š
Original date posted:2018-12-03
š Original message:
>
>
> > +----+ +----+
> > where node A is the āinitiatorā and node B is the ādual-funderā
>
> We currently use the terms funder and fundee, which are now
> inaccurate ofc. Perhaps 'opener' and 'accepter' are not great english,
> but they map to the messages well?
>
'opener' and 'accepter' do map to the messages. I've adopted it for the
rest of this response, to see how it fits in context.
"Another subtle point is the feerate_per_kw field; in the old scheme it
applied to the first commitment tx, but here it applies to both the
first commitment tx and the funding tx itself"
You're right. Initially I didn't think the `accepter` would care since
they're not paying them,
but you need it to be able to construct the funding transaction. I'll add a
second field, it seems
important to keep them separated esp since the timing consideration for the
fees is different (now vs the future).
> The sending node:
> > -
> > MAY begin channel establishment using `open_channel2`
>
> - MUST NOT send `open_channel`.
>
> > Otherwise the receiving node:
> > -
> > MUST return an error.
>
> This is a requirement for receiving `open_channel` IIUC?
>
> ie.
>
> The receiving node MUST fail the channel if:
> ...
> - `option_dual_fund` has been negotiated.
>
Does v2 of channel open necessarily deprecate the original between two
upgraded nodes?
This seems more sane than having both as an option...will update.
>
> > ____`funding_puts2`
>
> We can probably drop the 2 here and call it, um.. `funding_compose`?
> (Thanks thesaurus.com). I get where you're going with 'puts, but it
> took me a while :)
Initially only the duplicated messages had the 2-suffix, but ended up
adding it to all of them to denote that they belonged to the v2 of channel
open... I can see how that's confusing though.
+1 for `funding_compose`, it's definitely more easily understood. :-D
...
> > MUST NOT send a number of `input_data` and/or `output_data` which
> > exceeds the `put_limit`
>
> Side note: I wonder if we should relax this limit when we talk about
> `option_will_fund_for_food`?
>
Yes! Thanks for pointing this out.
>
> > -
> > MAY send an empty message
>
> Be explicit? MAY offer zero `num_inputs` and `num_outputs`. That's not
> quite an empty message...
>
I defined it a few lines above, but that's not super easy to see from this.
Will fix.
>
> > The receiving node:
> >
> > If is the initiator (A):
> >
> > -
> > MUST fail the channel if the `num_inputs` plus `num_outputs` is
> greater
> > than the `put_limit`
>
> How about MAY? It's a protection thing, but less to change when we
> option_will_fund_for_food. Unless we set the `put_limit` to min (4) or
> something in that case?
>
+1 for MAY, considering that the opener will be paying the fees.
The limit for what's reasonable to pay is fairly subjective, i.e. perhaps
the opener doesn't
care how many inputs/outputs the acceptor adds.
>
> Oh, it needs to check max_extra_witness_len is reasonable too, since
> that will affect the fees. Each signature adds 74, and pubkey adds 34,
> so I think MUST BE less than 500 is perfectly reasonable (for both
> reader and writer).
>
Ack
> > ___`funding_locked2`
> >
> > // same as v1
> >
> > Requirements:
> >
> > A dual-funding node (B):
> >
> > -
> >
> > SHOULD broadcast their funding transaction if it does not see the
> > transaction broadcast after a reasonable timeout.
>
> Let's just reuse `funding_locked` maybe?
>
> Not sure why this should wait for broadcast?
>
I was overthinking this*. Can't think of a reason for both sides not to
broadcast; will amend.
* confused it with conflicting transaction broadcast behavior
> > == RBF for Channel Establishment v2
> >
> > _____`init_rbf`
> >
> > This message is sent by the initiator, after the funding transaction has
> > been broadcast but before the `funding_locked2` has been exchanged.
