) the timestamp is equal to the one it received in the past, (2) signature is same AND (3) other fields have changed.
So I feel that this check is simply not needed and if the software goes on to process this message despite checking the signature then it can give rise to attacks from malicious parties. Where am I incorrect in my thought process?
That's what is confusing me. It is said in the documentation that if: (1) time stamp is unchanged; (2) signature is unchanged; (3) but other fields are changed as compared to prior
channel_updatemessage then, blacklist thenode_id. However, if other fields are changed, then the signature can no longer be valid, so the node should not parse the message further and hence will not detect that the what has been changed and what is not. So there is no way the node can be blacklisted. – Ugam Kamat – 2019-06-13T14:00:54.870So either that rule in the BOLT #7 is redundant as the node would never reach to validating that rule if signature is invalid otherwise it might lead to DoS attacks as I mentioned – Ugam Kamat – 2019-06-13T14:02:05.603
The rule is saying that you should not accept multiple
channel_updatewith the same timestamp but different information (particularly the fields belowtimestampin the message definition). It is possible to have the same information, same timestamp, but different signature, and the signatures all be valid, because the signature is generated using some random numberk. The signer could sign the same details but using a different random number, and this should not result in blacklisting. – Mark H – 2019-06-13T14:37:52.490I see what you are trying to say and its fair. But that stage of checking will never reach as signature validation is done first, so why have it? – Ugam Kamat – 2019-06-13T15:32:35.823
Stated above. If a valid signer signs multiple
channel_updateper second, with different information, then signature validation will pass, but the messages will be classed as spam and the signer will be blacklisted. – Mark H – 2019-06-13T15:38:30.313Yes, but if that guys is signing the
channel_updatemessage with a valid signature then it will be DIFFERENT for every message he sends if he changes the data. So, changing the data cannot have the SAME signature as it is invalid. The condition says, the signature should be same as previous and data should be different. This is not possible without invalidating the signature – Ugam Kamat – 2019-06-13T15:58:33.977That is not what it says. The check for the timestamp and equivalent data will not even occur if the signature is invalid. These checks are conditional on the signature being valid. An invalid signature will result in ignoring the message and disconnecting from the peer who sent it. – Mark H – 2019-06-13T16:18:31.603
Let us continue this discussion in chat.
– Ugam Kamat – 2019-06-13T16:20:59.660