đź“… Original date posted:2022-06-29
đź“ť Original message:
Hi Michael,
Thanks for the transcript and the questions, especially those you asked in Gleb's original Erlay presentation.
I tried to cover a lot of ground in only 30 minutes and the finer points may have suffered. The most significant difference in concern between bitcoin transaction relay and lightning gossip may be one of privacy: Source nodes of Bitcoin transactions have an interest in privacy (avoid trivially triangulating the source.) Lightning gossip is already signed by and linked to a node ID - the source is completely transparent by nature. The lack of a timing concern would allow for a global sketch where it would have been infeasible for Erlay (among other reasons such as DoS.)
> Why are hash collisions a concern for Lightning gossip and not for Erlay? Is it not a DoS vector for both?
If lightning gossip were encoded for minisketch entries with the short_channel_id, it would create a unique fingerprint by default thanks to referencing the unique funding transaction on chain - no hashing required. This was Rusty's original concept and what I had been proceeding with. However, given the ongoing privacy discussion and desire to eventually decouple lightning channels from their layer one funding transaction (gossip v2), I think we should prepare for a future in which channels are not explicitly linked to a SCID. That means hashing just as in Erlay and the same DoS vector would be present. Salting with a per-peer shared secret works here, but the solution is driven back toward inventory sets.
> It seems you are leaning towards per-peer sketches with inventory sets (like Erlay) rather than global sketches.
​
Yes. There are pros and cons to each method, but most critically, this would be compatible with eventual removal of the SCID.
> Erlay falls back to flooding if the set reconciliation algorithm doesn't work which I'm assuming you'll do with Lightning gossip.
Fallback will take some consideration (Erlay's bisect is an elegant feature), but yes, flooding is still the ultimate fallback.
> I was also surprised to hear that channel_update made up 97 percent of gossip messages. Isn't it recommended that you don't make too changes to your channel as it is likely to result in failed routed payments and being dropped as a routing node for future payments? It seems that this advice isn't being followed if there are so many channel_update messages being sent around. I almost wonder if Lightning implementations should include user prompts like "Are you sure you want to update your channel given this may affect your routing success?" :)
Running the numbers, I currently see 15,761 public nodes on the network and 148,295 half channels. Those each need refreshed gossip every two weeks. By default that would result in 90% channel updates. That we're seeing roughly three times as many channel updates vs node announcements compared to what's strictly required is maybe not that surprising. I agree, there would be a benefit to nodes taking a more active role in tracking calls to broadcast gossip.
Thanks,
Alex
------- Original Message -------
On Wednesday, June 29th, 2022 at 6:09 AM, Michael Folkson <michaelfolkson at protonmail.com> wrote:
> Thanks for this Alex.
>
> Here's a transcript of your recent presentation at Bitcoin++ on Minisketch and Lightning gossip:
>
> https://btctranscripts.com/bitcoinplusplus/2022/2022-06-07-alex-myers-minisketch-lightning-gossip/
>
> Having followed Gleb's work on using Minisketch for Erlay in Bitcoin Core [0] for a while now I was especially interested in how the challenges of using Minisketch for Lightning gossip (node_announcement, channel_announcement, channel_update messages) would differ to the challenges of using Minisketch for transaction relay on the base layer.
>
> I guess one of the major differences is full nodes are trying to verify a block every 10 minutes (on average) and so there is a sense of urgency to get the transactions of the next block to be mined. With Lightning gossip unless you are planning to send a payment (or route a payment) across a certain route you are less concerned about learning about the current state of the network urgently. If a new channel pops up you might choose not to route through it regardless given its "newness" and its lack of track record of successfully routing payments. There are parts of the network you care less about (if they can't help you get to your regular destinations say) whereas with transaction relay you have to care about all transactions (paying a sufficient fee rate).
>
> "The problem that Bitcoin faced with transaction relay was pretty similar but there are a few differences.For one, any time you introduce that short hash function that produces a 64 bit fingerprint you have to be concerned with collisions between hash functions. Someone could potentially take advantage of that and grind out a hash that would resolve to the same fingerprint."
