📅 Original date posted:2019-04-15
📝 Original message:
Hi all,
This is the first of three related different emails on the topic,
through which I will explain what, to my understanding, is the state of
the construction of channel factories.
First let's have a look at a situation known as a stale factory, or
channel [1], as defined by Ranchal-Pedrosa et al.. For simplicity, let's
consider a channel first. Suppose a DMC channel Alice between Alice and
Bob. This channel must be updated through so-called refunding
transactions R^k_{AB}, where k refers to the state (so initial state
R^0_{AB}, after one payment R^1_{AB}, etc.) and _{AB} refers to both A
and B having already signed the transaction (if a dot appears instead of
A or B, it means there's a signature missing.
The stale channel derives from the fact that either Alice or Bob needs
to sign before their counterparty. Suppose a situation like this:
Alice Bob
| |
|<--R^1_{.B}<--|
|-->R^1_{AB}-->|
... ...
|<--R^k_{.B}<--|
| |
In this situation, Bob does not have a fully signed transaction for the
last state k, whereas Alice may have it (from the point of view of Bob).
That is, even if the message was lost, all Bob knows in the trustless
model is that he signed for something that he did not get a fully signed
transaction back for. So he should believe Alice has the fully signed
transaction and may enforce it if necessary. At the same time though,
Bob can enforce transaction R^{k-1}_{AB}, which he must have, and
therefore finish with the ambiguity by publishing on-chain such state,
should he not be able to communicate with Alice and perform updates anymore.
The stale factory is the same situation, but affecting a new allocation
transaction, as defined by Decker et al.[2], rather than a new refunding
transaction. There are two major differences between a stale factory and
a stale channel:
- In a stale factory, only one user (out of n) can already cause
this situation. That is, even if the remaining n-1 users are active and
online, with one of them not replying back, is enough for Alice to
believe that there's a possibility that one of its counterparties might
have the fully signed new allocation transaction.
- The new allocation transaction may or may not affect a particular
channel in the factory, but if it does then users do not even know in
which channel they have their funds.
Ways to go around these are:
- Try to create a new refunding (or allocation) transaction
R^{k+1}_{AB}. If it fails though, now there are three possible
transactions. Besides, if the channel/factory follows the DMC
construction, the timer reduces yet again.
- Close the channel/factory by publishing it on the Blockchain.
Open for discussion about this situation and its implications. In an
upcoming email I will explain what, to my understanding, is the biggest
problem associated with this situation.
--
Alejandro Ranchal-Pedrosa
[1]: Scalable Lightning Factories for Bitcoin
[2]: Scalable Funding of Bitcoin MicropaymentChannel Networks
Alejandro Ranchal Pedrosa [ARCHIVE] /
npub1zg…6a6wv
2023-06-09 12:54:50
in reply to nevent1q…s6qr
Author Public Key
npub1zgddj2q6cdxjr90emumrlk3npwjz2dunpxye56xent7guheaer4sk6a6wvPublished at
2023-06-09 12:54:50Event JSON
{
"id": "3ffd3b432256febd62896fcc53486fb2ddc24f1ab80f70ef5f422f453a1bc1e0",
"pubkey": "121ad9281ac34d2195f9df363fda330ba425379309899a68d99afc8e5f3dc8eb",
"created_at": 1686315290,
"kind": 1,
"tags": [
[
"e",
"924ebd424b36514b2653d0219b9c10154929068aeb84351aaa227e9db8084c37",
"",
"reply"
],
[
"p",
"9456f7acb763eaab2e02bd8e60cf17df74f352c2ae579dce1f1dd25c95dd611c"
]
],
"content": "📅 Original date posted:2019-04-15\n📝 Original message:\nHi all,\n\nThis is the first of three related different emails on the topic, \nthrough which I will explain what, to my understanding, is the state of \nthe construction of channel factories.\n\nFirst let's have a look at a situation known as a stale factory, or \nchannel [1], as defined by Ranchal-Pedrosa et al.. For simplicity, let's \nconsider a channel first. Suppose a DMC channel Alice between Alice and \nBob. This channel must be updated through so-called refunding \ntransactions R^k_{AB}, where k refers to the state (so initial state \nR^0_{AB}, after one payment R^1_{AB}, etc.) and _{AB} refers to both A \nand B having already signed the transaction (if a dot appears instead of \nA or B, it means there's a signature missing.\n\nThe stale channel derives from the fact that either Alice or Bob needs \nto sign before their counterparty. Suppose a situation like this:\n\nAlice Bob\n\n | |\n\n |\u003c--R^1_{.B}\u003c--|\n\n |--\u003eR^1_{AB}--\u003e|\n\n ... ...\n\n |\u003c--R^k_{.B}\u003c--|\n\n | |\n\nIn this situation, Bob does not have a fully signed transaction for the \nlast state k, whereas Alice may have it (from the point of view of Bob). \nThat is, even if the message was lost, all Bob knows in the trustless \nmodel is that he signed for something that he did not get a fully signed \ntransaction back for. So he should believe Alice has the fully signed \ntransaction and may enforce it if necessary. At the same time though, \nBob can enforce transaction R^{k-1}_{AB}, which he must have, and \ntherefore finish with the ambiguity by publishing on-chain such state, \nshould he not be able to communicate with Alice and perform updates anymore.\n\nThe stale factory is the same situation, but affecting a new allocation \ntransaction, as defined by Decker et al.[2], rather than a new refunding \ntransaction. There are two major differences between a stale factory and \na stale channel:\n\n - In a stale factory, only one user (out of n) can already cause \nthis situation. That is, even if the remaining n-1 users are active and \nonline, with one of them not replying back, is enough for Alice to \nbelieve that there's a possibility that one of its counterparties might \nhave the fully signed new allocation transaction.\n\n - The new allocation transaction may or may not affect a particular \nchannel in the factory, but if it does then users do not even know in \nwhich channel they have their funds.\n\nWays to go around these are:\n\n - Try to create a new refunding (or allocation) transaction \nR^{k+1}_{AB}. If it fails though, now there are three possible \ntransactions. Besides, if the channel/factory follows the DMC \nconstruction, the timer reduces yet again.\n\n - Close the channel/factory by publishing it on the Blockchain.\n\nOpen for discussion about this situation and its implications. In an \nupcoming email I will explain what, to my understanding, is the biggest \nproblem associated with this situation.\n\n-- \nAlejandro Ranchal-Pedrosa\n\n[1]: Scalable Lightning Factories for Bitcoin\n\n[2]: Scalable Funding of Bitcoin MicropaymentChannel Networks",
"sig": "0ddf43a5bf96c17d793a2b93397bb4b7c7d8c0b8275df3d1245a7de4fdbf3b9cca3cb2395b19a641b4b5351e7ed17b19d63fa158c127300bd7ac334d80c5281f"
}