📅 Original date posted:2018-12-10
📝 Original message:
Hi,
> > We might have to loosen the restrictions a bit how that information is validated of course.
> For the case of Burchert-Decker-Wattenhofer channel factories, a single channel announcement will be done for all channels within the factory, signed off by all of the participants in the channel factory, and we presume that the factory participants have validated that the money owned by who is actually owned by that who. However, each channel within the factory would then need channel updates only signed off by the two direct participants in the channel. When channels within the factory are reorganized, a new announcement will need to be done and signed off on by participants in the factory who performed the reorg.
I was more talking about situations where we *aren't* doing
Burchert-Decker-Wattenhofer and want (unannounced) subchannels.
Another idea is to have peers lie in the channel announcement which
particular channel has the funds moving when routing a payment. So
you say "this channel has x msat capacity" and when other peers
request to route payments through it, the parties already have agreed
to send it through the unannounced subchannel. Or just leave the
ability to route through unanounced secret subchannels to situations
where you've been given an invoice with a partial path already
provided and the sender just "assumes" that the payment will work.
It should be trivial to compose Fulgurite in
Burchert-Decker-Wattenhofer exactly as-is, and you'd still get all the
nice scalability benefits.
> Suppose we have a contract with a timelock at time N.
> And this contract is put inside an update mechanism with CSV requirement of time M.
> The contract must be cancelled by the participants at time N - M.
> However, if not cancelled, the contract will be dropped onchain, and its true expiry will still be at time N.
> In short, the contract changes between offchain (expires at time N - M) and onchain (expires at time N).
To do that generally would be to have partitions give an optional
"must be gone by" deadline where we should either get rid of the
partition by then (somehow, we don't actually care) or force the
channel on-chain if we're not using a "timeless" update mechanism like
Poon-Dryja. Operations like ExpireHtlc should calculate an earlier
deadline at which they'd become accepted, and be the thing to actually
remove the in-channel HTLC "the right way".
Complementary to that, I have the update mechanism update a "validity
deadline" as a side effect after a state has been re-signed, which
helps us to know when to do periodic re-signings.
- Trey Del Bonis
On Sat, Dec 8, 2018 at 2:37 PM ZmnSCPxj <ZmnSCPxj at protonmail.com> wrote:
>
> Good morning Trey,
> > There's already some amount of trust in the
> > information you're getting about channels, so I think we have a bit of
> > flexibility with regard to what we announce to the rest of the
> > network. We might have to loosen the restrictions a bit how that
> > information is validated of course.
>
> The validation of channel data (other than the fact that it is locked on the blockchain) is simply checking that both sides of the channel have agreed, i.e. signatures from one or both endpoints.
> That is the only validation necessary, since any details of the channel will be their inviolate demesne; we do not need global consensus for things like what fees the node wants to charge for the use of the channel.
> Only that the channel truly exists, is the only consensus validation we need.
>
> For the case of Burchert-Decker-Wattenhofer channel factories, a single channel announcement will be done for all channels within the factory, signed off by all of the participants in the channel factory, and we presume that the factory participants have validated that the money owned by who is actually owned by that who. However, each channel within the factory would then need channel updates only signed off by the two direct participants in the channel. When channels within the factory are reorganized, a new announcement will need to be done and signed off on by participants in the factory who performed the reorg.
>
> Burchert-Decker-Wattenhofer also allows channels to close and then reorganized with only a proper subset of the original factory participants, but this creates even more transactions and possibly greater CSV requirements.
>
>
> > > So it seems to me better to move time-sensitivity to Fulgurite than to higher layers.
> > > Higher layers can simply be concerned about what contracts it wants to enter into.
> > > The higher layer informs the Fulgurite layer of the shortest absolute timelock in each contract it enters into.
> > > The Fulgurite layer then returns to the higher layer the latest blockheight at which it can still safely collapse the Fulgurite system, or an error that the absolute timelock is too near and is already not enforceable at the Fulgurite layer.
> >
> > That's a good way to do it. I'll try something like that.
>
> Of note, is that the update mechanism can always cancel any contract if all participants in the updateable cryptocurrency system have agreed.
