📅 Original date posted:2018-10-16
📝 Original message:
Olaoluwa Osuntokun <laolu32 at gmail.com> writes:
> Hi Rusty,
>
> Happy to get the splicing train rolling!
>
>> We've had increasing numbers of c-lightning users get upset they can't
>> open multiple channels, so I guess we're most motivated to allow splicing
> of
>> existing channels
>
> Splicing isn't a substitute for allowing multiple channels. Multiple
> channels allow nodes to:
>
> * create distinct channels with distinct acceptance policies.
> * create a mix of public and non-advertised channels with a node.
> * be able to send more than the (current) max HTLC amount
> using various flavors of AMP.
> * get past the (current) max channel size value
> * allow a link to carry more HTLCs (due to the current super low max HTLC
> values) given the additional HTLC pressure that
> AMP may produce (alternative is a commitment fan out)
These all seem marginal to me. I think if we start hitting max values,
we should discuss increasing them.
> Is there a fundamental reason that CL will never allow nodes to create
> multiple channels? It seems unnecessarily limiting.
Yeah, we have a daemon per peer. It's really simple with 1 daemon, 1
channel. My own fault: I was the one who insisted we mux multiple
connections over the same transport; if we'd gone for independent
connections our implementation would have been trivial.
>> Splice Negotiation:
>
> Any reason to now make the splicing_add_* messages allow one to add several
> inputs in a single message? Given "acceptable" constraints for how large the
> witness and pkScripts can be, we can easily enforce an upper limit on the
> number of inputs/outputs to add.
Mainly limitations of our descriptor language, TBH.
> I like that the intro messages have already been designed with the
> concurrent case in mind beyond a simpler propose/accept flow. However is
> there any reason why it doesn't also allow either side to fully re-negotiate
> _all_ the funding details? Splicing is a good opportunity to garbage collect
> the prior revocation state, and also free up obsolete space in watch towers.
I thought about restarting the revocation sequence, but it seems like
that only saves a tiny amount since we only store log(N) entries. We
can drop old HTLC info post-splice though, and (after some delay for
obscurity) tell watchtowers to drop old entries I think.
> Additionally, as the size of the channel is either expanding or contracting,
> both sides should be allowed to modify things like the CSV param, reserve,
> max accepted htlc's, max htlc size, etc. Many of these parameters like the
> CSV value should scale with the size of the channel, not allowing these
> parameters to be re-negotiated could result in odd scenarios like still
> maintain a 1 week CSV when the channel size has dipped from 1 BTC to 100k
> satoshis.
Yep, good idea! I missed that.
Brings up a side point about these values, which deserves its own
post...
>> 1. type: 40 (`splice_add_input`) (`option_splice`)
>
> In order to add nested p2sh inputs, we'll need to also expose the redeem
> script here, or add additional fields to allow sides to set a sig script as
> well as witness during the signing phase.
>
>> - scriptpubkey is empty, or of form 'HASH160 <20-byte-script-hash> EQUAL'
>
> So no P2SH? :(
Another omission, yeah, we'd want that too I think.
>> * [`4`:`feerate_per_kw`]
>
> What fee rate is this? IMO we should do commitmentv2 before splicing as then
> we can more or less do away with the initiator distinction and have most
> fees be ad hoc.
We're basically co-generating a tx here, just like shutdown, except it's
funding a new replacement channel. Do we want to CPFP this one too?
>> Splice Signing
>
> It seems that we're missing some fields here if we're to allow the splicing
> of inputs to be done in a non-blocking manner. We'll need to send two
> revocation points for the new commitment: one to allow it to be created, and
> another to allow updates to proceed right after the signing is completed. In
> this case we'll also need to update both commitments in tandem until the
> splicing transaction has been sufficiently confirmed.
I think we can use the existing revocation points for both.
> Also, what about change addresses? Are they to be explicitly specified as
> splice outs?
They'd be splice-outs, yeah.
>> 1. type: 43 (`splice_commitment_signature`) (`option_splice`)
>
> It may be worth pointing out there that we're able to transfer all existing
> HTLCs over to the new commitment as additional context.
Yeah, I think people missed that it was non-blocking like that.
>> 1. type: 45 (`splice_witness`) (`option_splice`)
>
> Should also allow either side to specify the sig script here if we're to
> allow nested p2sh (which we should IMO!).
Yep.
>> * [`2`:`len`]
>> * [`len`:`witnesses`]
>
> Is the extra length needed if all the witness elements themselves are length
> delimited?
Yes, we always length-delimit fields so we can add options later.
>
> It isn't clear in the current draft, but I take it that the splice_signature
> is for the old multi-sig?
Yes, that's the signature required to spend the old funding txout.