>
> Could you elaborate on this? Why are hash collisions a concern for Lightning gossip and not for Erlay? Is it not a DoS vector for both?
>
> It seems you are leaning towards per-peer sketches with inventory sets (like Erlay) rather than global sketches. This makes sense to me and seems to be moving in a direction where your peer connections are more stable as you are storing data on what your peer's understanding of the network is. There could even be centralized APIs which allow you to compare your current understanding of the network to the centralized service's understanding. (Of course we don't want to have to rely on centralized services or bake them into the protocol if you don't want to use them.) Erlay falls back to flooding if the set reconciliation algorithm doesn't work which I'm assuming you'll do with Lightning gossip.
>
> I was also surprised to hear that channel_update made up 97 percent of gossip messages. Isn't it recommended that you don't make too changes to your channel as it is likely to result in failed routed payments and being dropped as a routing node for future payments? It seems that this advice isn't being followed if there are so many channel_update messages being sent around. I almost wonder if Lightning implementations should include user prompts like "Are you sure you want to update your channel given this may affect your routing success?" :)
>
> Thanks
> Michael
>
> P.S. Are we referring to "routing nodes" as "forwarding nodes" now? I've noticed "forwarding nodes" being used more recently on this list.
>
> [0]: https://github.com/bitcoin/bitcoin/pull/21515
>
> --
> Michael Folkson
> Email: michaelfolkson at [protonmail.com](http://protonmail.com/)
> Keybase: michaelfolkson
> PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3
>
> ------- Original Message -------
> On Thursday, April 14th, 2022 at 22:00, Alex Myers <alex at endothermic.dev> wrote:
>
>> Hello lightning developers,
>>
>> I’ve been investigating set reconciliation as a means to reduce bandwidth and redundancy of gossip message propagation. This builds on some earlier work from Rusty using the minisketch library [1]. The idea is that each node will build a sketch representing it’s own gossip set. Alice’s node will encode and transmit this sketch to Bob’s node, where it will be merged with his own sketch, and the differences produced. These differences should ideally be exactly the latest missing gossip of both nodes. Due to size constraints, the set differences will necessarily be encoded, but Bob’s node will be able to identify which gossip Alice is missing, and may then transmit exactly those messages.
>>
>> This process is relatively straightforward, with the caveat that the sets must otherwise match very closely (each sketch has a maximum capacity for differences.) The difficulty here is that each node and lightning implementation may have its own rules for gossip acceptance and propagation. Depending on their gossip partners, not all gossip may propagate to the entire network.
>>
>> Core-lightning implements rate limiting for incoming channel updates and node announcements. The default rate limit is 1 per day, with a burst of 4. I analyzed my node’s gossip over a 14 day period, and found that, of all publicly broadcasting half-channels, 18% of them fell afoul of our spam-limiting rules at least once. [2]
>>
>> Picking several offending channel ids, and digging further, the majority of these appear to be flapping due to Tor or otherwise intermittent connections. Well connected nodes may be more susceptible to this due to more frequent routing attempts, and failures resulting in a returned channel update (which otherwise might not have been broadcast.)A slight relaxation of the rate limit resolves the majority of these cases.
>>
>> A smaller subset of channels broadcast frequent channel updates with minor adjustments to htlc_maximum_msat and fee_proportional_millionths parameters. These nodes appear to be power users, with many channels and large balances. I assume this is automated channel management at work.
>>
>> Core-Lightning has updated rate-limiting in the upcoming release to achieve a higher acceptance of incoming gossip, however, it seems that a broader discussion of rate limits may now be worthwhile. A few immediate ideas:
>>
>> - A common listing of current default rate limits across lightning network implementations.
>>
>> - Internal checks of RPC input to limit or warn of network propagation issues if certain rates are exceeded.
>>
>> - A commonly adopted rate-limit standard.
