📅 Original date posted:2018-12-07
📝 Original message:
Good afternoon,
>Of note, the routing gossip is not trust-based.
>Instead, part of the routing gossip is the block and transaction and output on which the channel is anchored onchain.
>Nodes check if the specified txo is unspent, and matches the purported capacity of the channel.
>Once a channel outpoint is spent, nodes automatically remove it from their maps.
>I suppose that could be relaxed, so that the channels purported to be in the factory would sum up to less than or equal to the value of the channel factory txo instead.
>This would allow a Fulgurite system to allocate only part of its funds to Lightning-visible routing nodes.
I haven't really thought much about what the consequences for routing
discovery would be. There's already some amount of trust in the
information you're getting about channels, so I think we have a bit of
flexibility with regard to what we announce to the rest of the
network. We might have to loosen the restrictions a bit how that
information is validated of course. Someone smarter than me should
comment on that in case it's a horrible idea though.
>It strikes me that the issue of re-signing the DLC subcontracts could be avoided if you use `SIGHASH_NOINPUT`.
Oh yes. SIGHASH_NOINPUT makes a lot of things nicer and cleaner. And
while I'm confident everyone is going to reach an agreement about it
on Bitcoin eventually, I'm not exactly holding my breath. Plus
there's other coins that might *never* support it, so I'd like to make
sure designs can not require it if we can.
>At minimum the lower-level system would have to alert the higher-level system that a time-sensitive contract needs to collapse the Fulgrite system or else it would not be possible to enforce the timelock.
>But the upper layer needs to be informed of the latest time that the contract can be enforced onchain.
>Your alternative is that the upper layer needs to know whether the lower layer is using Poon-Dryja (no CSV requirement) or Decker-Wattenhofer (CSV requirement) or Decker-Russell-Osuntokun (CSV requirement), which you can argue is a layering violation.
>Further the exact specs (how many blocks do all participants agree is reasonable for the CSV requirement?) would vary.
I think I actually just devised an elegant way to make that work using
deadline timing flags being passed out of the update state machine,
it'll be in the repo later. As long as the update mechanism impl is
smart enough to know when to emit that the upper layer shouldn't care.
Of course still have checks underneath where necessary.
There'd have to be negotiation beforehand about the CSV requirements,
like during channel setup. It could be adjusted later though I figure
out a good way to make that work.
>So it seems to me better to move time-sensitivity to Fulgurite than to higher layers.
>Higher layers can simply be concerned about what contracts it wants to enter into.
>The higher layer informs the Fulgurite layer of the shortest absolute timelock in each contract it enters into.
>The Fulgurite layer then returns to the higher layer the latest blockheight at which it can still safely collapse the Fulgurite system, or an error that the absolute timelock is too near and is already not enforceable at the Fulgurite layer.
That's a good way to do it. I'll try something like that.
- Trey Del Bonis
On Thu, Dec 6, 2018 at 6:23 PM ZmnSCPxj <ZmnSCPxj at protonmail.com> wrote:
>
> Good morning Trey,
> > One thing
> > we've talked about is if you and your counterparty want to route
> > payments through each other but also want to enter into discreet log
> > contracts, it might make sense to set up a subchannel for each purpose
> > so you don't have to re-sign for all the potential outcomes for the
> > DLCs (slow!) every time you add/remove an HTLC. Only the routing
> > (sub)channel would be announced to the routing network.
>
> Of note, the routing gossip is not trust-based.
> Instead, part of the routing gossip is the block and transaction and output on which the channel is anchored onchain.
> Nodes check if the specified txo is unspent, and matches the purported capacity of the channel.
> Once a channel outpoint is spent, nodes automatically remove it from their maps.
>
> In a world with Burchert-Decker-Wattenhofer factories, the factory would have an onchain txo.
> Gossip would contain all the channels in the factory, and would be signed by the same signatories as the onchain txo.
