This attack isn't easy. Pulling it off involves:

 - opening two channels with the victim.
 - routing a payment through them.
 - successfully replacement-cycling the victim's htlc-timeouts for Δ blocks.
 - without the victim discovering the htlc-preimage transaction.


jumping right on ahead to "omg, rare, extremely difficult attack that everyone knows about now means change bitcoin" is pretty ridiculous.

soundbites about how bitcoin and lightning are busted are beyond ridiculous in the light of the conditions laid out above. ONLY ONE OF THEM HAS TO BE BLOCKED. Unless I'm mistaken, when it says "open two channels" this means "with one key". SNIP, straight away easy to prevent. straight away, everyone who has something at stake is already sorting through their channels and force closing everything that is suspect looking just for that minimal element.

and since i know a bit about the signatures and ciphers and ECDH it smells to me like an error in the use of elliptic curves.

maybe it will require a substantial, minor version bumping change that is not backwards compatible but i don't think anyone is gonna be a hard sell on a well hammered out solution.

thanks nostr:nprofile1qqstm0smm0ymyk5d38v0mtctuxsdekphhtykj86e0zffqwjlmkrwylcpz9mhxue69uhkummnw3ezuamfdejj7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uqsuamnwvaz7tmwdaejumr0dshsuj20g3  for dropping the link, i hadn't followed that account on this new nym yet.