>> so we append to the existing `channel_update` for the original channel,
>> using a new `message_flags` field:
>
> IMO, we need to hold off on optional fields for now, until we revisit the
> formatting in order to actually get it right. As is now, all the optional
> fields are basically serial mandatory soft forks. So clients must understand
> the prior in order to understand the following fields. Instead, we
> essentially need more of a map design.
You need to add prior options to your wire parser, but that's usually
the most trivial part of handling them. And they may waste space on the
wire since we treat them as append-only, but OTOH it avoids
combinatorial testing explosion.
>> The post-splice reserve is 1% of post-splice capcacity (rounded down).
>
> This should be re-negotiated at time of splice creation, rather than a new
> hard coded value in the protocol.
>
>> In addition, you can forget everything about the old channel (including
>> old HTLCs and revocation requirements).
>
> We still have the same shachain state however (if we don't allow new state
> to be exchanged during the start of the splicing scenario), correct?
Yep.
Thanks,
Rusty.
> -- Laolu
>
> -- Laolu
PS, Damn, I always suspected there were multiple Roasbeefs, and we're simply
dealing with the output of an advanced multiplexing protocol. I present
the above as conclusive evidence of this thesis...
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 12:51:46
in reply to nevent1q…hyfw
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 12:51:46Event JSON
{
"id": "908909ac62b2915959b6cdac337aa717509dfbe0e6ba177248ed3935ca61b1ab",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686315106,
"kind": 1,
"tags": [
[
"e",
"d33837a10906296cdab5e5ff391835a12bd3f5d27bdac072961b20f094855a4d",
"",
"root"
],
[
"e",
"5ebd515592162f3ff15e9af880b73fbf084efe452886340538a8bbdfcb685367",
"",
"reply"
],
[
"p",
"72cd40332ec782dd0a7f63acb03e3b6fdafa6d91bd1b6125cd8b7117a1bb8057"
]
],
"content": "📅 Original date posted:2018-10-16\n📝 Original message:\nOlaoluwa Osuntokun \u003claolu32 at gmail.com\u003e writes:\n\u003e Hi Rusty,\n\u003e\n\u003e Happy to get the splicing train rolling!\n\u003e\n\u003e\u003e We've had increasing numbers of c-lightning users get upset they can't\n\u003e\u003e open multiple channels, so I guess we're most motivated to allow splicing\n\u003e of\n\u003e\u003e existing channels\n\u003e\n\u003e Splicing isn't a substitute for allowing multiple channels. Multiple\n\u003e channels allow nodes to:\n\u003e\n\u003e * create distinct channels with distinct acceptance policies.\n\u003e * create a mix of public and non-advertised channels with a node.\n\u003e * be able to send more than the (current) max HTLC amount\n\u003e using various flavors of AMP.\n\u003e * get past the (current) max channel size value\n\u003e * allow a link to carry more HTLCs (due to the current super low max HTLC\n\u003e values) given the additional HTLC pressure that\n\u003e AMP may produce (alternative is a commitment fan out)\n\nThese all seem marginal to me. I think if we start hitting max values,\nwe should discuss increasing them.\n\n\u003e Is there a fundamental reason that CL will never allow nodes to create\n\u003e multiple channels? It seems unnecessarily limiting.\n\nYeah, we have a daemon per peer. It's really simple with 1 daemon, 1\nchannel. My own fault: I was the one who insisted we mux multiple\nconnections over the same transport; if we'd gone for independent\nconnections our implementation would have been trivial.\n\n\u003e\u003e Splice Negotiation:\n\u003e\n\u003e Any reason to now make the splicing_add_* messages allow one to add several\n\u003e inputs in a single message? Given \"acceptable\" constraints for how large the\n\u003e witness and pkScripts can be, we can easily enforce an upper limit on the\n\u003e number of inputs/outputs to add.\n\nMainly limitations of our descriptor language, TBH. \n\n\u003e I like that the intro messages have already been designed with the\n\u003e concurrent case in mind beyond a simpler propose/accept flow. However is\n\u003e there any reason why it doesn't also allow either side to fully re-negotiate\n\u003e _all_ the funding details? Splicing is a good opportunity to garbage collect\n\u003e the prior revocation state, and also free up obsolete space in watch towers.\n\nI thought about restarting the revocation sequence, but it seems like\nthat only saves a tiny amount since we only store log(N) entries. We\ncan drop old HTLC info post-splice though, and (after some delay for\nobscurity) tell watchtowers to drop old entries I think.