📅 Original date posted:2018-11-04
📝 Original message:
ZmnSCPxj schreef op zo 04-11-2018 om 14:34 [+0000]:
> Good morning CJP,
>
> I believe this is a desirable feature, although...
>
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Sunday, November 4, 2018 2:26 PM, CJP <cjp at ultimatestunts.nl>
> wrote:
>
> > Imagine a future where some powerful participant in the Lightning
> > network starts enforcing KyC requirements on Lightning nodes. It
> > requires its direct neighbors to reveal their identity or else
> > closes
> > channels to them. Next, it asks its direct neighbors to reveal the
> > identity of their direct neighbors (or close their channels), with
> > the
> > threat of either channel closure, or (using the now-known identity)
> > more extreme penalties.
> >
>
> For this particular scenario, it seems to me that it would be better
> for the rest of the network to punish this participant by closing any
> channel to this KYC-requiring participant, and also to do retaliatory
> preemptive closing of any channel to any participant publicly
> connecting, directly or indirectly, to that participant. Or in
> short, to let that participant enforce whatever it wants to
> close. This will greatly lower its fee earnings as well as its
> ability to monitor or control the network. If every Lightning node
> refuses to reveal their identity (etc.) to this participant, then the
> participant will close all its channels and it will no longer be a
> powerful **participant** of Lightning, thus removing itself and its
> influence from Lightning in the most satisfying way possible, i.e.
> through shooting itself in the foot.
I disagree: you may not be in a position to freely close such channels
and remove your ability to transact with this party, similar to how you
may not be in a position to refuse to pay taxes. Also, since it is hard
to avoid (in the current situation) that some Lightning nodes have a
known link to legal entities like companies or persons, there are ways
outside the Lightning network to put pressure on node owners,
especially non-pseudonymous high-profile ones. This is, however, a non-
technical discussion; since we already agree on the desirability of the
feature, I suggest to keep it at this and focus on the technical
details.
> Nonetheless, I believe this feature is desirable, not for the above
> scenario, but simply so that a payee is not required to maintain even
> a pseudonym on the Lightning Network (the payee will still have to be
> somehow contactable so it can generate an invoice somehow, but at
> least it will not even have an identifiable pseudonym on-Lightning;
> perhaps it may have a pseudonym on some other network with better
> privacy). If all its generated invoices use rendezvous routing, then
> while it, obviously, must have a Lightning node somewhere, that node
> is not easily identifiable among all Lightning nodes.
I guess that for most use cases a payee pseudonym is needed, unless
your use case is donating to random strangers. I only found one
exception: where the thing you pay for is cryptographically linked to
the Lightning payment (effectively, an atomic swap, like in a
Lightning-based decentralized exchange). In that case, a truly
anonymous (as opposed to pseudonymous) payee makes sense.
However, for use cases where the payee needs a pseudonym, it might
still be desirable to decouple that pseudonym from a location in the
Lightning network. Rendezvous routing can do that.
> Looking through BOLT 4, the text assumes inherently that source
> routing is done, and even has a shared secret between hop and
> source. However, it may be possible in rendezvous routing to simply
> provide the blinding key (while hiding everything beyond the first
> hop on the destination half of the route).
Sounds like it makes sense; I need to look into it.
> I also think that, as the destination is choosing the nodes on its
> half of the route, that it should pay for fees, and thus the source
> is only required to deliver the specified amount to the first hop
> node of the destination half of the rendezvous route.
Agreed. The price agreed between payer and payee is the incoming amount
at the rendezvous point. In the "original" case that the payee-side
route is 0 hops long, the payee is the rendezvous point, and we're
equal to the original concept where the agreed-on price is the incoming
amount at the payee.
