📅 Original date posted:2021-10-13
📝 Original message:
On Tue, 12 Oct 2021 at 14:08, Anthony Towns <aj at erisian.com.au> wrote:
>
> If you're willing to accept that "worst case" happening more often, I
> think you could then retain the low latency forwarding, by having the
> transaction structure be:
>
> commitment tx
> input:
> funding tx
> outputs:
> Alice's balance
> (others)
>
> low-latency inflight tx:
> input:
> Alice's balance
> output:
> (1) or (2)
> Alice's remaining balance
>
> Bob claim:
> input:
> (1) [<payment-recovery-delay> CSV bob CHECKSIG]
> output:
> [<bob-revoke> checksigverify <alice> checksig
> ifdup notif <channel-recovery-delay> csv endif]
>
> Too-slow:
> input:
> (2) [<payment-timeout> CLTV alice CHECKSIG]
> output:
> Alice
>
> The idea being:
>
> * Alice sends the low-latency inflight tx which Bob then forwards
> immediately.
>
> * Bob then tries to update the base channel state with Alice, so both
> sides have a commitment to the new payment, and the low-latency
> inflight tx is voided (since it's based on a revoked channel state)
> If this succeeds, everything is fine as usual.
>
> * If Alice is unavailable to confirm that update, Bob closes the
> channel prior to (payment-timeout - payment-recover-delay), and posts
> "Bob claim". After an additional pyment recovery delay (and prior
> to payment-timeout) Bob posts Bob claim, ensuring that the only way
> Alice can claim the funds is if he had posted a revoked state.
>
> * In this case, Alice has at least one payment-recovery-delay period
> prior to the payment-timeout to notice the transaction onchain and
> recover the preimage.
>
> * If Bob posted the low-latency inflight tx later than
> (payment-timeout - payment-recovery-delay) then Alice will have
> payment-recovery-delay time to notice and post the "too-slow" tx and
> claim the funds via the timeout path.
>
> * If Bob posted a revoked state, Alice can also claim the funds via
> Bob claim, provided she notices within the channel-recovery-delay
>
In my mind your "update the base channel state" idea seems to fix
everything by itself. So at T - to_self_delay (or a bit before) you say to
your counterparty "can we lift this HTLC out of your in-flight tx into the
'balance tx' (which will go back to naming a 'commitment tx' since it
doesn't just have balance outputs anymore) so I can use it too? --
otherwise I'll have to close the channel on chain now to force you to
reveal it to me on time?". If they agree, after the revocation and new
commit tx everything is back to (tx symmetric) Poon-Dryja so no need for
extra CSVs. Am I missing something?
I realise this kills some of the elegance of your original protocol and
adds quite a bit of complexity but I think it retains the important
properties.
> That only allows one low-latency payment to be inflight though, which I'm
> not sure is that interesting... It's also kinda complicated, and doesn't
> cover both the low-latency and offline cases, which is disappointing...
>
>
It seems to me lazily lifting the HTLCs into the commitment tx would allow
as many low-latency payments as you want to be in-flight. You would
probably just lift them all up to the commitment tx if you lift one. I
think in the case of nodes that want to keep channel keys offline, having
to go on-chain at T - to_self_delay is not a disaster since it will likely
only be the payment receiver who has their keys offline i.e. the merchant
or end user. So only the last hop would go on chain if the user fails to
claim payment as per usual (just to_self_delay earlier than usual).
