📅 Original date posted:2017-12-28
📝 Original message:
Mark Friedenbach <mark at friedenbach.org> writes:
> Splitting a single payment into multiple invoices has bad semantic
> properties. Beyond implementation difficulties it also makes the
> payment no longer atomic. You can end up in a situation where part of
> a transaction has gone through but then channel capacity has been
> exhausted. The. What do you do?
We are indeed working on a solution for multipath payments, and they are
pretty simple to implement if the sender and recipient know how to
handle them. Re-use the same HTLC secret along all paths and the
atomicity is re-established. The only blocker is that it increases
complexity on the recipient, e.g., how do I tell whether the partial
payment is all I'll ever get, or whether there is more incoming, when do
I abort waiting, and similar concerns. That's the reason it didn't make
it into the v1.0 spec, but we are confident that it'll be added soon.
It is technically already possible to do so, if you hack together the
recipient node to wait for all parts of the payment before releasing the
secret. No need for multiple invoices.
> While an annoying (and potentially exploitable) edge case for
> payments, it also makes it basically impossible in practice to build
> higher level smart contracts on top of lightning channels as
> primitives, since those constructs typically use a single HTLC
> revelation as the decision gate between multiple contingent outcomes.
Absolutely, that's why we want to have the payment contingent on a
single secret, or on secrets that can be derived from one another.
> I had always assumed the protocol limits were training wheels, and
> would be shocked and dismayed if that were not the case (and would
> immediately begin work on an alternative fork because such limits
> would make lightning useless for my intended applications).
They are training wheels, we just decided for our own implementations
that we want to limit individual potential losses due to bugs. It is
trivial to change that on a per-channel level, and we have all the
pieces in place to perform an upgrade using the feature bits, no need to
fork lightning just yet :-) You just need to agree on using larger
amounts with your peer, on the peer layer, there is nothing preventing
the use of large channels in the multi-hop layer.
HTH,
Christian
Christian Decker [ARCHIVE] /
npub1wt…gtuyn
2023-06-09 12:48:11
in reply to nevent1q…cuf2
Author Public Key
npub1wtx5qvewc7pd6znlvwktq03mdld05mv3h5dkzfwd3dc30gdmsptsugtuynPublished at
2023-06-09 12:48:11Event JSON
{
"id": "74a361c0f189691507a445ab65c923515aa00bfa669802756c1b9eb0f8ac6c7f",
"pubkey": "72cd40332ec782dd0a7f63acb03e3b6fdafa6d91bd1b6125cd8b7117a1bb8057",
"created_at": 1686314891,
"kind": 1,
"tags": [
[
"e",
"ef71998004bbb3cd38277488f6dd73fdbc39d9171017c840534a470b19350343",
"",
"root"
],
[
"e",
"bc401f60b65a49960e9f27aac3710902e6b250ef31f9ad7c6f6a866801d698b8",
"",
"reply"
],
[
"p",
"1c61d995949cbfaf14f767784e166bde865c7b8783d7aa3bf0a1d014b70c0069"
]
],
"content": "📅 Original date posted:2017-12-28\n📝 Original message:\nMark Friedenbach \u003cmark at friedenbach.org\u003e writes:\n\u003e Splitting a single payment into multiple invoices has bad semantic\n\u003e properties. Beyond implementation difficulties it also makes the\n\u003e payment no longer atomic. You can end up in a situation where part of\n\u003e a transaction has gone through but then channel capacity has been\n\u003e exhausted. The. What do you do?\n\nWe are indeed working on a solution for multipath payments, and they are\npretty simple to implement if the sender and recipient know how to\nhandle them. Re-use the same HTLC secret along all paths and the\natomicity is re-established. The only blocker is that it increases\ncomplexity on the recipient, e.g., how do I tell whether the partial\npayment is all I'll ever get, or whether there is more incoming, when do\nI abort waiting, and similar concerns. That's the reason it didn't make\nit into the v1.0 spec, but we are confident that it'll be added soon.\n\nIt is technically already possible to do so, if you hack together the\nrecipient node to wait for all parts of the payment before releasing the\nsecret. No need for multiple invoices.\n\n\u003e While an annoying (and potentially exploitable) edge case for\n\u003e payments, it also makes it basically impossible in practice to build\n\u003e higher level smart contracts on top of lightning channels as\n\u003e primitives, since those constructs typically use a single HTLC\n\u003e revelation as the decision gate between multiple contingent outcomes.\n\nAbsolutely, that's why we want to have the payment contingent on a\nsingle secret, or on secrets that can be derived from one another.\n\n\u003e I had always assumed the protocol limits were training wheels, and\n\u003e would be shocked and dismayed if that were not the case (and would\n\u003e immediately begin work on an alternative fork because such limits\n\u003e would make lightning useless for my intended applications).\n\nThey are training wheels, we just decided for our own implementations\nthat we want to limit individual potential losses due to bugs. It is\ntrivial to change that on a per-channel level, and we have all the\npieces in place to perform an upgrade using the feature bits, no need to\nfork lightning just yet :-) You just need to agree on using larger\namounts with your peer, on the peer layer, there is nothing preventing\nthe use of large channels in the multi-hop layer.\n\nHTH,\nChristian",
"sig": "d5b601653167afcf4044ccd42a875d203d1723c762a4d5ed277ab3d1e860d8d9252bba09849fd18107ac89c5d8b845a634593ee5048fce700bedcb8a8329b2ae"
}