> >
> > [32: `channel_id`]
> > [8: funding_satoshis]
> > [8:dust_limit_satoshis]
> > [8:channel_reserve_satoshis]
> > [4: feerate_per_kw]
> > [`2`:`num_inputs`]
> > [`num_inputs*input_info`]
> > [`2`:`num_outputs`]
> > [`num_outputs`*ouput_info`]
>
> Typo again :)
>
> > Requirements
> >
> > The sending node:
> > - MUST be the initiator (A)
> > - MAY update the amount, fee rate, dust limit, or channel reserve for
> the
> > channel
>
> - MAY send init_rbf if it considers the most recent funding tx unlikely
> to be confirmed in reasonable time.
> - MUST set `feerate_per_kw` larger than the most recent funding tx.
>
Another good reason to break out `funding_txn_feerate_per_kw` from
`commitment_txn_feerate_per_kw` in `open_channel2`
>
> Do we really want to negotiate everything again? It seems like the
> funder should be able to maybe add *new* inputs and outputs (though TBH
> I think that's going to be unusual enough that we could omit it), but
> doing a wholesale replacement means we have to be careful that the all
> RBFs end up having at least one input in common. Yech.
>
Only allowing the opener to add new inputs/outputs drives down the scope of
a RBF a good deal. I like it.
Adding new inputs seems like a common sense bare minimum, especially if we
assume wildly unpredictable fee rates.
> >
> > Rationale:
> >
> > Once an `init_rbf` has been accepted by the dual-funding node, the
> message
> > flow returns to `commitment_signed2` and proceeds as above, with the
> > exception that the `temporary_channel_id` remains as the `channel_id` for
> > the currently published but unmined transaction.
>
> By this stage, we are no longer using temporary_channel_id though.
>
> But it's an excellent point I had missed. The channel_id changes on
> each renegotiation. We could either switch channel_id *after*
> each accept_rbf, or keep the original channel_id until funding_locked2 (in
> which case it should have a "final_channel_id" field, to make sure we're
> talking about the same funding tx).
>
> Since we have to handle the "oops, old one got in!" it might be weird to
> see `funding_locked2` with an old txid. Perhaps we stick with the
> original channel_id until then, and flip *after* funding_locked2 is sent
> and received.
>
>
Would it be more sane to continue to include the temporary channel id,
in addition to the 'current' (i.e. most recently negotiated funding txn)
channel id,
until the funding_locked2 is sent (adds a `temporary_channel_id` field for
`commitment_signed2`, ` funding_signed2` and `funding_locked2`, in addition
to `channel_id`)?
That way, all opening messages would have a stable id across an RBF
re-negotiation, `temp_channel_id`.
Sticking with the first broadcast funding transaction hash feels
a bit misleading in the case of a second round of `commitment_signed2` and
`funding_signed2`.
> And yeah, no `update_fee`, `announcement_signatures` until that
> funding_locked2 exchange is complete, so we don't get those with an
> unsettled channel_id.
>
> > The channel id that becomes fixed for this node will be determined by the
> > `funding_locked2` message.
> >
> > ___`accept_rbf`
> >
> > This message accepts an RBF request, and renegotiates a dual-funderās
> > funds, dust limit, and channel reserve, and sends the dual-funderās
> updated
> > puts.
>
> I would make this an empty message, simply an ack. And note that
> the channel_id after this is that of the RBFed tx.
>
> The question then becomes what do we do about reconnection. I suggest:
>
> opener: if we haven't sent funding_signed, consider it cancelled. If
> we've received funding_signed, it's obviously locked in. If we sent
> and didn't received, re-xmit.
>
> accepter: must remember rbf if we sent commitment_signed2. If we
> received funding_signed it's locked in. If we receive an init_rbf,
> drop the one we remembered. If we receive funding_signed, continue.
>
> We still need to address the funding_tx construction; BIP69-style seems
> like an unnecessary information leak here. A 128-bit seed in
> open_channel2 could be added, with sorting by SHA(seed | <marshal of
> input> | <marshal of witness>) and SHA(seed | <marshal of output>)?
>
> Phew!
