📅 Original date posted:2018-05-15
📝 Original message:
Hi Christian, ZmnSCPxj ,
>> - The CSV-encumberance on settlement transactions, which are the ones
>> which carry the contracts in the channel, affects all
>> absolute-timelocked contracts transported on the channel. Compare to
>> Poon-Dryja, where commitment transactions themselves are unencumbered
>> by CSV, and we simply insert the revocation to spends of the contracts
>> being transported (i.e. the reason why we have HTLC-success and
>> HTLC-timeout transactions in BOLT spec).
> True, but as I argued in another mail, this is a fixed offset, that is
> in the same range as today's CLTV deltas for some nodes. So for the
> network of today using eltoo is roughly equivalent of adding another hop
> to our path :-)
Let me think how this is supposed to work (I can't find that other mail
you're referring to):
I assume the HTLC outputs are in the settlement transaction. In case of
a unilateral close while there are HTLCs present, the following sequence
happens:
1. The trigger transaction is broadcasted.
2. One or more update transactions are broadcasted. These are not
affected by the CSV condition and can be confirmed immediately. Once the
last update transaction gets confirmed, its CSV clock for the settlement
transaction starts.
3. The settlement transaction (containing HTLCs) can be broadcasted, but
it will not be confirmed before the CSV time-out of the last update
transaction.
4. At this point, the HTLC conditions become relevant. Before the HTLC
time-out, the receiving side can access the funds with the preimage.
After the timeout, the sending side can access the funds without the
preimage.
If the HTLC time-out is before the start of step 4, then the sending
side can try to get the funds back, even if the preimage was already
released much earlier. For the safety of the receiving side, this
situation must be avoided. So, if T is the (absolute) HTLC time-out
time, S is the CSV time-out period and C is the expected worst-case time
involved in confirming everything, then the receiving side of a HTLC
must drop the channel on-chain before T - S - C. Obviously, HTLCs for
which this time has already passed on creation must be rejected.
Dropping on-chain is no longer needed if the HTLC is removed by a
channel update before T - S - C.
What happens in case of a transaction time-out? Let's number the nodes
0, 1, ... on the route, and Tn the HTLC time-out between nodes n and
n+1. For simplicity, assume the same S+C for all channels. If node n
becomes unresponsive after accepting its incoming HTLC, then two moments
in time are relevant:
* T(n-1)
* T(n-2) - S - C
In case T(n-1) happens first, node n-1 knows it doesn't have to pay
outgoing funds, so it can cooperatively cancel the incoming HTLC. This
will propagate back immediately, keeping all channels open.
In case T(n-2) - S - C happens first, node n-1 has to close its channel
with n-2. On-chain, the HTLC conditions continue to apply, so for the
rest, nothing changes. As soon as T(n-1) is reached, node n-1 knows the
transaction has timed out, but it no longer has a way to propagate this
knowledge to node n-2. For node n-2, two times are relevant:
* T(n-2)
* T(n-3) - S - C
... and the same steps are repeated. In this case, a transaction
time-out leads to closing all channels on the route. This is a major DoS
attack vector, and must be prevented.
Therefore, we must set T(n-1) > T(n-2) - S - C, so the HTLC time-out
increment must be at least S+C.
Theoretically, it seems workable. What would be a practical value for S
(the CSV time-out)? In the absence of watch towers, you'd want to set it
to at least a couple of weeks, to allow yourself to go off-line on
holiday without worrying about computer issues. However, a time-out
increment of a couple of weeks *per hop* for the HTLCs adds up really
quickly to unpractical values. Maybe the conclusion simply is that we
really really need watchtowers? Otherwise, only professional parties
that can manage near-100% uptime can safely perform transaction routing.
