📅 Original date posted:2022-02-24
📝 Original message:
Olaoluwa Osuntokun <laolu32 at gmail.com> writes:
> Hi y'all,
>
> (TL;DR: a way to nodes to get paid to forward onion messages by adding an
> upfront session creation phase that uses AMP tender a messaging session to a
> receiver, with nodes being paid upfront for purchase of forwarding
> bandwidth, and a session identifier being transmitted alongside onion
> messages to identify paid sessions)
AMP seems to be a Lightning Labs proprietary extension. You mean
keysend, which at least has a draft spec?
> Onion messaging has been proposed as a way to do things like fetch invoices
> directly from a potential receiver _directly_ over the existing LN. The
> current proposal (packaged under the BOLT 12 umbrella) uses a new message
> (`onion_message`) that inherits the design of the existing Sphinx-based
> onion blob included in htlc_add messages as a way to propagate arbitrary
> messages across the network. Blinded paths which are effectively an unrolled
> Sphinx SURB (single use reply block), are used to support reply messages in
> a more private manner. Compared to SURBs, blinded paths are more flexible as
> they don't lock in things like fees or CLTV values.
>
> A direct outcome of widespread adoption of the proposal is that the scope of
> LN is expanded beyond "just" a decentralized p2p payment system, with the
Sure, let's keep encouraging people to use HTLCs for free to send data?
I can certainly implement that if you prefer!
> 1. As there's no explicit session creation/acceptance, a node can be
> spammed with unsolicited messages with no way to deny unwanted messages nor
> explicitly allow messages from certain senders.
>
> 2. Nodes that forward these messages (up to 32 KB per message) receive no
> compensation for the network bandwidth their expend, effectively shuffling
> around messages for free.
>
> 3. Rate limiting isn't concretely addressed, which may result in
> heterogeneous rate limiting policies enforced around the network, which can
> degrade the developer/user experience (why are my packets being randomly
> dropped?).
Sure, this is a fun one! I can post separately on ratelimiting; I
suggest naively limiting to 10/sec for peers with channels, and 1/sec
for peers without for now.
(In practice, spamming with HTLCs is infinitely more satisfying...)
> In this email I propose a way to address the issues mentioned above by
> adding explicit onion messaging session creation as well as a way for nodes
> to be (optionally) paid for any onion messages they forward. In short, an
> explicit session creation phase is introduced, with the receiver being able
> to accept/deny the session. If the session is accepted, then all nodes that
> comprise the session route are compensated for allotting a certain amount of
> bandwidth to the session (which is ephemeral by nature).
It's an interesting layer on top (esp if you want to stream movies), but
I never proposed this because it seems to add a source-identifying
session id, which is a huge privacy step backwards.
You really *do not want* to use this for independent transmissions.
I flirted with using blinded tokens, but it gets complex fast; ideas
welcome!
> ## Node Announcement TLV Extension
>
> In order to allow nodes to signal that they want to be paid to forward onion
> messages and also specify their pricing, we add two new TLV to the node_ann
> message:
>
> * type: 1 (`sats_per_byte`)
> * data:
> * [`uint64`:`forwarding_rate`]
> * type: 2 (`sats_per_block`)
> * data:
> * [`uint64`:`per_block_rate`]
You mean:
* type: 1 (`sats_per_byte`)
* data:
* [`tu64`:`forwarding_rate`]
* type: 3 (`sats_per_block`)
* data:
* [`tu64`:`per_block_rate`]
1. Don't use an even TLV field.
2. Might as well use truncated u64.
> The `sats_per_byte` field allows nodes to price their bandwidth, ensuring
> that they get paid for each chunk of allocated bandwidth. As sessions have a
> fixed time frame and nodes need to store additional data within that time
> frame, the `sats_per_block` allows nodes to price this cost, as they'll hold
> onto the session identifier information until the specified block height
> (detailed below).
>
> As onion messages will _typically_ be fixed sized we may want to use
> coursers
> metering here instead of bytes, possibly paying for 1.3KB or 32 KB chunks
> instead.
I think it's a premature optimization? Make standard duration 2016
blocks; then they can request multiples if they want? Reduces
node_announcement size.
> With the above nodes are able to express that they're willing to forward
> messages for sats, and how much they charge per byte as well as per block.