\n\n\u003e Additionally, as the size of the channel is either expanding or contracting,\n\u003e both sides should be allowed to modify things like the CSV param, reserve,\n\u003e max accepted htlc's, max htlc size, etc. Many of these parameters like the\n\u003e CSV value should scale with the size of the channel, not allowing these\n\u003e parameters to be re-negotiated could result in odd scenarios like still\n\u003e maintain a 1 week CSV when the channel size has dipped from 1 BTC to 100k\n\u003e satoshis.\n\nYep, good idea! I missed that.\n\nBrings up a side point about these values, which deserves its own\npost...\n\n\u003e\u003e 1. type: 40 (`splice_add_input`) (`option_splice`)\n\u003e\n\u003e In order to add nested p2sh inputs, we'll need to also expose the redeem\n\u003e script here, or add additional fields to allow sides to set a sig script as\n\u003e well as witness during the signing phase.\n\u003e\n\u003e\u003e - scriptpubkey is empty, or of form 'HASH160 \u003c20-byte-script-hash\u003e EQUAL'\n\u003e\n\u003e So no P2SH? :(\n\nAnother omission, yeah, we'd want that too I think.\n\n\u003e\u003e * [`4`:`feerate_per_kw`]\n\u003e\n\u003e What fee rate is this? IMO we should do commitmentv2 before splicing as then\n\u003e we can more or less do away with the initiator distinction and have most\n\u003e fees be ad hoc.\n\nWe're basically co-generating a tx here, just like shutdown, except it's\nfunding a new replacement channel. Do we want to CPFP this one too?\n\n\u003e\u003e Splice Signing\n\u003e\n\u003e It seems that we're missing some fields here if we're to allow the splicing\n\u003e of inputs to be done in a non-blocking manner. We'll need to send two\n\u003e revocation points for the new commitment: one to allow it to be created, and\n\u003e another to allow updates to proceed right after the signing is completed. In\n\u003e this case we'll also need to update both commitments in tandem until the\n\u003e splicing transaction has been sufficiently confirmed.\n\nI think we can use the existing revocation points for both.\n\n\u003e Also, what about change addresses? Are they to be explicitly specified as\n\u003e splice outs?\n\nThey'd be splice-outs, yeah.\n\n\u003e\u003e 1. type: 43 (`splice_commitment_signature`) (`option_splice`)\n\u003e\n\u003e It may be worth pointing out there that we're able to transfer all existing\n\u003e HTLCs over to the new commitment as additional context.\n\nYeah, I think people missed that it was non-blocking like that.\n\n\u003e\u003e 1. type: 45 (`splice_witness`) (`option_splice`)\n\u003e\n\u003e Should also allow either side to specify the sig script here if we're to\n\u003e allow nested p2sh (which we should IMO!).\n\nYep.\n\n\u003e\u003e * [`2`:`len`]\n\u003e\u003e * [`len`:`witnesses`]\n\u003e\n\u003e Is the extra length needed if all the witness elements themselves are length\n\u003e delimited?\n\nYes, we always length-delimit fields so we can add options later.\n\n\u003e\n\u003e It isn't clear in the current draft, but I take it that the splice_signature\n\u003e is for the old multi-sig?\n\nYes, that's the signature required to spend the old funding txout.\n\n\u003e\u003e so we append to the existing `channel_update` for the original channel,\n\u003e\u003e using a new `message_flags` field:\n\u003e\n\u003e IMO, we need to hold off on optional fields for now, until we revisit the\n\u003e formatting in order to actually get it right. As is now, all the optional\n\u003e fields are basically serial mandatory soft forks. So clients must understand\n\u003e the prior in order to understand the following fields. Instead, we\n\u003e essentially need more of a map design.\n\nYou need to add prior options to your wire parser, but that's usually\nthe most trivial part of handling them. And they may waste space on the\nwire since we treat them as append-only, but OTOH it avoids\ncombinatorial testing explosion.\n\n\u003e\u003e The post-splice reserve is 1% of post-splice capcacity (rounded down).\n\u003e\n\u003e This should be re-negotiated at time of splice creation, rather than a new\n\u003e hard coded value in the protocol.\n\u003e\n\u003e\u003e In addition, you can forget everything about the old channel (including\n\u003e\u003e old HTLCs and revocation requirements).\n\u003e\n\u003e We still have the same shachain state however (if we don't allow new state\n\u003e to be exchanged during the start of the splicing scenario), correct?\n\nYep.\n\nThanks,\nRusty.\n\n\u003e -- Laolu\n\u003e\n\u003e -- Laolu\n\nPS, Damn, I always suspected there were multiple Roasbeefs, and we're simply\ndealing with the output of an advanced multiplexing protocol. I present\nthe above as conclusive evidence of this thesis...",
"sig": "0a7265d834ef29f8f3ad957d919ebecb2491f7a393a011f655cc30ee00bb316a92ef83b7d2befe629d76153fbe9c1703edeb8d3cb573689607a032c80064bc45"
}