> Rusty.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20181203/4ac6a8cb/attachment.html>;
lisa neigut [ARCHIVE] /
npub1spā¦s64t2
2023-06-09 12:53:17
in reply to nevent1qā¦zg5e
Author Public Key
npub1sprhp66c693av0c0n9had046hcdcckp2th25fnmphwstc5e4wg9qxs64t2Published at
2023-06-09 12:53:17Event JSON
{
"id": "98dd8789beb5c612ae3e67a1174cf4ab67e9815e723af86be6f78f915d70ad71",
"pubkey": "804770eb58d163d63f0f996fd6bebabe1b8c582a5dd544cf61bba0bc5335720a",
"created_at": 1686315197,
"kind": 1,
"tags": [
[
"e",
"ff5ad68f03b81ff1e4d67ae765c86a3a4f9485953182dea4f651f8d167395f04",
"",
"root"
],
[
"e",
"d323254eb0c154b228f01b511b2ca26e8f5baa498ee6a9123025078bdad5daea",
"",
"reply"
],
[
"p",
"13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425"
]
],
"content": "š
Original date posted:2018-12-03\nš Original message:\n\u003e\n\u003e\n\u003e \u003e +----+ +----+\n\u003e \u003e where node A is the āinitiatorā and node B is the ādual-funderā\n\u003e\n\u003e We currently use the terms funder and fundee, which are now\n\u003e inaccurate ofc. Perhaps 'opener' and 'accepter' are not great english,\n\u003e but they map to the messages well?\n\u003e\n\n'opener' and 'accepter' do map to the messages. I've adopted it for the\nrest of this response, to see how it fits in context.\n\n\"Another subtle point is the feerate_per_kw field; in the old scheme it\napplied to the first commitment tx, but here it applies to both the\nfirst commitment tx and the funding tx itself\"\n\nYou're right. Initially I didn't think the `accepter` would care since\nthey're not paying them,\nbut you need it to be able to construct the funding transaction. I'll add a\nsecond field, it seems\nimportant to keep them separated esp since the timing consideration for the\nfees is different (now vs the future).\n\n\u003e The sending node:\n\u003e \u003e -\n\u003e \u003e MAY begin channel establishment using `open_channel2`\n\u003e\n\u003e - MUST NOT send `open_channel`.\n\u003e\n\u003e \u003e Otherwise the receiving node:\n\u003e \u003e -\n\u003e \u003e MUST return an error.\n\u003e\n\u003e This is a requirement for receiving `open_channel` IIUC?\n\u003e\n\u003e ie.\n\u003e\n\u003e The receiving node MUST fail the channel if:\n\u003e ...\n\u003e - `option_dual_fund` has been negotiated.\n\u003e\n\nDoes v2 of channel open necessarily deprecate the original between two\nupgraded nodes?\n\nThis seems more sane than having both as an option...will update.\n\n\n\u003e\n\u003e \u003e ____`funding_puts2`\n\u003e\n\u003e We can probably drop the 2 here and call it, um.. `funding_compose`?\n\u003e (Thanks thesaurus.com). I get where you're going with 'puts, but it\n\u003e took me a while :)\n\n\nInitially only the duplicated messages had the 2-suffix, but ended up\nadding it to all of them to denote that they belonged to the v2 of channel\nopen... I can see how that's confusing though.\n\n+1 for `funding_compose`, it's definitely more easily understood. :-D\n\n...\n\n\u003e \u003e MUST NOT send a number of `input_data` and/or `output_data` which\n\u003e \u003e exceeds the `put_limit`\n\u003e\n\u003e Side note: I wonder if we should relax this limit when we talk about\n\u003e `option_will_fund_for_food`?\n\u003e\n\nYes! Thanks for pointing this out.\n\n\n\u003e\n\u003e \u003e -\n\u003e \u003e MAY send an empty message\n\u003e\n\u003e Be explicit? MAY offer zero `num_inputs` and `num_outputs`. That's not\n\u003e quite an empty message...\n\u003e\n\nI defined it a few lines above, but that's not super easy to see from this.\nWill fix.