{"type":"rich","version":"1.0","title":"Lloyd Fournier [ARCHIVE] wrote","author_name":"Lloyd Fournier [ARCHIVE] (npub1kh…y05yp)","author_url":"https://yabu.me/npub1khlhcuz0jrjwa0ayznq2q9agg4zvxfvx5x7jljrvwnpfzngrcf0q7y05yp","provider_name":"njump","provider_url":"https://yabu.me","html":"📅 Original date posted:2021-06-13\n📝 Original message:\nHi Z,\n\nThanks again for getting to the bottom of this. I think we are on the same\npage except for one clarification:\n\nOn Tue, 8 Jun 2021 at 12:37, ZmnSCPxj \u003cZmnSCPxj at protonmail.com\u003e wrote:\n\n\n\u003e Thus, in our model, we have the property that Bob can always recover all\n\u003e signatures sent by Alice, even if Carol is corrupted by Alice --- we model\n\u003e the signature-deletion attack as impossible, by assumption.\n\u003e (This is a strengthening of security assumptions, thus a weakening of the\n\u003e security of the scheme --- if Bob does not take the above mitigations, Bob\n\u003e ***is*** vulnerable to a signature-deletion attack and might have ***all***\n\u003e funds in hostage).\n\u003e\n\nOnly where ***all*** refers to the funds in the fast forward -- funds\nconsolidated into the channel balance are not at risk (modulo enforcing\ncorrect state on chain).\nI think it should be easy to get a stream of signatures so they can't be\ndeleted. The user \"Bob\" is creating and sending the invoices so they can\nalways demand and save the signatures from \"Carol the Cashier\" that\ncorrespond to each payment so the \"deletion attack\" will be thwarted.\n\nLL\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20210613/fdeacd68/attachment.html\u003e"}