>>
>> My aim is a set reconciliation gossip type, which will use a common, simple heuristic to accept or reject a gossip message. (Think one channel update per block, or perhaps one per block_height << 5.) See my github for my current draft. [3] This solution allows tighter consensus, yet suffers from the same problem as original anti-spam measures – it remains somewhat arbitrary. I would like to start a conversation regarding gossip propagation, channel_update and node_announcement usage, and perhaps even bandwidth goals for syncing gossip in the future (how about a million channels?) This would aid in the development of gossip set reconciliation, but could also benefit current node connection and routing reliability more generally.
>>
>> Thanks,
>>
>> Alex
>>
>> [1] https://github.com/sipa/minisketch
>>
>> [2] https://github.com/endothermicdev/lnspammityspam/blob/main/sampleoutput.txt
>>
>> [3] https://github.com/endothermicdev/lightning-rfc/blob/gossip-minisketch/07-routing-gossip.md#set-reconciliation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20220629/0f3f5ed9/attachment-0001.html>;
Alex Myers [ARCHIVE] /
npub122…cglef
2023-06-09 13:06:29
in reply to nevent1q…9nw7
Author Public Key
npub122mq8nr4y7m8r5trdfygs2qj8tn72lddalkrksvzmal3x3y9gfhqxcglefPublished at
2023-06-09 13:06:29Event JSON
{
"id": "28b07dca7d240d3ebdeb607dfa269410a1eb217e9792e09cd8cbd5369002b384",
"pubkey": "52b603cc7527b671d1636a488828123ae7e57dadefec3b4182df7f134485426e",
"created_at": 1686315989,
"kind": 1,
"tags": [
[
"e",
"cff79ae98dff23a0ab7fa49004132aa5150005730e747a5a82e279c40a8f4b77",
"",
"root"
],
[
"e",
"aa1dfef7c7f5ec7e11d95fca23b0a7e2c5562df51774e187fbd180c4641f8be8",
"",
"reply"
],
[
"p",
"7c4981f0d3c5eec97631de273b25b6435f0f33e0fa6cce270ddd3f3b8797d26a"
]
],
"content": "📅 Original date posted:2022-06-29\n📝 Original message:\nHi Michael,\n\nThanks for the transcript and the questions, especially those you asked in Gleb's original Erlay presentation.\n\nI tried to cover a lot of ground in only 30 minutes and the finer points may have suffered. The most significant difference in concern between bitcoin transaction relay and lightning gossip may be one of privacy: Source nodes of Bitcoin transactions have an interest in privacy (avoid trivially triangulating the source.) Lightning gossip is already signed by and linked to a node ID - the source is completely transparent by nature. The lack of a timing concern would allow for a global sketch where it would have been infeasible for Erlay (among other reasons such as DoS.)\n\n\u003e Why are hash collisions a concern for Lightning gossip and not for Erlay? Is it not a DoS vector for both?\n\nIf lightning gossip were encoded for minisketch entries with the short_channel_id, it would create a unique fingerprint by default thanks to referencing the unique funding transaction on chain - no hashing required. This was Rusty's original concept and what I had been proceeding with. However, given the ongoing privacy discussion and desire to eventually decouple lightning channels from their layer one funding transaction (gossip v2), I think we should prepare for a future in which channels are not explicitly linked to a SCID. That means hashing just as in Erlay and the same DoS vector would be present. Salting with a per-peer shared secret works here, but the solution is driven back toward inventory sets.\n\n\u003e It seems you are leaning towards per-peer sketches with inventory sets (like Erlay) rather than global sketches.\n\n​\nYes. There are pros and cons to each method, but most critically, this would be compatible with eventual removal of the SCID.\n\n\u003e Erlay falls back to flooding if the set reconciliation algorithm doesn't work which I'm assuming you'll do with Lightning gossip.\n\nFallback will take some consideration (Erlay's bisect is an elegant feature), but yes, flooding is still the ultimate fallback.\n\n\u003e I was also surprised to hear that channel_update made up 97 percent of gossip messages. Isn't it recommended that you don't make too changes to your channel as it is likely to result in failed routed payments and being dropped as a routing node for future payments? It seems that this advice isn't being followed if there are so many channel_update messages being sent around. I almost wonder if Lightning implementations should include user prompts like \"Are you sure you want to update your channel given this may affect your routing success?