📅 Original date posted:2022-06-14
📝 Original message:
> ## Lightning Gossip
>
> # Gossip V2: Now Or Later?
<snip>
> A proposal for the "re-design the entire thing" was floated in the past by
> Rusty [6]. It does away with the strict coupling of channels to channel
> announcements, and instead moves them to the _node_ level. Each node would
> then advertise the set of "outputs" they have control of, which would then
> be mapped to the total capacity of a node, without requiring that these
> outputs self identify themselves on-chain as Lightning Channels. This also
> opens up the door to different, potentially more privacy preserving
> proofs-of-channel-ownership (something something zkp).
waxwing recently posted something interesting over in bitcoin-dev, which seems to match the proof-of-channel-ownereship.
https://gist.github.com/AdamISZ/51349418be08be22aa2b4b469e3be92f
I confess to not understanding the mathy bits but it seems to me, naively, that the feature set waxwing points out match well with the issues we want to have:
* We want to rate-limit gossip somehow.
* We want to keep the mapping of UTXOs to channels private.
It requires a global network that cuts across all uses of the same mechanism (similar to defiads, but more private --- basically this means that it cannot be just Lightning which uses this mechanism, at least to acquire tokens-to-broadcast-my-channels) to prevent a UTXO from being reused across services, a property I believe is vital to the expected spam-resistance.
> # Friend-of-a-friend Balance Sharing & Probing
>
> A presentation was given on friend-of-a-friend balance sharing [16]. The
> high level idea is that if we share _some_ information within a local
> radius, then this gives the sender more information to choose a path that's
> potentially more reliable. The tradeoff here ofc is that nodes will be
> giving away more information that can potentially be used to ascertain
> payment flows. In an attempt to minimize the amount of information shared,
> the presenter proposed that just 2 bits of information be shared. Some
> initial simulations showed that sharing local information actually performed
> better than sharing global information (?). Some were puzzled w.r.t how
> that's possible, but assuming the slides+methods are published others can
> dig further into the model/parameter used to signal the inclusion.
>
> Arguably, information like this is already available via probing, so one
> line of thinking is something like: "why not just share _some_ of it" that
> may actually lead to less internal failures? This is related to a sort of
> tension between probing as a tool to increase payment reliability and also
> as a tool to degrade privacy in the network. On the other hand, others
> argued that probing provides natural cover traffic, since they actually
> _are_ payments, though they may not be intended to succeed.
>
> On the topic of channel probing, a sort of makeshift protocol was devised to
> make it harder in practice, sacrificing too much on the axis of payment
> reliability. At a high level it proposes that:
>
> * nodes more diligently set both their max_htlc amount, as well as the
> max_htlc_value_in_flight amount
>
> * a 50ms (or select other value) timer should be used when sending out
> commitment signatures, independent of HTLC arrival
>
> * nodes leverage the max_htlc value to set a false ceiling on the max in
> flight parameter
>
> * for each HTLC sent/forwarded, select 2 other channels at random and
> reduce the "fake" in-flight ceiling for a period of time
>
> Some more details still need to be worked out, but some felt that this would
> kick start more research into this area, and also make balance mapping
> _slightly_ more difficult. From afar, it may be the case that achieving
> balance privacy while also achieving acceptable levels of payment
> reliability might be at odds with each other.
A point that was brought up is that nodes can lie about their capacity, and there would be no way to counteract this.
Even given the above, it would be trivial for a lying node to randomly lie about their `max_htlc` to still be noticed by nodes who try to filter out nodes who do not update their `max_htlc`s.
(maximal lying is to always say 50% of your capacity is in `max_htlc`, your node can lie by setting `max_htlc` from 35%->65%, you can coordinate this with another lying peer node too by use of an odd message number to set up the lying protocol so both of you can lie about the channel capacity consistently)
I think your best bet is really to utilize feerates, as lying with those is expected to lead to economic loss.
<snip>
> # Node Fee Optimization & Fee Rate Cards
>
> Over the past few years, a common thread we've seen across successful
> routing nodes is dynamic fee setting as a way to encourage/discourage
> traffic. A routing nodes can utilize the set of fees of a channel to either
> make it too expensive for other nodes to route through (it's already
> depleted don't try unless you'll give be 10 mil sats, which no one would) or
> very cheap, which'll incentivize flows in the other direction. If all nodes
> are constantly sending out updates of this nature, then it can generate a
> lot of traffic, and also sort of leak more balance information overtime
> (which some nodes are already doing: using fees/max_htlc to communicate
> available balances).
