📅 Original date posted:2016-02-02
📝 Original message:
CJP <cjp at ultimatestunts.nl> writes:
>> > * Message confirmation: this is done manually (instead of relying on
>> > TCP), so that a node knows which messages were received / need to be
>> > re-transmitted, even after a crash + restart.
>>
>> I think the protocol itself needs to be robust against retransmissions.
>> There's no way to know if the other side received your acknowledgement
>> before a crash, so you will always need to handle duplication on
>> re-establishment.
>
> Yes. Amiko Pay does that: It assigns a number to every message, and the
> receiving side can confirm "I've received up to this number".
> Not-yet-confirmed messages will be retransmitted, and the receiving
> sides will ignore duplicates (except it will send a confirmation again,
> in case the previous confirmation was lost).
Yes, I think packet numbers make sense. I encoded the packet length and
order in one single value (ie. byte counter at the end of this packet),
but it's too weird for too little gain IMHO.
>> > * There is not only two-way communication between linked peers, but also
>> > between payer and payee. This is necessary for Amiko Pay's
>> > bi-directional routing, but also useful e.g. for transmitting meta-data
>> > that doesn't fit in a QR code. Amiko Pay transmits an arbitrary-contents
>> > "receipt" from payee to payer; in the future, this might be digitally
>> > signed by the payee, as a "proof of transfer of ownership" of
>> > non-cryptographic goods.
>>
>> I agree. There's room in the initial onion design for payer -> payee
>> messages, but we don't have a channel for responses.
>>
>> I can't see an easy way to implement the payee --> payer comms reliably:
>> to be reliable it would have to be published on-chain in the commit tx.
>> (Which we could do by constructing HTLCs such that they require a blob
>> signed by the payee, but that's tracable ...).
>>
>> Mats and Laolu wanted to add an arbitrary comms protocol layer, but I
>> think that's something we can defer.
>
> In Amiko Pay, payer <-> payee communication is done on a direct TCP
> stream between them. Note that this also reduces latency: once
> transaction locking reaches the payee, the payee knows (s)he's capable
> of claiming the money, and can tell the payer that the payment is
> completed. If reduced latency is in the interest of the payee, this is
> likely to happen.
I think for v1.0 of the protocol we'll be assuming such a channel for
simplicity; that somehow the R hash and route is known by the payer.
> On latency: what latency do you think is needed for different use cases,
> and what can we reach? Does this extra step really make a difference?
>
> My estimate is that we'll typically have 10 hops ("six degrees of
> separation" theory), and 100ms to transmit a message(*) over one hop.
...
> (*) Not counting sending the confirmation back: a node that receives a
> message can immediately forward a message on the next hop; message
> confirmation on the receiving side can occur in parallel.
That's a good point; you can offer the next hop and abort if the prior
hop fails to deliver a signature. Nice, my estimates were double
yours...
> Without reserving, you need to traverse all hops once(**) (the locking
> operation) before payer(***)+payee know that the transaction has
> succeeded. Actual settlement on the channels happens afterwards, but is
> no longer critical for the latency as seen by payer+payee.
>
> With reserving, you need to traverse all hops three times(**), in the
> worst case that the meeting point is on one of the end points of the
> route: once for making the route and reserving funds, once for
> confirming that the route has been established and once for locking.
>
> So, instead of one second, a transaction might take three seconds. Is
> that a game changer? Maybe it is for e.g. public transport access gates,
> where passenger throughput is essential. But then, people could reduce
> latency a lot by having a direct channel with the public transport
> operator.