\" :)\n\nRunning the numbers, I currently see 15,761 public nodes on the network and 148,295 half channels. Those each need refreshed gossip every two weeks. By default that would result in 90% channel updates. That we're seeing roughly three times as many channel updates vs node announcements compared to what's strictly required is maybe not that surprising. I agree, there would be a benefit to nodes taking a more active role in tracking calls to broadcast gossip.\n\nThanks,\nAlex\n\n------- Original Message -------\nOn Wednesday, June 29th, 2022 at 6:09 AM, Michael Folkson \u003cmichaelfolkson at protonmail.com\u003e wrote:\n\n\u003e Thanks for this Alex.\n\u003e\n\u003e Here's a transcript of your recent presentation at Bitcoin++ on Minisketch and Lightning gossip:\n\u003e\n\u003e https://btctranscripts.com/bitcoinplusplus/2022/2022-06-07-alex-myers-minisketch-lightning-gossip/\n\u003e\n\u003e Having followed Gleb's work on using Minisketch for Erlay in Bitcoin Core [0] for a while now I was especially interested in how the challenges of using Minisketch for Lightning gossip (node_announcement, channel_announcement, channel_update messages) would differ to the challenges of using Minisketch for transaction relay on the base layer.\n\u003e\n\u003e I guess one of the major differences is full nodes are trying to verify a block every 10 minutes (on average) and so there is a sense of urgency to get the transactions of the next block to be mined. With Lightning gossip unless you are planning to send a payment (or route a payment) across a certain route you are less concerned about learning about the current state of the network urgently. If a new channel pops up you might choose not to route through it regardless given its \"newness\" and its lack of track record of successfully routing payments. There are parts of the network you care less about (if they can't help you get to your regular destinations say) whereas with transaction relay you have to care about all transactions (paying a sufficient fee rate).\n\u003e\n\u003e \"The problem that Bitcoin faced with transaction relay was pretty similar but there are a few differences.For one, any time you introduce that short hash function that produces a 64 bit fingerprint you have to be concerned with collisions between hash functions. Someone could potentially take advantage of that and grind out a hash that would resolve to the same fingerprint.\"\n\u003e\n\u003e Could you elaborate on this? Why are hash collisions a concern for Lightning gossip and not for Erlay? Is it not a DoS vector for both?\n\u003e\n\u003e It seems you are leaning towards per-peer sketches with inventory sets (like Erlay) rather than global sketches. This makes sense to me and seems to be moving in a direction where your peer connections are more stable as you are storing data on what your peer's understanding of the network is. There could even be centralized APIs which allow you to compare your current understanding of the network to the centralized service's understanding. (Of course we don't want to have to rely on centralized services or bake them into the protocol if you don't want to use them.) Erlay falls back to flooding if the set reconciliation algorithm doesn't work which I'm assuming you'll do with Lightning gossip.\n\u003e\n\u003e I was also surprised to hear that channel_update made up 97 percent of gossip messages. Isn't it recommended that you don't make too changes to your channel as it is likely to result in failed routed payments and being dropped as a routing node for future payments? It seems that this advice isn't being followed if there are so many channel_update messages being sent around. I almost wonder if Lightning implementations should include user prompts like \"Are you sure you want to update your channel given this may affect your routing success?\" :)\n\u003e\n\u003e Thanks\n\u003e Michael\n\u003e\n\u003e P.S. Are we referring to \"routing nodes\" as \"forwarding nodes\" now? I've noticed \"forwarding nodes\" being used more recently on this list.