>
> One attendee proposed allowing nodes to express a sort of fee gradient via a
> static curve/bucket/function, instead of dynamically communicating what the
> latest state of the fee+liquidity distribution looks like. A possible
> manifestation could be a series of buckets, each of which with varying fee
> rates. If your payment consumes 50% of channel balance, then you pay this
> rate, otherwise if it's 5% you pay this rate, etc, etc.
I think this is not what was actually proposed?
As I understood it, the percent range is not how much the payment consumes of the channel balance but instead the percent range is the probability-of-success given a uniform distribution of channel balance.
For instance if the current channel balance is currently 67%, then the forwarding node will succeed all payments that pay a fee from the 33% fee card or higher, otherwise fail the payment with "not enough fees".
The intent is that payers will treat 100% - fee_card_percent as the probability-of-failure of that channel, and can select which fee card maximizes both its probability-of-failure and max-fee in some kind of reasonable exchange rate.
Regards,
ZmnSCPxj
ZmnSCPxj [ARCHIVE] /
npub1g5…3ms3l
2023-06-09 13:06:13
in reply to nevent1q…mtxq
Author Public Key
npub1g5zswf6y48f7fy90jf3tlcuwdmjn8znhzaa4vkmtxaeskca8hpss23ms3lPublished at
2023-06-09 13:06:13Event JSON
{
"id": "d1c6e909d097595cea8df56d9d7263fc1098fc7dd6232e44553d5c527e34de69",
"pubkey": "4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861",
"created_at": 1686315973,
"kind": 1,
"tags": [
[
"e",
"dc50ebb4a33ebb68559db83f1f909a9de4df76c851710dee0b49ae8b2ad5f61f",
"",
"root"
],
[
"e",
"bfaedae83d2ef36a1a06235aa16f3f92aa1fd4b2e60a196169d424a7fcab35d1",
"",
"reply"
],
[
"p",
"2df3fc2660459521b852c995d4fc1a93938389a5e085677d0ebb33ef92cc5476"
]
],
"content": "📅 Original date posted:2022-06-14\n📝 Original message:\n\u003e ## Lightning Gossip\n\u003e\n\u003e # Gossip V2: Now Or Later?\n\n\u003csnip\u003e\n\n\u003e A proposal for the \"re-design the entire thing\" was floated in the past by\n\u003e Rusty [6]. It does away with the strict coupling of channels to channel\n\u003e announcements, and instead moves them to the _node_ level. Each node would\n\u003e then advertise the set of \"outputs\" they have control of, which would then\n\u003e be mapped to the total capacity of a node, without requiring that these\n\u003e outputs self identify themselves on-chain as Lightning Channels. This also\n\u003e opens up the door to different, potentially more privacy preserving\n\u003e proofs-of-channel-ownership (something something zkp).\n\nwaxwing recently posted something interesting over in bitcoin-dev, which seems to match the proof-of-channel-ownereship.\n\nhttps://gist.github.com/AdamISZ/51349418be08be22aa2b4b469e3be92f\n\nI confess to not understanding the mathy bits but it seems to me, naively, that the feature set waxwing points out match well with the issues we want to have:\n\n* We want to rate-limit gossip somehow.\n* We want to keep the mapping of UTXOs to channels private.\n\nIt requires a global network that cuts across all uses of the same mechanism (similar to defiads, but more private --- basically this means that it cannot be just Lightning which uses this mechanism, at least to acquire tokens-to-broadcast-my-channels) to prevent a UTXO from being reused across services, a property I believe is vital to the expected spam-resistance.\n\n\u003e # Friend-of-a-friend Balance Sharing \u0026 Probing\n\u003e\n\u003e A presentation was given on friend-of-a-friend balance sharing [16]. The\n\u003e high level idea is that if we share _some_ information within a local\n\u003e radius, then this gives the sender more information to choose a path that's\n\u003e potentially more reliable. The tradeoff here ofc is that nodes will be\n\u003e giving away more information that can potentially be used to ascertain\n\u003e payment flows. In an attempt to minimize the amount of information shared,\n\u003e the presenter proposed that just 2 bits of information be shared. Some\n\u003e initial simulations showed that sharing local information actually performed\n\u003e better than sharing global information (?). Some were puzzled w.r.t how\n\u003e that's possible, but assuming the slides+methods are published others can\n\u003e dig further into the model/parameter used to signal the inclusion.