> Nodes would check that the channels purported to be contained in the factory sum up to the value of this txo.
>
> I suppose that could be relaxed, so that the channels purported to be in the factory would sum up to less than or equal to the value of the channel factory txo instead.
> This would allow a Fulgurite system to allocate only part of its funds to Lightning-visible routing nodes.
>
> It strikes me that the issue of re-signing the DLC subcontracts could be avoided if you use `SIGHASH_NOINPUT`.
> The same signatories could be used for the DLCs, and even if the update transaction changes, you can reanchor the DLC subcontracts with `SIGHASH_NOINPUT`.
>
> > > Code speaks louder than words.
> >
> > Of course. :)
>
> Yes, so feel free to ignore whatever I say, since I have not coded for a while.
>
> > > CSV requirements are a time-based requirement that affect the behavior of absolute timelocks used by HTLCs.
> > > It is better to admit this earlier than later, since it becomes possible as an attack point if you do not take care to pay attention to the CSV requirement.
> > > In particular, timelocked contracts need to be published onchain before the timeout expires, and a N-block CSV requirement then means you have to publish onchain N+1 blocks before the absolute timelock expires.
> >
> > Restrictions regarding when to publish could be managed at a higher
> > level. What Fulgurite is trying to solve is how to manage the state
> > negotiation rather than the high-level logic about when exactly to
> > publish commitment txs. Maybe we should slightly alter the mechanics
> > for how HTLC expiry works in-channel vs on-chain for this problem?
>
> At minimum the lower-level system would have to alert the higher-level system that a time-sensitive contract needs to collapse the Fulgrite system or else it would not be possible to enforce the timelock.
>
> Since contracts inside a multiparticipant updatable system can be cancelled by the agreement of all participants, I suppose the higher layer can decide to demand an update that the timelock be followed within the multiparticipant updatable system.
> But the upper layer needs to be informed of the latest time that the contract can be enforced onchain.
> Your alternative is that the upper layer needs to know whether the lower layer is using Poon-Dryja (no CSV requirement) or Decker-Wattenhofer (CSV requirement) or Decker-Russell-Osuntokun (CSV requirement), which you can argue is a layering violation.
> Further the exact specs (how many blocks do all participants agree is reasonable for the CSV requirement?) would vary.
>
> So it seems to me better to move time-sensitivity to Fulgurite than to higher layers.
> Higher layers can simply be concerned about what contracts it wants to enter into.
> The higher layer informs the Fulgurite layer of the shortest absolute timelock in each contract it enters into.
> The Fulgurite layer then returns to the higher layer the latest blockheight at which it can still safely collapse the Fulgurite system, or an error that the absolute timelock is too near and is already not enforceable at the Fulgurite layer.
>
> Regards,
> ZmnSCPxj
Trey Del Bonis [ARCHIVE] /
npub1pm…3snze
2023-06-09 12:53:24
in reply to nevent1q…mz8u
Author Public Key
npub1pmul68qwkkgnmjq6ql09cx762qxteaqwajyeckpr3djmsa60da5qn3snzePublished at
2023-06-09 12:53:24Event JSON
{
"id": "ad710aa7dda0b2577e47522cf25a40f1e6fb35a62450c04efedc6dd910bc7b1b",
"pubkey": "0ef9fd1c0eb5913dc81a07de5c1bda500cbcf40eec899c58238b65b8774f6f68",
"created_at": 1686315204,
"kind": 1,
"tags": [
[
"e",
"4318192d0436409ff904ebd6fe1124c129cd2250125f301ef276526c19f115db",
"",
"root"
],
[
"e",
"3b1182dc51322c54d5ca62f43917b14e33d5e3647f0a28ec9458afe007b4b0da",
"",
"reply"
],
[
"p",
"4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861"
]
],
