Let's consider the following setup:
cltv_expiry_delta for the blinded path:
cltv_expiry_delta of every hopcltv_expiry_delta = 10 in the encrypted_recipient_data for Ccltv_expiry_delta = 15 in the encrypted_recipient_data for Dmin_final_expiry_delta (let's use 5)
The current swap-in flow for Phoenix uses the following steps:
Representing message flows for lightning protocols is hard, because we're not using turn-based protocols: peers may be sending messages at the same time. It is very useful though to find a suitable way of representing protocol flows, to be able to discuss edge cases and implement the corresponding test cases.
The following diagram perfectly represents the fact that messages can be interleaved. There is no way to misinterpret it since Bolt 8 guarantees that messages are ordered. But it is hard for the reader to match a received message with the place where it was sent.
This gist details various splicing protocol flows as they are currently implemented in eclair.
We detail the exact flow of messages for each scenario, which should help the review process.
We call "active commitments" the set of valid commitment transactions to which updates (update_add_htlc, update_fulfill_htlc, update_fail_htlc, update_fail_malformed_htlc, update_fee) must be applied.
While a funding transaction is unconfirmed, updates must be valid for all active commitments.
interactive-tx?When using the interactive-tx protocol, we currently store the channel state only after we've sent tx_signatures.
This makes sense from a funds safety point of view: the commitment transactions can only be broadcast once we've given our peer the signatures they needed to broadcast the funding transaction first.
But in some cases, this creates an issue where one side has stored the channel state but not the other side. See the following scenario for example (where -->X indicates a message that wasn't received):
Alice Bob
| |
| /** | |
| * @param cmd command to send the HTLC for this payment. | |
| * @param outgoingChannel channel to send the HTLC to. | |
| * @param sharedSecrets shared secrets (used to decrypt the error in case of payment failure). | |
| */ | |
| case class OutgoingPaymentPacket(cmd: CMD_ADD_HTLC, outgoingChannel: ShortChannelId, sharedSecrets: Seq[(ByteVector32, PublicKey)]) | |
| /** Helpers to create outgoing payment packets. */ | |
| object OutgoingPaymentPacket { |
This document contains sample fee-bumping scenarios used by lightning nodes to replace a malicious commitment transaction. Commitments transactions in these test cases don't pay any fees. The fee-bumping child (the anchor transaction) spends from one or more commitment transactions and an unrelated wallet transaction (used to add funds).
The actual tests implementing this can be found here.
During the recent Oakland Dev Summit, some lightning engineers got together to discuss DoS protection for onion messages. Rusty proposed a very simple rate-limiting scheme that statistically propagates back to the correct sender, which we describe in details below.
Nodes apply per-peer rate limits on incoming onion messages that should be relayed (e.g. N/seconds with some burst tolerance). It is recommended to allow more onion messages from peers with whom you have channels, for example 10/seconds when you have a channel and 1/second when you don't.
Key observation: on-chain fees for off-chain application settlement should be endogenous, not exogenous. In more plain english, there is no good reason to bring funds from "outside" of an off-chain contract to pay the fees necessary to settle that contract on-chain. Any party in the contract is ready to burn at most their contract balance in on-chain fees, but it wouldn't make sense to burn more, even for a scorched earth strategy. This is something I brought up a while ago in lightning/bolts#845
We could achieve this with an extension to SIGHASH_ANYPREVOUT, which I'm calling SIGHASH_ANYAMOUNT.
This could be a flag to complement a SIGHASH_ANYPREVOUT / SIGHASH_ANYPREVOUTANYSCRIPT and add the following behavior:
The fees for on-chain payments are independent of the payment amount, while the fees for off-chain payments are proportional to the amount sent. It is trivial to compute the amount at which it makes more sense to make an on-chain payment.
Parameters used to compute the following numbers: