📅 Original date posted:2015-09-01
📝 Original message:
Anthony Towns schreef op di 01-09-2015 om 07:08 [+1000]:
> On 31 August 2015 at 04:01, CJP <cjp at ultimatestunts.nl> wrote:
> > A - b - c - D - e - F - g - H
> > H pays 0.003 mBTC to F (explicit source routing fee;
> H
> > selected F for
> > onion-routing towards D, without A's knowledge)
> > You mean "D selected F for onion-routing towards H" here,
> surely?
> No :-)
> Both sides of a payment may value their privacy, so both sides
> may want
> to perform onion routing independently.
>
> It's a bit similar to TOR hidden
> services: you route from both sides towards a "meeting point"
> somewhere
> on the route, which is not necessarily one of the end points.
>
>
> Hmm. I would look at that more like:
>
>
> Setup:
> - H wants to be secretive.
> - H establishes a channel with g
Yes.
> - H tells F he can route to H via g
> - H tells D he can route to H via F
No. If H has a routable address (which is optional in this scenario,
since it's not used here), it would be "g tells F he can route to H via
g". But that information isn't used here, and the transaction isn't tied
to H's routable address, since there is no "routing to H" in this
scenario: there is only routing from A to D and from H to D through F.
> Announcement:
> - H tells other people (such as A) they can route to H via D
No. H just tells A he can route this particular transaction to D. A
doesn't know H.
>
> Then A sends a txn for H to D as instructed, and D chooses to forward
> it on via F.
No. The sequence is:
- A establishes a route to D as instructed
- H establishes a route to F, and instructs F to establish a route to D
- F establishes a route to D as instructed
- D matches the two sides, and informs both sides that a route is
present.
- The transaction is locked (HTLC created), starting on the A-b link,
then b-c, and so on, all the way to the g-H link.
>
> (Hmm. In that scenario, if e tried to send a txn to H, she would route
> via D, then find D routed the txn back to it -- using the same R --
> and that F was the next destination. This would be an information
> leak, arguably. Likewise for anyone whose cheapest path to D was
> through e)
Does not apply to the way I describe how it should work.
>
> Note that, because locking of transaction funds is always done
> in payer
> -> payee direction, this requires a separate routing phase
> before the
> locking. So, first you find a route (where all parties say
> they agree to
> fees, tx amount, timeouts and other conditions), and then you
> start
> performing transaction-channel actions.
>
>
> Isn't that a bit circular -- "you obtain the route by sending messages
> along the route" ?
No. Route finding can consist of several attempts, and each attempt
consists of sending messages between nodes. Once you find a route
(probably the first attempt in a well-optimized routing system), you can
send further messages along the route, but you did in fact already send
messages along the route prior to knowing that it will become your
route.
>
> It also relies on end-to-end communication in realtime, which wouldn't
> work for paying to a cold-wallet lightning channel that's only
> occassionally online.
I don't see how lightning could pay to a cold wallet. I assume that, at
least when starting a transaction, all nodes on the route are online.
>
> If you *did* assume everything is in realtime, you could avoid fines
> entirely just by having the protocol be something like:
>
>
> - the official timeout was 4 days, the unofficial timeout is 4
> minutes
> - ...
> - okay 4 minutes is up, do you know R?
> - no, okay, we're revoking the transaction.
> - you don't want to? fine, channel is closed.
I assume the "official" timeout is the one mentioned in the HTLC; it has
to be large (several days) to avoid nodes becoming vulnerable due to
loss of connectivity in the middle of a transaction: it might take you
some time to establish an alternative internet connection, and it has to
happen before the official timeout.
Neighbors can always try to impose shorter unofficial time-outs, with
the sanction that the channel will be closed. The consequence is that
both sides, and the network as a whole, lose a link, so it should be
avoided if possible.
>
> Maybe that's what the default protocol should be anyway, and fines are
> just an extension to that to bribe the payer not to close the
> channel...
Yes.
> You could of course ignore source routing for the fines, and
> distribute
> the fines as if it is only a non-source routing path. The
> problem is
> that an attacker can create an arbitrarily long path with
> source
> routing, thereby creating arbitrarily large total damage to
> the network,
> corresponding to arbitrarily large total fines.
>
>
> I don't think it can go arbitrarily large -- if the recipient is
> paying the fines at each point, then the scenario is:
I don't understand how an intermediate point (D or F) can enforce
payment of fines by A or H.
You could of course pre-pay the fines with a separate transaction, which
has D or F as payee endpoint, and send the fines back in case of a
successful transaction. This assumes the intermediate nodes are trusted
with the fine amounts.