"content": "📅 Original date posted:2018-12-07\n📝 Original message:\nGood afternoon,\n\n\u003eOf note, the routing gossip is not trust-based.\n\u003eInstead, part of the routing gossip is the block and transaction and output on which the channel is anchored onchain.\n\u003eNodes check if the specified txo is unspent, and matches the purported capacity of the channel.\n\u003eOnce a channel outpoint is spent, nodes automatically remove it from their maps.\n\n\u003eI suppose that could be relaxed, so that the channels purported to be in the factory would sum up to less than or equal to the value of the channel factory txo instead.\n\u003eThis would allow a Fulgurite system to allocate only part of its funds to Lightning-visible routing nodes.\n\nI haven't really thought much about what the consequences for routing\ndiscovery would be. There's already some amount of trust in the\ninformation you're getting about channels, so I think we have a bit of\nflexibility with regard to what we announce to the rest of the\nnetwork. We might have to loosen the restrictions a bit how that\ninformation is validated of course. Someone smarter than me should\ncomment on that in case it's a horrible idea though.\n\n\u003eIt strikes me that the issue of re-signing the DLC subcontracts could be avoided if you use `SIGHASH_NOINPUT`.\n\nOh yes. SIGHASH_NOINPUT makes a lot of things nicer and cleaner. And\nwhile I'm confident everyone is going to reach an agreement about it\non Bitcoin eventually, I'm not exactly holding my breath. Plus\nthere's other coins that might *never* support it, so I'd like to make\nsure designs can not require it if we can.\n\n\u003eAt minimum the lower-level system would have to alert the higher-level system that a time-sensitive contract needs to collapse the Fulgrite system or else it would not be possible to enforce the timelock.\n\n\u003eBut the upper layer needs to be informed of the latest time that the contract can be enforced onchain.\n\u003eYour alternative is that the upper layer needs to know whether the lower layer is using Poon-Dryja (no CSV requirement) or Decker-Wattenhofer (CSV requirement) or Decker-Russell-Osuntokun (CSV requirement), which you can argue is a layering violation.\n\u003eFurther the exact specs (how many blocks do all participants agree is reasonable for the CSV requirement?) would vary.\n\nI think I actually just devised an elegant way to make that work using\ndeadline timing flags being passed out of the update state machine,\nit'll be in the repo later. As long as the update mechanism impl is\nsmart enough to know when to emit that the upper layer shouldn't care.\nOf course still have checks underneath where necessary.\n\nThere'd have to be negotiation beforehand about the CSV requirements,\nlike during channel setup. It could be adjusted later though I figure\nout a good way to make that work.\n\n\u003eSo it seems to me better to move time-sensitivity to Fulgurite than to higher layers.\n\u003eHigher layers can simply be concerned about what contracts it wants to enter into.\n\u003eThe higher layer informs the Fulgurite layer of the shortest absolute timelock in each contract it enters into.\n\u003eThe Fulgurite layer then returns to the higher layer the latest blockheight at which it can still safely collapse the Fulgurite system, or an error that the absolute timelock is too near and is already not enforceable at the Fulgurite layer.\n\nThat's a good way to do it. I'll try something like that.\n\n- Trey Del Bonis\n\nOn Thu, Dec 6, 2018 at 6:23 PM ZmnSCPxj \u003cZmnSCPxj at protonmail.com\u003e wrote:\n\u003e\n\u003e Good morning Trey,\n\u003e \u003e One thing\n\u003e \u003e we've talked about is if you and your counterparty want to route\n\u003e \u003e payments through each other but also want to enter into discreet log\n\u003e \u003e contracts, it might make sense to set up a subchannel for each purpose\n\u003e \u003e so you don't have to re-sign for all the potential outcomes for the\n\u003e \u003e DLCs (slow!) every time you add/remove an HTLC. Only the routing\n\u003e \u003e (sub)channel would be announced to the routing network.\n\u003e\n\u003e Of note, the routing gossip is not trust-based.\n\u003e Instead, part of the routing gossip is the block and transaction and output on which the channel is anchored onchain.