>
> One can consider the fulfillment of the hashlock in an HTLC to actually cancel the contract, and put its fund into whoever fulfilled it.
> Similarly, if the timelock on an HTLC is about to expire, then both sides can agree to simply cancel it back to the beneficiary of the timelock branch.
>
> From this point-of-view, then, when the timelock is about to expire, and the other side refuses to sign off on the cancellation, our only remaining remedy is to fail the system and drop to onchain for enforcement.
>
> Under Poon-Dryja there is no CSV requirement and the above point-of-view is easy to consider.
>
> Under Decker-Wattenhofer and Decker-Russell-Osuntokun, there exists this CSV requirement and this becomes complicated.
> Suppose we have a contract with a timelock at time N.
> And this contract is put inside an update mechanism with CSV requirement of time M.
> The contract must be cancelled by the participants at time N - M.
> However, if not cancelled, the contract will be dropped onchain, and its true expiry will still be at time N.
> In short, the contract changes between offchain (expires at time N - M) and onchain (expires at time N).
>
> Regards,
> ZmnSCPxj
>
Trey Del Bonis [ARCHIVE] /
npub1pm…3snze
2023-06-09 12:53:25
in reply to nevent1q…4zm4
Author Public Key
npub1pmul68qwkkgnmjq6ql09cx762qxteaqwajyeckpr3djmsa60da5qn3snzePublished at
2023-06-09 12:53:25Event JSON
{
"id": "11e21867e615df19d3a85107d9992dd0fe18072b5b220f8d45c0529a995cc64d",
"pubkey": "0ef9fd1c0eb5913dc81a07de5c1bda500cbcf40eec899c58238b65b8774f6f68",
"created_at": 1686315205,
"kind": 1,
"tags": [
[
"e",
"4318192d0436409ff904ebd6fe1124c129cd2250125f301ef276526c19f115db",
"",
"root"
],
[
"e",
"beeb3587d2edefa57beba89582b284b9f051a104f76fa1b07a90509992af8f43",
"",
"reply"
],
[
"p",
"4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861"
]
],
"content": "📅 Original date posted:2018-12-10\n📝 Original message:\nHi,\n\n\u003e \u003e We might have to loosen the restrictions a bit how that information is validated of course.\n\n\u003e For the case of Burchert-Decker-Wattenhofer channel factories, a single channel announcement will be done for all channels within the factory, signed off by all of the participants in the channel factory, and we presume that the factory participants have validated that the money owned by who is actually owned by that who. However, each channel within the factory would then need channel updates only signed off by the two direct participants in the channel. When channels within the factory are reorganized, a new announcement will need to be done and signed off on by participants in the factory who performed the reorg.\n\nI was more talking about situations where we *aren't* doing\nBurchert-Decker-Wattenhofer and want (unannounced) subchannels.\nAnother idea is to have peers lie in the channel announcement which\nparticular channel has the funds moving when routing a payment. So\nyou say \"this channel has x msat capacity\" and when other peers\nrequest to route payments through it, the parties already have agreed\nto send it through the unannounced subchannel. Or just leave the\nability to route through unanounced secret subchannels to situations\nwhere you've been given an invoice with a partial path already\nprovided and the sender just \"assumes\" that the payment will work.\n\nIt should be trivial to compose Fulgurite in\nBurchert-Decker-Wattenhofer exactly as-is, and you'd still get all the\nnice scalability benefits.\n\n\u003e Suppose we have a contract with a timelock at time N.\n\u003e And this contract is put inside an update mechanism with CSV requirement of time M.\n\u003e The contract must be cancelled by the participants at time N - M.\n\u003e However, if not cancelled, the contract will be dropped onchain, and its true expiry will still be at time N.\n\u003e In short, the contract changes between offchain (expires at time N - M) and onchain (expires at time N).\n\nTo do that generally would be to have partitions give an optional\n\"must be gone by\" deadline where we should either get rid of the\npartition by then (somehow, we don't actually care) or force the\nchannel on-chain if we're not using a \"timeless\" update mechanism like\nPoon-Dryja. Operations like ExpireHtlc should calculate an earlier\ndeadline at which they'd become accepted, and be the thing to actually\nremove the in-channel HTLC \"the right way\".