CJP
CJP [ARCHIVE] /
npub13q…cuzdm
2023-06-09 12:52:07
in reply to nevent1q…vvaa
Author Public Key
npub13q863scgpsaanrjhfn7dd4h48lgnupgkcs828arzj4pckrq8hh6s4cuzdmPublished at
2023-06-09 12:52:07Event JSON
{
"id": "a3db43dcb11406e8047d1a9282ca04eaf6a6ea4f9ba0c7ac39c12b093b0bdc73",
"pubkey": "880fa8c3080c3bd98e574cfcd6d6f53fd13e0516c40ea3f46295438b0c07bdf5",
"created_at": 1686315127,
"kind": 1,
"tags": [
[
"e",
"592517461d2388cb6daa0eaf59e03e4207dbca848edb9b0b5038bad8ed99bd4e",
"",
"root"
],
[
"e",
"e59af128564980f79c9f10e10c0beb8a67bf1e8fce356acedc8aa6f291579821",
"",
"reply"
],
[
"p",
"4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861"
]
],
"content": "📅 Original date posted:2018-11-04\n📝 Original message:\nZmnSCPxj schreef op zo 04-11-2018 om 14:34 [+0000]:\n\u003e Good morning CJP,\n\u003e \n\u003e I believe this is a desirable feature, although...\n\u003e \n\u003e \n\u003e Sent with ProtonMail Secure Email.\n\u003e \n\u003e ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐\n\u003e On Sunday, November 4, 2018 2:26 PM, CJP \u003ccjp at ultimatestunts.nl\u003e\n\u003e wrote:\n\u003e \n\u003e \u003e Imagine a future where some powerful participant in the Lightning\n\u003e \u003e network starts enforcing KyC requirements on Lightning nodes. It\n\u003e \u003e requires its direct neighbors to reveal their identity or else\n\u003e \u003e closes\n\u003e \u003e channels to them. Next, it asks its direct neighbors to reveal the\n\u003e \u003e identity of their direct neighbors (or close their channels), with\n\u003e \u003e the\n\u003e \u003e threat of either channel closure, or (using the now-known identity)\n\u003e \u003e more extreme penalties.\n\u003e \u003e \n\u003e \n\u003e For this particular scenario, it seems to me that it would be better\n\u003e for the rest of the network to punish this participant by closing any\n\u003e channel to this KYC-requiring participant, and also to do retaliatory\n\u003e preemptive closing of any channel to any participant publicly\n\u003e connecting, directly or indirectly, to that participant. Or in\n\u003e short, to let that participant enforce whatever it wants to\n\u003e close. This will greatly lower its fee earnings as well as its\n\u003e ability to monitor or control the network. If every Lightning node\n\u003e refuses to reveal their identity (etc.) to this participant, then the\n\u003e participant will close all its channels and it will no longer be a\n\u003e powerful **participant** of Lightning, thus removing itself and its\n\u003e influence from Lightning in the most satisfying way possible, i.e.\n\u003e through shooting itself in the foot.\n\nI disagree: you may not be in a position to freely close such channels\nand remove your ability to transact with this party, similar to how you\nmay not be in a position to refuse to pay taxes. Also, since it is hard\nto avoid (in the current situation) that some Lightning nodes have a\nknown link to legal entities like companies or persons, there are ways\noutside the Lightning network to put pressure on node owners,\nespecially non-pseudonymous high-profile ones. This is, however, a non-\ntechnical discussion; since we already agree on the desirability of the\nfeature, I suggest to keep it at this and focus on the technical\ndetails.\n\n\u003e Nonetheless, I believe this feature is desirable, not for the above\n\u003e scenario, but simply so that a payee is not required to maintain even\n\u003e a pseudonym on the Lightning Network (the payee will still have to be\n\u003e somehow contactable so it can generate an invoice somehow, but at\n\u003e least it will not even have an identifiable pseudonym on-Lightning;\n\u003e perhaps it may have a pseudonym on some other network with better\n\u003e privacy). If all its generated invoices use rendezvous routing, then\n\u003e while it, obviously, must have a Lightning node somewhere, that node\n\u003e is not easily identifiable among all Lightning nodes.\n\nI guess that for most use cases a payee pseudonym is needed, unless\nyour use case is donating to random strangers. I only found one\nexception: where the thing you pay for is cryptographically linked to\nthe Lightning payment (effectively, an atomic swap, like in a\nLightning-based decentralized exchange). In that case, a truly\nanonymous (as opposed to pseudonymous) payee makes sense.\n\nHowever, for use cases where the payee needs a pseudonym, it might\nstill be desirable to decouple that pseudonym from a location in the\nLightning network. Rendezvous routing can do that.\n\n\u003e Looking through BOLT 4, the text assumes inherently that source\n\u003e routing is done, and even has a shared secret between hop and\n\u003e source. However, it may be possible in rendezvous routing to simply\n\u003e provide the blinding key (while hiding everything beyond the first\n\u003e hop on the destination half of the route).\n\nSounds like it makes sense; I need to look into it.\n\n\u003e I also think that, as the destination is choosing the nodes on its\n\u003e half of the route, that it should pay for fees, and thus the source\n\u003e is only required to deliver the specified amount to the first hop\n\u003e node of the destination half of the rendezvous route.\n\nAgreed. The price agreed between payer and payee is the incoming amount\nat the rendezvous point. In the \"original\" case that the payee-side\nroute is 0 hops long, the payee is the rendezvous point, and we're\nequal to the original concept where the agreed-on price is the incoming\namount at the payee.\n\nCJP",
"sig": "3c2653784cfb69173174c61672b057a17445d85d9bf6b78cedbdbf4f7a5bf91cde0a41b9e470341a2f755e372310a53602f11f65deadb28f61c0fbcb9b841734"
}