> Next we add a new TLV in the _existing_ HTLC onion blob that allows a
> sending node to tender paid onion message session creation. A sketch of this
> type would look something like:
>
> * type: 14 (`onion_session_id`)
> * data:
> * [`32*byte`:`session_id`]
I'd be tempted to use 16 bytes? Collisions here are not really a thing
since you'd need a network packet per probe, and you're time limited.
> After session creation succeeds, nodes will forward onion messages that
> include that `onion_session_id`. The set of `encrypted_data_tlv` for onion
> messages is extended to also specify a new type that stores the session ID:
>
> * type: 10 (`onion_session_id`)
> * data:
> * [`32*byte`:`session_id`]
>
> When forwarding an onion message that includes an `onion_session_id` (a node
> may only forward messages that contain such an ID), nodes do the necessary
> bookkeeping to tally how much bandwidth if left in this session, and also
> check that the session hasn't expired before forwarding.
This is good because it doesn't require a db write (if you crash and
forget to charge, it's OK).
AFAICT this is easy to implement on top of onion_messages as they stand
today (if you don't want to fwd free onion messages at all, don't set
that bit?).
Cheers,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 13:05:24
in reply to nevent1q…uf3d
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 13:05:24Event JSON
{
"id": "1394a4fe6ca354d729da5727dc8bf3a5f2ccfb520b60086639c1d463cf61b820",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686315924,
"kind": 1,
"tags": [
[
"e",
"27dfd7ce5a2cc7266e3ad4b5af30ad25bdd38a7eed911dc78c3a35a771ab9cca",
"",
"root"
],
[
"e",
"e49debd7eba44389b8a507a7bc313e9172707efc2d3da92754c621ca0605940b",
"",
"reply"
],
[
"p",
"2df3fc2660459521b852c995d4fc1a93938389a5e085677d0ebb33ef92cc5476"
]
],
"content": "📅 Original date posted:2022-02-24\n📝 Original message:\nOlaoluwa Osuntokun \u003claolu32 at gmail.com\u003e writes:\n\u003e Hi y'all,\n\u003e\n\u003e (TL;DR: a way to nodes to get paid to forward onion messages by adding an\n\u003e upfront session creation phase that uses AMP tender a messaging session to a\n\u003e receiver, with nodes being paid upfront for purchase of forwarding\n\u003e bandwidth, and a session identifier being transmitted alongside onion\n\u003e messages to identify paid sessions)\n\nAMP seems to be a Lightning Labs proprietary extension. You mean\nkeysend, which at least has a draft spec?\n\n\u003e Onion messaging has been proposed as a way to do things like fetch invoices\n\u003e directly from a potential receiver _directly_ over the existing LN. The\n\u003e current proposal (packaged under the BOLT 12 umbrella) uses a new message\n\u003e (`onion_message`) that inherits the design of the existing Sphinx-based\n\u003e onion blob included in htlc_add messages as a way to propagate arbitrary\n\u003e messages across the network. Blinded paths which are effectively an unrolled\n\u003e Sphinx SURB (single use reply block), are used to support reply messages in\n\u003e a more private manner. Compared to SURBs, blinded paths are more flexible as\n\u003e they don't lock in things like fees or CLTV values.\n\u003e\n\u003e A direct outcome of widespread adoption of the proposal is that the scope of\n\u003e LN is expanded beyond \"just\" a decentralized p2p payment system, with the\n\nSure, let's keep encouraging people to use HTLCs for free to send data?\nI can certainly implement that if you prefer!\n\n\u003e 1. As there's no explicit session creation/acceptance, a node can be\n\u003e spammed with unsolicited messages with no way to deny unwanted messages nor\n\u003e explicitly allow messages from certain senders.\n\u003e\n\u003e 2. Nodes that forward these messages (up to 32 KB per message) receive no\n\u003e compensation for the network bandwidth their expend, effectively shuffling\n\u003e around messages for free.\n\u003e\n\u003e 3. Rate limiting isn't concretely addressed, which may result in\n\u003e heterogeneous rate limiting policies enforced around the network, which can\n\u003e degrade the developer/user experience (why are my packets being randomly\n\u003e dropped?).