\n\u003e\n\u003e Arguably, information like this is already available via probing, so one\n\u003e line of thinking is something like: \"why not just share _some_ of it\" that\n\u003e may actually lead to less internal failures? This is related to a sort of\n\u003e tension between probing as a tool to increase payment reliability and also\n\u003e as a tool to degrade privacy in the network. On the other hand, others\n\u003e argued that probing provides natural cover traffic, since they actually\n\u003e _are_ payments, though they may not be intended to succeed.\n\u003e\n\u003e On the topic of channel probing, a sort of makeshift protocol was devised to\n\u003e make it harder in practice, sacrificing too much on the axis of payment\n\u003e reliability. At a high level it proposes that:\n\u003e\n\u003e * nodes more diligently set both their max_htlc amount, as well as the\n\u003e max_htlc_value_in_flight amount\n\u003e\n\u003e * a 50ms (or select other value) timer should be used when sending out\n\u003e commitment signatures, independent of HTLC arrival\n\u003e\n\u003e * nodes leverage the max_htlc value to set a false ceiling on the max in\n\u003e flight parameter\n\u003e\n\u003e * for each HTLC sent/forwarded, select 2 other channels at random and\n\u003e reduce the \"fake\" in-flight ceiling for a period of time\n\u003e\n\u003e Some more details still need to be worked out, but some felt that this would\n\u003e kick start more research into this area, and also make balance mapping\n\u003e _slightly_ more difficult. From afar, it may be the case that achieving\n\u003e balance privacy while also achieving acceptable levels of payment\n\u003e reliability might be at odds with each other.\n\nA point that was brought up is that nodes can lie about their capacity, and there would be no way to counteract this.\n\nEven given the above, it would be trivial for a lying node to randomly lie about their `max_htlc` to still be noticed by nodes who try to filter out nodes who do not update their `max_htlc`s.\n(maximal lying is to always say 50% of your capacity is in `max_htlc`, your node can lie by setting `max_htlc` from 35%-\u003e65%, you can coordinate this with another lying peer node too by use of an odd message number to set up the lying protocol so both of you can lie about the channel capacity consistently)\n\nI think your best bet is really to utilize feerates, as lying with those is expected to lead to economic loss.\n\n\u003csnip\u003e\n\n\u003e # Node Fee Optimization \u0026 Fee Rate Cards\n\u003e\n\u003e Over the past few years, a common thread we've seen across successful\n\u003e routing nodes is dynamic fee setting as a way to encourage/discourage\n\u003e traffic. A routing nodes can utilize the set of fees of a channel to either\n\u003e make it too expensive for other nodes to route through (it's already\n\u003e depleted don't try unless you'll give be 10 mil sats, which no one would) or\n\u003e very cheap, which'll incentivize flows in the other direction. If all nodes\n\u003e are constantly sending out updates of this nature, then it can generate a\n\u003e lot of traffic, and also sort of leak more balance information overtime\n\u003e (which some nodes are already doing: using fees/max_htlc to communicate\n\u003e available balances).\n\u003e\n\u003e One attendee proposed allowing nodes to express a sort of fee gradient via a\n\u003e static curve/bucket/function, instead of dynamically communicating what the\n\u003e latest state of the fee+liquidity distribution looks like. A possible\n\u003e manifestation could be a series of buckets, each of which with varying fee\n\u003e rates. If your payment consumes 50% of channel balance, then you pay this\n\u003e rate, otherwise if it's 5% you pay this rate, etc, etc.\n\nI think this is not what was actually proposed?\n\nAs I understood it, the percent range is not how much the payment consumes of the channel balance but instead the percent range is the probability-of-success given a uniform distribution of channel balance.\n\nFor instance if the current channel balance is currently 67%, then the forwarding node will succeed all payments that pay a fee from the 33% fee card or higher, otherwise fail the payment with \"not enough fees\".\n\nThe intent is that payers will treat 100% - fee_card_percent as the probability-of-failure of that channel, and can select which fee card maximizes both its probability-of-failure and max-fee in some kind of reasonable exchange rate.\n\nRegards,\nZmnSCPxj",
"sig": "0094198c8e516d0f13ac5759edb68294f14a8e4f6af74f32603b0e863d0538d5e91d350c73b80a939bd8976a99eb9fa7b9247c6482ca9ec9515144d0f73c5d9c"
}