\n\n\n\u003e\n\u003e \u003e The receiving node:\n\u003e \u003e\n\u003e \u003e If is the initiator (A):\n\u003e \u003e\n\u003e \u003e -\n\u003e \u003e MUST fail the channel if the `num_inputs` plus `num_outputs` is\n\u003e greater\n\u003e \u003e than the `put_limit`\n\u003e\n\u003e How about MAY? It's a protection thing, but less to change when we\n\u003e option_will_fund_for_food. Unless we set the `put_limit` to min (4) or\n\u003e something in that case?\n\u003e\n\n+1 for MAY, considering that the opener will be paying the fees.\nThe limit for what's reasonable to pay is fairly subjective, i.e. perhaps\nthe opener doesn't\n care how many inputs/outputs the acceptor adds.\n\n\n\u003e\n\u003e Oh, it needs to check max_extra_witness_len is reasonable too, since\n\u003e that will affect the fees. Each signature adds 74, and pubkey adds 34,\n\u003e so I think MUST BE less than 500 is perfectly reasonable (for both\n\u003e reader and writer).\n\u003e\n\nAck\n\n\n\u003e \u003e ___`funding_locked2`\n\u003e \u003e\n\u003e \u003e // same as v1\n\u003e \u003e\n\u003e \u003e Requirements:\n\u003e \u003e\n\u003e \u003e A dual-funding node (B):\n\u003e \u003e\n\u003e \u003e -\n\u003e \u003e\n\u003e \u003e SHOULD broadcast their funding transaction if it does not see the\n\u003e \u003e transaction broadcast after a reasonable timeout.\n\u003e\n\u003e Let's just reuse `funding_locked` maybe?\n\u003e\n\u003e Not sure why this should wait for broadcast?\n\u003e\n\nI was overthinking this*. Can't think of a reason for both sides not to\nbroadcast; will amend.\n\n* confused it with conflicting transaction broadcast behavior\n\n\n\u003e \u003e == RBF for Channel Establishment v2\n\u003e \u003e\n\u003e \u003e _____`init_rbf`\n\u003e \u003e\n\u003e \u003e This message is sent by the initiator, after the funding transaction has\n\u003e \u003e been broadcast but before the `funding_locked2` has been exchanged.\n\u003e \u003e\n\u003e \u003e [32: `channel_id`]\n\u003e \u003e [8: funding_satoshis]\n\u003e \u003e [8:dust_limit_satoshis]\n\u003e \u003e [8:channel_reserve_satoshis]\n\u003e \u003e [4: feerate_per_kw]\n\u003e \u003e [`2`:`num_inputs`]\n\u003e \u003e [`num_inputs*input_info`]\n\u003e \u003e [`2`:`num_outputs`]\n\u003e \u003e [`num_outputs`*ouput_info`]\n\u003e\n\u003e Typo again :)\n\u003e\n\u003e \u003e Requirements\n\u003e \u003e\n\u003e \u003e The sending node:\n\u003e \u003e - MUST be the initiator (A)\n\u003e \u003e - MAY update the amount, fee rate, dust limit, or channel reserve for\n\u003e the\n\u003e \u003e channel\n\u003e\n\u003e - MAY send init_rbf if it considers the most recent funding tx unlikely\n\u003e to be confirmed in reasonable time.\n\u003e - MUST set `feerate_per_kw` larger than the most recent funding tx.\n\u003e\n\nAnother good reason to break out `funding_txn_feerate_per_kw` from\n`commitment_txn_feerate_per_kw` in `open_channel2`\n\n\n\u003e\n\u003e Do we really want to negotiate everything again? It seems like the\n\u003e funder should be able to maybe add *new* inputs and outputs (though TBH\n\u003e I think that's going to be unusual enough that we could omit it), but\n\u003e doing a wholesale replacement means we have to be careful that the all\n\u003e RBFs end up having at least one input in common. Yech.\n\u003e\n\nOnly allowing the opener to add new inputs/outputs drives down the scope of\na RBF a good deal. I like it.\nAdding new inputs seems like a common sense bare minimum, especially if we\nassume wildly unpredictable fee rates.