\n\nComplementary to that, I have the update mechanism update a \"validity\ndeadline\" as a side effect after a state has been re-signed, which\nhelps us to know when to do periodic re-signings.\n\n- Trey Del Bonis\nOn Sat, Dec 8, 2018 at 2:37 PM ZmnSCPxj \u003cZmnSCPxj at protonmail.com\u003e wrote:\n\u003e\n\u003e Good morning Trey,\n\u003e \u003e There's already some amount of trust in the\n\u003e \u003e information you're getting about channels, so I think we have a bit of\n\u003e \u003e flexibility with regard to what we announce to the rest of the\n\u003e \u003e network. We might have to loosen the restrictions a bit how that\n\u003e \u003e information is validated of course.\n\u003e\n\u003e The validation of channel data (other than the fact that it is locked on the blockchain) is simply checking that both sides of the channel have agreed, i.e. signatures from one or both endpoints.\n\u003e That is the only validation necessary, since any details of the channel will be their inviolate demesne; we do not need global consensus for things like what fees the node wants to charge for the use of the channel.\n\u003e Only that the channel truly exists, is the only consensus validation we need.\n\u003e\n\u003e For the case of Burchert-Decker-Wattenhofer channel factories, a single channel announcement will be done for all channels within the factory, signed off by all of the participants in the channel factory, and we presume that the factory participants have validated that the money owned by who is actually owned by that who. However, each channel within the factory would then need channel updates only signed off by the two direct participants in the channel. When channels within the factory are reorganized, a new announcement will need to be done and signed off on by participants in the factory who performed the reorg.\n\u003e\n\u003e Burchert-Decker-Wattenhofer also allows channels to close and then reorganized with only a proper subset of the original factory participants, but this creates even more transactions and possibly greater CSV requirements.\n\u003e\n\u003e\n\u003e \u003e \u003e So it seems to me better to move time-sensitivity to Fulgurite than to higher layers.\n\u003e \u003e \u003e Higher layers can simply be concerned about what contracts it wants to enter into.\n\u003e \u003e \u003e The higher layer informs the Fulgurite layer of the shortest absolute timelock in each contract it enters into.\n\u003e \u003e \u003e The Fulgurite layer then returns to the higher layer the latest blockheight at which it can still safely collapse the Fulgurite system, or an error that the absolute timelock is too near and is already not enforceable at the Fulgurite layer.\n\u003e \u003e\n\u003e \u003e That's a good way to do it. I'll try something like that.\n\u003e\n\u003e Of note, is that the update mechanism can always cancel any contract if all participants in the updateable cryptocurrency system have agreed.\n\u003e\n\u003e One can consider the fulfillment of the hashlock in an HTLC to actually cancel the contract, and put its fund into whoever fulfilled it.\n\u003e Similarly, if the timelock on an HTLC is about to expire, then both sides can agree to simply cancel it back to the beneficiary of the timelock branch.\n\u003e\n\u003e From this point-of-view, then, when the timelock is about to expire, and the other side refuses to sign off on the cancellation, our only remaining remedy is to fail the system and drop to onchain for enforcement.\n\u003e\n\u003e Under Poon-Dryja there is no CSV requirement and the above point-of-view is easy to consider.\n\u003e\n\u003e Under Decker-Wattenhofer and Decker-Russell-Osuntokun, there exists this CSV requirement and this becomes complicated.\n\u003e Suppose we have a contract with a timelock at time N.\n\u003e And this contract is put inside an update mechanism with CSV requirement of time M.\n\u003e The contract must be cancelled by the participants at time N - M.\n\u003e However, if not cancelled, the contract will be dropped onchain, and its true expiry will still be at time N.\n\u003e In short, the contract changes between offchain (expires at time N - M) and onchain (expires at time N).\n\u003e\n\u003e Regards,\n\u003e ZmnSCPxj\n\u003e",
"sig": "aaa924183fa83a77522beef6bfb06b733bc4b04c46cd60ef51fb829c8e4f00e6042178c977c21542d24de73a32bf81a74cc9b0a462e688239e774be6546dbcbd"
}