No, I don’t have any evidence of that, and I think it’s really hard to evaluate! I honestly don’t know how feasible such an eclipse attack is. In this specific case it feels very hard to pull off, because lightning nodes should be running multiple independent bitcoin nodes that would let them easily monitor conflicting transactions (and thus learn preimages in that specific case). But I have no idea how to quantify the difficulty.
My gut feeling is that we should wait for PTLCs to do this work, because we most likely need something similar for PTLC to exchange partial signatures (as detailed in my old writeup with the commitment_proposed message).
Meanwhile, I think we can live with the simple mitigation of discovering the preimage in the mempool of our “backup” bitcoin nodes.
True, there is a potential for a griefing attack here. This is annoying, but not as terrible as an attack where Bob steals from Alice! Lightning node operators should configure their max_htlc_value_in_flight_msat to bound their exposure to that kind of attack: it’s not very satisfying, but is probably good enough in practice?
Long term we’ll eventually fix that, but we can probably live with it until then.
“imbued” commitment transactions prior to any spec update would be RBF’ing other anchor spends, rather than using a carveout
you could go with a 330 sat (shared)keyed anchor, and still remove 1 CSV from all other scripts. Or have N anchors
in other words, ephemeral anchors would be about make anchors cheaper and potential separation of funds/fees, rather than the side benefit of sibling eviction.
You could also drop the ephemeral/keyed anchor in a commit tx in certain cases, like a commit tx with only the remote balance output left, and probably other cases.
