Oddbean new post about login | logout Is it feasible to run LSPs on TOR anonymously?
Noncustodial wallets want a reliable UX which generally relies on the LSP being stable and reputable, which sadly means not Tor and generally requires them to be large for profit companies.
I think the problem is that large LSPs actually have some control over funds as they can close more channels on old states than can actually punish them for doing so (What's the term for this attack?). If there was no way of stealing users' money, reputation would be less of an issue and the stability over TOR ... I'm sure we can fix this. How about TOR nodes that take e-cash for routing? TOR only adds few hops to the route so it shouldn't make LN payments impossible unless the network is saturated which paying for the service should be able to solve.
I had the same gut reaction. It may at least be possible, if extremely difficult, to get past the need for good repute ... LN penalty not ideal here, clearly.
I don't think LN-penalty is the main problem here, as the most powerful form of the attack starts by filling channels with as many expiring HTLCs as possible, which is a problem for any channel design. The only solutions I'm aware of are (1) temporary dynamic block size increases, which only increase the cost of the attack by a small multiple, (2) some form of time stop, although that increases the risk of capital losses from the time value of money, and (3) various bond designs, although they upfront accept losses to the time value of money. Of those options, I think bonds may be under explored but I also think that the main downsides of time stop may be almost entirely mitigated by John Law's hierarchical channel factories design, which would involve channels being opened by three parties, with two preferred partners being able to continue exchanging funds in the channel even if the third counterparty initiated a force close that was taking forever due to a time stop.
You are pointing to the LN penalty as a problem but isn't it exactly what makes it harder for LSPs to pull forced expiration spam attacks?
The attack you describe was called "forced expiration spam" in the original LN paper. I usually call it an "expiration flood". Other people have other names for it. See https://bitcoinops.org/en/topics/expiration-floods/
Tor latency is not ideal for order routing.
Is that because of the inherently required extra hops on TOR or because of those TOR nodes being congested? If it's the latter, we could have TOR nodes that take e-cash payments to manage supply and demand.
running a routing node as a Tor hidden service introduces 6 hops between the client and service. the increased latency, timeouts, and failure rates associated with just these 6 hops has been enough for routing nodes to forego allocating liquidity and serving clients over Tor if the average number of routing node hops per lightning payment is something like 3-6, and if all routing nodes in the chain were to run as a hidden service instead of clearnet (which i think Leo is proposing here), then all of a sudden that's 18-36 hops, which would dramatically increase latency, timeouts, and failed requests that said, just because there's an ungodly amount of hops doesn't mean it's not feasible. there's just no commercial incentive today since the market is so niche and operating an LSP - even over clearnet - hasn't been a particularly lucrative endeavor to date congestion among the Tor network is also a factor, but incentivizing folks to run more Tor nodes would introduce a new set of regulatory risks that doesn't exist today, and i'm dubious that there exists a strong enough commercial incentive in the near-term
Is it possible to have an LSP that is *only* accessible by TOR/onion address, and *not* available by clear net?
Yes, totally.