\n\u003e Nodes check if the specified txo is unspent, and matches the purported capacity of the channel.\n\u003e Once a channel outpoint is spent, nodes automatically remove it from their maps.\n\u003e\n\u003e In a world with Burchert-Decker-Wattenhofer factories, the factory would have an onchain txo.\n\u003e Gossip would contain all the channels in the factory, and would be signed by the same signatories as the onchain txo.\n\u003e Nodes would check that the channels purported to be contained in the factory sum up to the value of this txo.\n\u003e\n\u003e I suppose that could be relaxed, so that the channels purported to be in the factory would sum up to less than or equal to the value of the channel factory txo instead.\n\u003e This would allow a Fulgurite system to allocate only part of its funds to Lightning-visible routing nodes.\n\u003e\n\u003e It strikes me that the issue of re-signing the DLC subcontracts could be avoided if you use `SIGHASH_NOINPUT`.\n\u003e The same signatories could be used for the DLCs, and even if the update transaction changes, you can reanchor the DLC subcontracts with `SIGHASH_NOINPUT`.\n\u003e\n\u003e \u003e \u003e Code speaks louder than words.\n\u003e \u003e\n\u003e \u003e Of course. :)\n\u003e\n\u003e Yes, so feel free to ignore whatever I say, since I have not coded for a while.\n\u003e\n\u003e \u003e \u003e CSV requirements are a time-based requirement that affect the behavior of absolute timelocks used by HTLCs.\n\u003e \u003e \u003e It is better to admit this earlier than later, since it becomes possible as an attack point if you do not take care to pay attention to the CSV requirement.\n\u003e \u003e \u003e In particular, timelocked contracts need to be published onchain before the timeout expires, and a N-block CSV requirement then means you have to publish onchain N+1 blocks before the absolute timelock expires.\n\u003e \u003e\n\u003e \u003e Restrictions regarding when to publish could be managed at a higher\n\u003e \u003e level. What Fulgurite is trying to solve is how to manage the state\n\u003e \u003e negotiation rather than the high-level logic about when exactly to\n\u003e \u003e publish commitment txs. Maybe we should slightly alter the mechanics\n\u003e \u003e for how HTLC expiry works in-channel vs on-chain for this problem?\n\u003e\n\u003e At minimum the lower-level system would have to alert the higher-level system that a time-sensitive contract needs to collapse the Fulgrite system or else it would not be possible to enforce the timelock.\n\u003e\n\u003e Since contracts inside a multiparticipant updatable system can be cancelled by the agreement of all participants, I suppose the higher layer can decide to demand an update that the timelock be followed within the multiparticipant updatable system.\n\u003e But the upper layer needs to be informed of the latest time that the contract can be enforced onchain.\n\u003e Your alternative is that the upper layer needs to know whether the lower layer is using Poon-Dryja (no CSV requirement) or Decker-Wattenhofer (CSV requirement) or Decker-Russell-Osuntokun (CSV requirement), which you can argue is a layering violation.\n\u003e Further the exact specs (how many blocks do all participants agree is reasonable for the CSV requirement?) would vary.\n\u003e\n\u003e So it seems to me better to move time-sensitivity to Fulgurite than to higher layers.\n\u003e Higher layers can simply be concerned about what contracts it wants to enter into.\n\u003e The higher layer informs the Fulgurite layer of the shortest absolute timelock in each contract it enters into.\n\u003e The Fulgurite layer then returns to the higher layer the latest blockheight at which it can still safely collapse the Fulgurite system, or an error that the absolute timelock is too near and is already not enforceable at the Fulgurite layer.\n\u003e\n\u003e Regards,\n\u003e ZmnSCPxj",
"sig": "b949772347a10fe7fe0f50d77541c2a4f52f5f019f708c96c09edbf7354011031147240aa784fd4b95ecc836103719493bb3cd534be768ab85273aeea7b5f16f"
}