\n\nSure, this is a fun one! I can post separately on ratelimiting; I\nsuggest naively limiting to 10/sec for peers with channels, and 1/sec\nfor peers without for now.\n\n(In practice, spamming with HTLCs is infinitely more satisfying...)\n\n\u003e In this email I propose a way to address the issues mentioned above by\n\u003e adding explicit onion messaging session creation as well as a way for nodes\n\u003e to be (optionally) paid for any onion messages they forward. In short, an\n\u003e explicit session creation phase is introduced, with the receiver being able\n\u003e to accept/deny the session. If the session is accepted, then all nodes that\n\u003e comprise the session route are compensated for allotting a certain amount of\n\u003e bandwidth to the session (which is ephemeral by nature).\n\nIt's an interesting layer on top (esp if you want to stream movies), but\nI never proposed this because it seems to add a source-identifying\nsession id, which is a huge privacy step backwards.\n\nYou really *do not want* to use this for independent transmissions.\n\nI flirted with using blinded tokens, but it gets complex fast; ideas\nwelcome!\n\n\u003e ## Node Announcement TLV Extension\n\u003e\n\u003e In order to allow nodes to signal that they want to be paid to forward onion\n\u003e messages and also specify their pricing, we add two new TLV to the node_ann\n\u003e message:\n\u003e\n\u003e * type: 1 (`sats_per_byte`)\n\u003e * data:\n\u003e * [`uint64`:`forwarding_rate`]\n\u003e * type: 2 (`sats_per_block`)\n\u003e * data:\n\u003e * [`uint64`:`per_block_rate`]\n\nYou mean:\n\n * type: 1 (`sats_per_byte`)\n * data:\n * [`tu64`:`forwarding_rate`]\n * type: 3 (`sats_per_block`)\n * data:\n * [`tu64`:`per_block_rate`]\n\n1. Don't use an even TLV field.\n2. Might as well use truncated u64.\n\n\u003e The `sats_per_byte` field allows nodes to price their bandwidth, ensuring\n\u003e that they get paid for each chunk of allocated bandwidth. As sessions have a\n\u003e fixed time frame and nodes need to store additional data within that time\n\u003e frame, the `sats_per_block` allows nodes to price this cost, as they'll hold\n\u003e onto the session identifier information until the specified block height\n\u003e (detailed below).\n\u003e\n\u003e As onion messages will _typically_ be fixed sized we may want to use\n\u003e coursers\n\u003e metering here instead of bytes, possibly paying for 1.3KB or 32 KB chunks\n\u003e instead.\n\nI think it's a premature optimization? Make standard duration 2016\nblocks; then they can request multiples if they want? Reduces\nnode_announcement size.\n\n\u003e With the above nodes are able to express that they're willing to forward\n\u003e messages for sats, and how much they charge per byte as well as per block.\n\u003e Next we add a new TLV in the _existing_ HTLC onion blob that allows a\n\u003e sending node to tender paid onion message session creation. A sketch of this\n\u003e type would look something like:\n\u003e\n\u003e * type: 14 (`onion_session_id`)\n\u003e * data:\n\u003e * [`32*byte`:`session_id`]\n\nI'd be tempted to use 16 bytes? Collisions here are not really a thing\nsince you'd need a network packet per probe, and you're time limited.\n\n\u003e After session creation succeeds, nodes will forward onion messages that\n\u003e include that `onion_session_id`. The set of `encrypted_data_tlv` for onion\n\u003e messages is extended to also specify a new type that stores the session ID:\n\u003e\n\u003e * type: 10 (`onion_session_id`)\n\u003e * data:\n\u003e * [`32*byte`:`session_id`]\n\u003e\n\u003e When forwarding an onion message that includes an `onion_session_id` (a node\n\u003e may only forward messages that contain such an ID), nodes do the necessary\n\u003e bookkeeping to tally how much bandwidth if left in this session, and also\n\u003e check that the session hasn't expired before forwarding.\n\nThis is good because it doesn't require a db write (if you crash and\nforget to charge, it's OK).\n\nAFAICT this is easy to implement on top of onion_messages as they stand\ntoday (if you don't want to fwd free onion messages at all, don't set\nthat bit?).\n\nCheers,\nRusty.",
"sig": "774d6b84ea8743272a57163053ebfa687172347f41c1144c08ab7853f630aa8028dbaa0118ad5e03f995836c7e530dfcd0046b4899c671f33f440c52fbf083ef"
}