CJP
CJP [ARCHIVE] /
npub13q…cuzdm
2023-06-09 12:44:17
in reply to nevent1q…tlv4
Author Public Key
npub13q863scgpsaanrjhfn7dd4h48lgnupgkcs828arzj4pckrq8hh6s4cuzdmPublished at
2023-06-09 12:44:17Event JSON
{
"id": "16800aab1892b0d0f73afaac93ac531035db9fba6995a5af10f80e6780623246",
"pubkey": "880fa8c3080c3bd98e574cfcd6d6f53fd13e0516c40ea3f46295438b0c07bdf5",
"created_at": 1686314657,
"kind": 1,
"tags": [
[
"e",
"428192df74a2b1222798f1b35346001f531f739da9c977185afdc53f6ee5537c",
"",
"reply"
],
[
"p",
"9456f7acb763eaab2e02bd8e60cf17df74f352c2ae579dce1f1dd25c95dd611c"
]
],
"content": "📅 Original date posted:2015-09-01\n📝 Original message:\nAnthony Towns schreef op di 01-09-2015 om 07:08 [+1000]:\n\u003e On 31 August 2015 at 04:01, CJP \u003ccjp at ultimatestunts.nl\u003e wrote:\n\u003e \u003e A - b - c - D - e - F - g - H\n\u003e \u003e H pays 0.003 mBTC to F (explicit source routing fee;\n\u003e H\n\u003e \u003e selected F for\n\u003e \u003e onion-routing towards D, without A's knowledge)\n\u003e \u003e You mean \"D selected F for onion-routing towards H\" here,\n\u003e surely?\n\u003e No :-)\n\u003e Both sides of a payment may value their privacy, so both sides\n\u003e may want\n\u003e to perform onion routing independently.\n\u003e \n\u003e It's a bit similar to TOR hidden\n\u003e services: you route from both sides towards a \"meeting point\"\n\u003e somewhere\n\u003e on the route, which is not necessarily one of the end points.\n\u003e \n\u003e \n\u003e Hmm. I would look at that more like:\n\u003e \n\u003e \n\u003e Setup:\n\u003e - H wants to be secretive.\n\u003e - H establishes a channel with g\n\nYes.\n\n\u003e - H tells F he can route to H via g\n\u003e - H tells D he can route to H via F\n\nNo. If H has a routable address (which is optional in this scenario,\nsince it's not used here), it would be \"g tells F he can route to H via\ng\". But that information isn't used here, and the transaction isn't tied\nto H's routable address, since there is no \"routing to H\" in this\nscenario: there is only routing from A to D and from H to D through F.\n\n\u003e Announcement:\n\u003e - H tells other people (such as A) they can route to H via D\n\nNo. H just tells A he can route this particular transaction to D. A\ndoesn't know H.\n\u003e \n\u003e Then A sends a txn for H to D as instructed, and D chooses to forward\n\u003e it on via F.\n\nNo. The sequence is:\n- A establishes a route to D as instructed\n- H establishes a route to F, and instructs F to establish a route to D\n- F establishes a route to D as instructed\n- D matches the two sides, and informs both sides that a route is\npresent. \n- The transaction is locked (HTLC created), starting on the A-b link,\nthen b-c, and so on, all the way to the g-H link.\n\u003e \n\u003e (Hmm. In that scenario, if e tried to send a txn to H, she would route\n\u003e via D, then find D routed the txn back to it -- using the same R --\n\u003e and that F was the next destination. This would be an information\n\u003e leak, arguably. Likewise for anyone whose cheapest path to D was\n\u003e through e)\n\nDoes not apply to the way I describe how it should work.\n\u003e \n\u003e Note that, because locking of transaction funds is always done\n\u003e in payer\n\u003e -\u003e payee direction, this requires a separate routing phase\n\u003e before the\n\u003e locking. So, first you find a route (where all parties say\n\u003e they agree to\n\u003e fees, tx amount, timeouts and other conditions), and then you\n\u003e start\n\u003e performing transaction-channel actions.\n\u003e \n\u003e \n\u003e Isn't that a bit circular -- \"you obtain the route by sending messages\n\u003e along the route\" ? \n\nNo. Route finding can consist of several attempts, and each attempt\nconsists of sending messages between nodes. Once you find a route\n(probably the first attempt in a well-optimized routing system), you can\nsend further messages along the route, but you did in fact already send\nmessages along the route prior to knowing that it will become your\nroute.\n\u003e \n\u003e It also relies on end-to-end communication in realtime, which wouldn't\n\u003e work for paying to a cold-wallet lightning channel that's only\n\u003e occassionally online.\n\nI don't see how lightning could pay to a cold wallet. I assume that, at\nleast when starting a transaction, all nodes on the route are online.\n\u003e \n\u003e If you *did* assume everything is in realtime, you could avoid fines\n\u003e entirely just by having the protocol be something like:\n\u003e \n\u003e \n\u003e - the official timeout was 4 days, the unofficial timeout is 4\n\u003e minutes\n\u003e - ...\n\u003e - okay 4 minutes is up, do you know R?\n\u003e - no, okay, we're revoking the transaction.\n\u003e - you don't want to? fine, channel is closed.\n\nI assume the \"official\" timeout is the one mentioned in the HTLC; it has\nto be large (several days) to avoid nodes becoming vulnerable due to\nloss of connectivity in the middle of a transaction: it might take you\nsome time to establish an alternative internet connection, and it has to\nhappen before the official timeout.\n\nNeighbors can always try to impose shorter unofficial time-outs, with\nthe sanction that the channel will be closed. The consequence is that\nboth sides, and the network as a whole, lose a link, so it should be\navoided if possible.\n\u003e \n\u003e Maybe that's what the default protocol should be anyway, and fines are\n\u003e just an extension to that to bribe the payer not to close the\n\u003e channel...\n\nYes.\n\n\u003e You could of course ignore source routing for the fines, and\n\u003e distribute\n\u003e the fines as if it is only a non-source routing path. The\n\u003e problem is\n\u003e that an attacker can create an arbitrarily long path with\n\u003e source\n\u003e routing, thereby creating arbitrarily large total damage to\n\u003e the network,\n\u003e corresponding to arbitrarily large total fines. \n\u003e \n\u003e \n\u003e I don't think it can go arbitrarily large -- if the recipient is\n\u003e paying the fines at each point, then the scenario is:\n\nI don't understand how an intermediate point (D or F) can enforce\npayment of fines by A or H.\n\nYou could of course pre-pay the fines with a separate transaction, which\nhas D or F as payee endpoint, and send the fines back in case of a\nsuccessful transaction. This assumes the intermediate nodes are trusted\nwith the fine amounts.\n\nCJP",
"sig": "ffb4829db980be681ce868b573fff71418be60e41b90a345276d80c4e23c21c7889a37ce138ec26cb15df731cdd723db83233f1e20092715c37c94741dd7090d"
}