Cheers,
LL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20211013/f94a9551/attachment.html>;
Lloyd Fournier [ARCHIVE] /
npub1kh…y05yp
2023-06-09 13:04:10
in reply to nevent1q…r5r0
Author Public Key
npub1khlhcuz0jrjwa0ayznq2q9agg4zvxfvx5x7jljrvwnpfzngrcf0q7y05ypPublished at
2023-06-09 13:04:10Event JSON
{
"id": "214b0834436b5a420bb4be1172d6649292926d421551f860c85f655ff603b340",
"pubkey": "b5ff7c704f90e4eebfa414c0a017a84544c32586a1bd2fc86c74c2914d03c25e",
"created_at": 1686315850,
"kind": 1,
"tags": [
[
"e",
"bfc4ed728b228b9341f3493f5bd7d935423e85bd9d039717f691001784a42238",
"",
"root"
],
[
"e",
"92324a5b1c8f671c8385b1f0552a847d38ebd7df20bbb7bbf8b45c4aba1ae605",
"",
"reply"
],
[
"p",
"f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab"
]
],
"content": "📅 Original date posted:2021-10-13\n📝 Original message:\nOn Tue, 12 Oct 2021 at 14:08, Anthony Towns \u003caj at erisian.com.au\u003e wrote:\n\n\u003e\n\u003e If you're willing to accept that \"worst case\" happening more often, I\n\u003e think you could then retain the low latency forwarding, by having the\n\u003e transaction structure be:\n\u003e\n\u003e commitment tx\n\u003e input:\n\u003e funding tx\n\u003e outputs:\n\u003e Alice's balance\n\u003e (others)\n\u003e\n\u003e low-latency inflight tx:\n\u003e input:\n\u003e Alice's balance\n\u003e output:\n\u003e (1) or (2)\n\u003e Alice's remaining balance\n\u003e\n\u003e Bob claim:\n\u003e input:\n\u003e (1) [\u003cpayment-recovery-delay\u003e CSV bob CHECKSIG]\n\u003e output:\n\u003e [\u003cbob-revoke\u003e checksigverify \u003calice\u003e checksig\n\u003e ifdup notif \u003cchannel-recovery-delay\u003e csv endif]\n\u003e\n\u003e Too-slow:\n\u003e input:\n\u003e (2) [\u003cpayment-timeout\u003e CLTV alice CHECKSIG]\n\u003e output:\n\u003e Alice\n\u003e\n\u003e The idea being:\n\u003e\n\u003e * Alice sends the low-latency inflight tx which Bob then forwards\n\u003e immediately.\n\u003e\n\u003e * Bob then tries to update the base channel state with Alice, so both\n\u003e sides have a commitment to the new payment, and the low-latency\n\u003e inflight tx is voided (since it's based on a revoked channel state)\n\u003e If this succeeds, everything is fine as usual.\n\u003e\n\u003e * If Alice is unavailable to confirm that update, Bob closes the\n\u003e channel prior to (payment-timeout - payment-recover-delay), and posts\n\u003e \"Bob claim\". After an additional pyment recovery delay (and prior\n\u003e to payment-timeout) Bob posts Bob claim, ensuring that the only way\n\u003e Alice can claim the funds is if he had posted a revoked state.\n\u003e\n\u003e * In this case, Alice has at least one payment-recovery-delay period\n\u003e prior to the payment-timeout to notice the transaction onchain and\n\u003e recover the preimage.\n\u003e\n\u003e * If Bob posted the low-latency inflight tx later than\n\u003e (payment-timeout - payment-recovery-delay) then Alice will have\n\u003e payment-recovery-delay time to notice and post the \"too-slow\" tx and\n\u003e claim the funds via the timeout path.\n\u003e\n\u003e * If Bob posted a revoked state, Alice can also claim the funds via\n\u003e Bob claim, provided she notices within the channel-recovery-delay\n\u003e\n\nIn my mind your \"update the base channel state\" idea seems to fix\neverything by itself. So at T - to_self_delay (or a bit before) you say to\nyour counterparty \"can we lift this HTLC out of your in-flight tx into the\n'balance tx' (which will go back to naming a 'commitment tx' since it\ndoesn't just have balance outputs anymore) so I can use it too? --\notherwise I'll have to close the channel on chain now to force you to\nreveal it to me on time?\". If they agree, after the revocation and new\ncommit tx everything is back to (tx symmetric) Poon-Dryja so no need for\nextra CSVs. Am I missing something?\n\nI realise this kills some of the elegance of your original protocol and\nadds quite a bit of complexity but I think it retains the important\nproperties.\n\n\n\u003e That only allows one low-latency payment to be inflight though, which I'm\n\u003e not sure is that interesting... It's also kinda complicated, and doesn't\n\u003e cover both the low-latency and offline cases, which is disappointing...\n\u003e\n\u003e\nIt seems to me lazily lifting the HTLCs into the commitment tx would allow\nas many low-latency payments as you want to be in-flight. You would\nprobably just lift them all up to the commitment tx if you lift one. I\nthink in the case of nodes that want to keep channel keys offline, having\nto go on-chain at T - to_self_delay is not a disaster since it will likely\nonly be the payment receiver who has their keys offline i.e. the merchant\nor end user. So only the last hop would go on chain if the user fails to\nclaim payment as per usual (just to_self_delay earlier than usual).\n\nCheers,\n\nLL\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20211013/f94a9551/attachment.html\u003e",
"sig": "31c05ed0e0f372112b536a80d36cedfa7e6bb5cb4dc373636d3b905f41e3266cb0dd516a80585aebc6cd5922af7f87de4de0409737316f2119c8d2ea863251b9"
}