Add anti-probing penalty to ProbabilisticScorer

Currently, channel balances may be rather easily discovered through
probing. This however poses a privacy risk, since the analysis of
balance changes over adjacent channels could in the worst case empower an adversary to
mount an end-to-end deanonymization attack, i.e., track who payed whom.

The penalty added here is applied so we prefer nodes with a smaller `htlc_maximum_msat`, which makes
balance discovery attacks harder to execute. As this improves privacy network-wide, we
treat such nodes preferentially and hence create an incentive to restrict
`htlc_maximum_msat`.

Author: tnull

lightning/src/routing/scoring.rs

@@ -361,6 +361,19 @@ pub struct ProbabilisticScoringParameters {
 	///
 	/// Default value: 256 msat
 	pub amount_penalty_multiplier_msat: u64,
+
+	/// A multiplier that is used in conjunction with the negative `log10` of the ratio of
+	/// `htlc_maximum_msat` to channel capacity in order to calculate an anti-probing penalty:
+	///
+	/// `-log10(htlc_maximum_msat/capacity) * anti_probing_penalty_multiplier_msat`
+	///
+	/// This penalty is applied so we prefer nodes with a smaller `htlc_maximum_msat`, which makes
+	/// balance discovery attacks harder to execute. As this improves privacy network-wide, we
+	/// treat such nodes preferentially and hence create an incentive to restrict
+	/// `htlc_maximum_msat`.
+	///
+	/// Default value: 10000 msat
+	pub anti_probing_penalty_multiplier_msat: u64,
 }
 
 /// Accounting for channel liquidity balance uncertainty.
@@ -461,6 +474,7 @@ impl ProbabilisticScoringParameters {
 			liquidity_penalty_multiplier_msat: 0,
 			liquidity_offset_half_life: Duration::from_secs(3600),
 			amount_penalty_multiplier_msat: 0,
+			anti_probing_penalty_multiplier_msat: 0,
 		}
 	}
 }
@@ -472,6 +486,7 @@ impl Default for ProbabilisticScoringParameters {
 			liquidity_penalty_multiplier_msat: 40_000,
 			liquidity_offset_half_life: Duration::from_secs(3600),
 			amount_penalty_multiplier_msat: 256,
+			anti_probing_penalty_multiplier_msat: 10_000,
 		}
 	}
 }
@@ -672,11 +687,24 @@ impl<G: Deref<Target = NetworkGraph<L>>, L: Deref, T: Time> Score for Probabilis
 	fn channel_penalty_msat(
 		&self, short_channel_id: u64, source: &NodeId, target: &NodeId, usage: ChannelUsage
 	) -> u64 {
+
+		let network_graph = self.network_graph.read_only();
+		let mut anti_probing_penalty_msat = 0;
+		if let Some(chan) = network_graph.channels().get(&short_channel_id) {
+			if let Some((directed_info, _source)) = chan.as_directed_to(target) {
+				if let Some(capacity_msat) = chan.capacity_sats.map(|capacity_sats| capacity_sats * 1000) {
+					let htlc_maximum_msat = directed_info.htlc_maximum_msat();
+					let log_distance_ratio = approx::negative_log10_times_2048(capacity_msat-htlc_maximum_msat, capacity_msat);
+					anti_probing_penalty_msat = self.params.anti_probing_penalty_multiplier_msat * log_distance_ratio / 2048;
+				}
+			}
+		}
+
 		if let EffectiveCapacity::ExactLiquidity { liquidity_msat } = usage.effective_capacity {
 			if usage.amount_msat > liquidity_msat {
 				return u64::max_value();
 			} else {
-				return self.params.base_penalty_msat;
+				return self.params.base_penalty_msat.saturating_add(anti_probing_penalty_msat);
 			};
 		}
 
@@ -689,6 +717,7 @@ impl<G: Deref<Target = NetworkGraph<L>>, L: Deref, T: Time> Score for Probabilis
 			.unwrap_or(&ChannelLiquidity::new())
 			.as_directed(source, target, capacity_msat, liquidity_offset_half_life)
 			.penalty_msat(amount_msat, self.params)
+			.saturating_add(anti_probing_penalty_msat)
 	}
 
 	fn payment_path_failed(&mut self, path: &[&RouteHop], short_channel_id: u64) {