CJP
Corné Plooy [ARCHIVE] /
npub1ly…cdx6n
2023-06-09 12:50:22
in reply to nevent1q…d3sd
Author Public Key
npub1ly5vrg5ylhdkxrkj824jhlnfsy2z8fvlg8wcc0jqc4aezma6majsycdx6nPublished at
2023-06-09 12:50:22Event JSON
{
"id": "0c3d43db220044a72e851a27d8ae28570127d9f0acb016c837a81b7b081765c0",
"pubkey": "f928c1a284fddb630ed23aab2bfe69811423a59f41dd8c3e40c57b916fbadf65",
"created_at": 1686315022,
"kind": 1,
"tags": [
[
"e",
"8810a687a398ff4253aa82a57b227d1be6d62119c3d2aac97b46109ae04c407a",
"",
"root"
],
[
"e",
"a935e88023b27bedb5ee83feb19bb82cb23c75f22e09ad1dc27d875857711258",
"",
"reply"
],
[
"p",
"4505072744a9d3e490af9262bfe38e6ee5338a77177b565b6b37730b63a7b861"
]
],
"content": "📅 Original date posted:2018-05-15\n📝 Original message:\nHi Christian, ZmnSCPxj ,\n\n\n\u003e\u003e - The CSV-encumberance on settlement transactions, which are the ones\n\u003e\u003e which carry the contracts in the channel, affects all\n\u003e\u003e absolute-timelocked contracts transported on the channel. Compare to\n\u003e\u003e Poon-Dryja, where commitment transactions themselves are unencumbered\n\u003e\u003e by CSV, and we simply insert the revocation to spends of the contracts\n\u003e\u003e being transported (i.e. the reason why we have HTLC-success and\n\u003e\u003e HTLC-timeout transactions in BOLT spec).\n\u003e True, but as I argued in another mail, this is a fixed offset, that is\n\u003e in the same range as today's CLTV deltas for some nodes. So for the\n\u003e network of today using eltoo is roughly equivalent of adding another hop\n\u003e to our path :-)\n\nLet me think how this is supposed to work (I can't find that other mail\nyou're referring to):\n\nI assume the HTLC outputs are in the settlement transaction. In case of\na unilateral close while there are HTLCs present, the following sequence\nhappens:\n1. The trigger transaction is broadcasted.\n2. One or more update transactions are broadcasted. These are not\naffected by the CSV condition and can be confirmed immediately. Once the\nlast update transaction gets confirmed, its CSV clock for the settlement\ntransaction starts.\n3. The settlement transaction (containing HTLCs) can be broadcasted, but\nit will not be confirmed before the CSV time-out of the last update\ntransaction.\n4. At this point, the HTLC conditions become relevant. Before the HTLC\ntime-out, the receiving side can access the funds with the preimage.\nAfter the timeout, the sending side can access the funds without the\npreimage.\n\nIf the HTLC time-out is before the start of step 4, then the sending\nside can try to get the funds back, even if the preimage was already\nreleased much earlier. For the safety of the receiving side, this\nsituation must be avoided. So, if T is the (absolute) HTLC time-out\ntime, S is the CSV time-out period and C is the expected worst-case time\ninvolved in confirming everything, then the receiving side of a HTLC\nmust drop the channel on-chain before T - S - C. Obviously, HTLCs for\nwhich this time has already passed on creation must be rejected.\nDropping on-chain is no longer needed if the HTLC is removed by a\nchannel update before T - S - C.\n\nWhat happens in case of a transaction time-out? Let's number the nodes\n0, 1, ... on the route, and Tn the HTLC time-out between nodes n and\nn+1. For simplicity, assume the same S+C for all channels. If node n\nbecomes unresponsive after accepting its incoming HTLC, then two moments\nin time are relevant:\n* T(n-1)\n* T(n-2) - S - C\nIn case T(n-1) happens first, node n-1 knows it doesn't have to pay\noutgoing funds, so it can cooperatively cancel the incoming HTLC. This\nwill propagate back immediately, keeping all channels open.\nIn case T(n-2) - S - C happens first, node n-1 has to close its channel\nwith n-2. On-chain, the HTLC conditions continue to apply, so for the\nrest, nothing changes. As soon as T(n-1) is reached, node n-1 knows the\ntransaction has timed out, but it no longer has a way to propagate this\nknowledge to node n-2. For node n-2, two times are relevant:\n* T(n-2)\n* T(n-3) - S - C\n... and the same steps are repeated. In this case, a transaction\ntime-out leads to closing all channels on the route. This is a major DoS\nattack vector, and must be prevented.\n\nTherefore, we must set T(n-1) \u003e T(n-2) - S - C, so the HTLC time-out\nincrement must be at least S+C.\n\nTheoretically, it seems workable. What would be a practical value for S\n(the CSV time-out)? In the absence of watch towers, you'd want to set it\nto at least a couple of weeks, to allow yourself to go off-line on\nholiday without worrying about computer issues. However, a time-out\nincrement of a couple of weeks *per hop* for the HTLCs adds up really\nquickly to unpractical values. Maybe the conclusion simply is that we\nreally really need watchtowers? Otherwise, only professional parties\nthat can manage near-100% uptime can safely perform transaction routing.\n\nCJP",
"sig": "fd332127aceda022a35e27f9ec58f2e0c758b5888c4c1c46d8514a77f2b25b36fb34ec5bfc611665713316b16ae048e73dcdbe105f9ee2c88fddc6a23ab10fbb"
}