I worry that higher latency is a centralization pressure, and encourages
people to sacrifice privacy. I don't know where the threshold is,
though, so currently I'm more nervous about complexity :)
Cheers,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 12:45:38
in reply to nevent1q…0xml
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 12:45:38Event JSON
{
"id": "0c6457acaa9278f8ba584799ea0857590fabf5e25a09fa500c852d2ee0576228",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686314738,
"kind": 1,
"tags": [
[
"e",
"771d658c92b68acdc5def78ff79f0e01ddc0e6bfbf6060824e7ed3f8eca99874",
"",
"root"
],
[
"e",
"75f5c85ac69d96933f80fc9780bd8666eee6cba12b43e1e0d52f9dee7414486c",
"",
"reply"
],
[
"p",
"880fa8c3080c3bd98e574cfcd6d6f53fd13e0516c40ea3f46295438b0c07bdf5"
]
],
"content": "📅 Original date posted:2016-02-02\n📝 Original message:\nCJP \u003ccjp at ultimatestunts.nl\u003e writes:\n\u003e\u003e \u003e * Message confirmation: this is done manually (instead of relying on\n\u003e\u003e \u003e TCP), so that a node knows which messages were received / need to be\n\u003e\u003e \u003e re-transmitted, even after a crash + restart.\n\u003e\u003e \n\u003e\u003e I think the protocol itself needs to be robust against retransmissions.\n\u003e\u003e There's no way to know if the other side received your acknowledgement\n\u003e\u003e before a crash, so you will always need to handle duplication on\n\u003e\u003e re-establishment.\n\u003e\n\u003e Yes. Amiko Pay does that: It assigns a number to every message, and the\n\u003e receiving side can confirm \"I've received up to this number\".\n\u003e Not-yet-confirmed messages will be retransmitted, and the receiving\n\u003e sides will ignore duplicates (except it will send a confirmation again,\n\u003e in case the previous confirmation was lost).\n\nYes, I think packet numbers make sense. I encoded the packet length and\norder in one single value (ie. byte counter at the end of this packet),\nbut it's too weird for too little gain IMHO.\n\n\u003e\u003e \u003e * There is not only two-way communication between linked peers, but also\n\u003e\u003e \u003e between payer and payee. This is necessary for Amiko Pay's\n\u003e\u003e \u003e bi-directional routing, but also useful e.g. for transmitting meta-data\n\u003e\u003e \u003e that doesn't fit in a QR code. Amiko Pay transmits an arbitrary-contents\n\u003e\u003e \u003e \"receipt\" from payee to payer; in the future, this might be digitally\n\u003e\u003e \u003e signed by the payee, as a \"proof of transfer of ownership\" of\n\u003e\u003e \u003e non-cryptographic goods.\n\u003e\u003e \n\u003e\u003e I agree. There's room in the initial onion design for payer -\u003e payee\n\u003e\u003e messages, but we don't have a channel for responses.\n\u003e\u003e \n\u003e\u003e I can't see an easy way to implement the payee --\u003e payer comms reliably:\n\u003e\u003e to be reliable it would have to be published on-chain in the commit tx.\n\u003e\u003e (Which we could do by constructing HTLCs such that they require a blob\n\u003e\u003e signed by the payee, but that's tracable ...).\n\u003e\u003e \n\u003e\u003e Mats and Laolu wanted to add an arbitrary comms protocol layer, but I\n\u003e\u003e think that's something we can defer.\n\u003e\n\u003e In Amiko Pay, payer \u003c-\u003e payee communication is done on a direct TCP\n\u003e stream between them. Note that this also reduces latency: once\n\u003e transaction locking reaches the payee, the payee knows (s)he's capable\n\u003e of claiming the money, and can tell the payer that the payment is\n\u003e completed. If reduced latency is in the interest of the payee, this is\n\u003e likely to happen.\n\nI think for v1.0 of the protocol we'll be assuming such a channel for\nsimplicity; that somehow the R hash and route is known by the payer.\n\n\u003e On latency: what latency do you think is needed for different use cases,\n\u003e and what can we reach? Does this extra step really make a difference?\n\u003e\n\u003e My estimate is that we'll typically have 10 hops (\"six degrees of\n\u003e separation\" theory), and 100ms to transmit a message(*) over one hop.\n...\n\u003e (*) Not counting sending the confirmation back: a node that receives a\n\u003e message can immediately forward a message on the next hop; message\n\u003e confirmation on the receiving side can occur in parallel.\n\nThat's a good point; you can offer the next hop and abort if the prior\nhop fails to deliver a signature. Nice, my estimates were double\nyours...\n\n\u003e Without reserving, you need to traverse all hops once(**) (the locking\n\u003e operation) before payer(***)+payee know that the transaction has\n\u003e succeeded. Actual settlement on the channels happens afterwards, but is\n\u003e no longer critical for the latency as seen by payer+payee.\n\u003e\n\u003e With reserving, you need to traverse all hops three times(**), in the\n\u003e worst case that the meeting point is on one of the end points of the\n\u003e route: once for making the route and reserving funds, once for\n\u003e confirming that the route has been established and once for locking.\n\u003e\n\u003e So, instead of one second, a transaction might take three seconds. Is\n\u003e that a game changer? Maybe it is for e.g. public transport access gates,\n\u003e where passenger throughput is essential. But then, people could reduce\n\u003e latency a lot by having a direct channel with the public transport\n\u003e operator.\n\nI worry that higher latency is a centralization pressure, and encourages\npeople to sacrifice privacy. I don't know where the threshold is,\nthough, so currently I'm more nervous about complexity :)\n\nCheers,\nRusty.",
"sig": "351edb6ffae6833879db8394152935d055e0a2e1cde4742d2f29d09af6effdfaf4eae529a0f313b68c532f6f610411b0d91e5e9a22c4e522302b470a4cc09027"
}