\n\n\n\u003e \u003e\n\u003e \u003e Rationale:\n\u003e \u003e\n\u003e \u003e Once an `init_rbf` has been accepted by the dual-funding node, the\n\u003e message\n\u003e \u003e flow returns to `commitment_signed2` and proceeds as above, with the\n\u003e \u003e exception that the `temporary_channel_id` remains as the `channel_id` for\n\u003e \u003e the currently published but unmined transaction.\n\u003e\n\u003e By this stage, we are no longer using temporary_channel_id though.\n\u003e\n\u003e But it's an excellent point I had missed. The channel_id changes on\n\u003e each renegotiation. We could either switch channel_id *after*\n\u003e each accept_rbf, or keep the original channel_id until funding_locked2 (in\n\u003e which case it should have a \"final_channel_id\" field, to make sure we're\n\u003e talking about the same funding tx).\n\u003e\n\u003e Since we have to handle the \"oops, old one got in!\" it might be weird to\n\u003e see `funding_locked2` with an old txid. Perhaps we stick with the\n\u003e original channel_id until then, and flip *after* funding_locked2 is sent\n\u003e and received.\n\u003e\n\u003e\nWould it be more sane to continue to include the temporary channel id,\nin addition to the 'current' (i.e. most recently negotiated funding txn)\nchannel id,\nuntil the funding_locked2 is sent (adds a `temporary_channel_id` field for\n`commitment_signed2`, ` funding_signed2` and `funding_locked2`, in addition\nto `channel_id`)?\nThat way, all opening messages would have a stable id across an RBF\nre-negotiation, `temp_channel_id`.\nSticking with the first broadcast funding transaction hash feels\na bit misleading in the case of a second round of `commitment_signed2` and\n`funding_signed2`.\n\n\n\u003e And yeah, no `update_fee`, `announcement_signatures` until that\n\u003e funding_locked2 exchange is complete, so we don't get those with an\n\u003e unsettled channel_id.\n\u003e\n\u003e \u003e The channel id that becomes fixed for this node will be determined by the\n\u003e \u003e `funding_locked2` message.\n\u003e \u003e\n\u003e \u003e ___`accept_rbf`\n\u003e \u003e\n\u003e \u003e This message accepts an RBF request, and renegotiates a dual-funderās\n\u003e \u003e funds, dust limit, and channel reserve, and sends the dual-funderās\n\u003e updated\n\u003e \u003e puts.\n\u003e\n\u003e I would make this an empty message, simply an ack. And note that\n\u003e the channel_id after this is that of the RBFed tx.\n\u003e\n\u003e The question then becomes what do we do about reconnection. I suggest:\n\u003e\n\u003e opener: if we haven't sent funding_signed, consider it cancelled. If\n\u003e we've received funding_signed, it's obviously locked in. If we sent\n\u003e and didn't received, re-xmit.\n\u003e\n\u003e accepter: must remember rbf if we sent commitment_signed2. If we\n\u003e received funding_signed it's locked in. If we receive an init_rbf,\n\u003e drop the one we remembered. If we receive funding_signed, continue.\n\u003e\n\u003e We still need to address the funding_tx construction; BIP69-style seems\n\u003e like an unnecessary information leak here. A 128-bit seed in\n\u003e open_channel2 could be added, with sorting by SHA(seed | \u003cmarshal of\n\u003e input\u003e | \u003cmarshal of witness\u003e) and SHA(seed | \u003cmarshal of output\u003e)?\n\u003e\n\u003e Phew!\n\u003e Rusty.\n\u003e\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20181203/4ac6a8cb/attachment.html\u003e",
"sig": "52f30a17f794e1d18383964a72da25c897163f74a3ca1ca965a47cfd17081ced528c77e4e4ee80ff6aa023cc47f3942918cfac1dc4f51e591de6392cf5200f51"
}