\n\u003e\n\u003e [0]: https://github.com/bitcoin/bitcoin/pull/21515\n\u003e\n\u003e --\n\u003e Michael Folkson\n\u003e Email: michaelfolkson at [protonmail.com](http://protonmail.com/)\n\u003e Keybase: michaelfolkson\n\u003e PGP: 43ED C999 9F85 1D40 EAF4 9835 92D6 0159 214C FEE3\n\u003e\n\u003e ------- Original Message -------\n\u003e On Thursday, April 14th, 2022 at 22:00, Alex Myers \u003calex at endothermic.dev\u003e wrote:\n\u003e\n\u003e\u003e Hello lightning developers,\n\u003e\u003e\n\u003e\u003e I’ve been investigating set reconciliation as a means to reduce bandwidth and redundancy of gossip message propagation. This builds on some earlier work from Rusty using the minisketch library [1]. The idea is that each node will build a sketch representing it’s own gossip set. Alice’s node will encode and transmit this sketch to Bob’s node, where it will be merged with his own sketch, and the differences produced. These differences should ideally be exactly the latest missing gossip of both nodes. Due to size constraints, the set differences will necessarily be encoded, but Bob’s node will be able to identify which gossip Alice is missing, and may then transmit exactly those messages.\n\u003e\u003e\n\u003e\u003e This process is relatively straightforward, with the caveat that the sets must otherwise match very closely (each sketch has a maximum capacity for differences.) The difficulty here is that each node and lightning implementation may have its own rules for gossip acceptance and propagation. Depending on their gossip partners, not all gossip may propagate to the entire network.\n\u003e\u003e\n\u003e\u003e Core-lightning implements rate limiting for incoming channel updates and node announcements. The default rate limit is 1 per day, with a burst of 4. I analyzed my node’s gossip over a 14 day period, and found that, of all publicly broadcasting half-channels, 18% of them fell afoul of our spam-limiting rules at least once. [2]\n\u003e\u003e\n\u003e\u003e Picking several offending channel ids, and digging further, the majority of these appear to be flapping due to Tor or otherwise intermittent connections. Well connected nodes may be more susceptible to this due to more frequent routing attempts, and failures resulting in a returned channel update (which otherwise might not have been broadcast.)A slight relaxation of the rate limit resolves the majority of these cases.\n\u003e\u003e\n\u003e\u003e A smaller subset of channels broadcast frequent channel updates with minor adjustments to htlc_maximum_msat and fee_proportional_millionths parameters. These nodes appear to be power users, with many channels and large balances. I assume this is automated channel management at work.\n\u003e\u003e\n\u003e\u003e Core-Lightning has updated rate-limiting in the upcoming release to achieve a higher acceptance of incoming gossip, however, it seems that a broader discussion of rate limits may now be worthwhile. A few immediate ideas:\n\u003e\u003e\n\u003e\u003e - A common listing of current default rate limits across lightning network implementations.\n\u003e\u003e\n\u003e\u003e - Internal checks of RPC input to limit or warn of network propagation issues if certain rates are exceeded.\n\u003e\u003e\n\u003e\u003e - A commonly adopted rate-limit standard.\n\u003e\u003e\n\u003e\u003e My aim is a set reconciliation gossip type, which will use a common, simple heuristic to accept or reject a gossip message. (Think one channel update per block, or perhaps one per block_height \u003c\u003c 5.) See my github for my current draft. [3] This solution allows tighter consensus, yet suffers from the same problem as original anti-spam measures – it remains somewhat arbitrary. I would like to start a conversation regarding gossip propagation, channel_update and node_announcement usage, and perhaps even bandwidth goals for syncing gossip in the future (how about a million channels?) This would aid in the development of gossip set reconciliation, but could also benefit current node connection and routing reliability more generally.\n\u003e\u003e\n\u003e\u003e Thanks,\n\u003e\u003e\n\u003e\u003e Alex\n\u003e\u003e\n\u003e\u003e [1] https://github.com/sipa/minisketch\n\u003e\u003e\n\u003e\u003e [2] https://github.com/endothermicdev/lnspammityspam/blob/main/sampleoutput.txt\n\u003e\u003e\n\u003e\u003e [3] https://github.com/endothermicdev/lightning-rfc/blob/gossip-minisketch/07-routing-gossip.md#set-reconciliation\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20220629/0f3f5ed9/attachment-0001.html\u003e",
"sig": "b958fe0d941492c23aabcf1d1713a1e22c6c464af74be20b741deb01e4ff298c2625063f9b5b960f157e29f4509c74b51c336ca1ada0668d0d248a99df37be45"
}