Skip to content

Instantly share code, notes, and snippets.

View t-bast's full-sized avatar
https://keybase.io/tbast

Bastien Teinturier t-bast

https://keybase.io/tbast
188 followers · 2 following
View GitHub Profile
@t-bast
t-bast / storing-interactive-tx.md
Created March 13, 2023 16:07
When should we store an `interactive-tx`?

When should we store an interactive-tx?

When using the interactive-tx protocol, we currently store the channel state only after we've sent tx_signatures. This makes sense from a funds safety point of view: the commitment transactions can only be broadcast once we've given our peer the signatures they needed to broadcast the funding transaction first.

But in some cases, this creates an issue where one side has stored the channel state but not the other side. See the following scenario for example (where -->X indicates a message that wasn't received):

  Alice                          Bob
 | |
@t-bast
t-bast / PaymentPacket.scala
Last active December 21, 2022 10:54
Eclair architecture blog post code snippet
/**
* @param cmd command to send the HTLC for this payment.
* @param outgoingChannel channel to send the HTLC to.
* @param sharedSecrets shared secrets (used to decrypt the error in case of payment failure).
*/
case class OutgoingPaymentPacket(cmd: CMD_ADD_HTLC, outgoingChannel: ShortChannelId, sharedSecrets: Seq[(ByteVector32, PublicKey)])
/** Helpers to create outgoing payment packets. */
object OutgoingPaymentPacket {
@t-bast
t-bast / lightning-package-rbf.md
Last active June 23, 2022 08:21
Package RBF lightning samples

Sample lightning transactions using package RBF

This document contains sample fee-bumping scenarios used by lightning nodes to replace a malicious commitment transaction. Commitments transactions in these test cases don't pay any fees. The fee-bumping child (the anchor transaction) spends from one or more commitment transactions and an unrelated wallet transaction (used to add funds).

The actual tests implementing this can be found here.

Basic commitment RBF

@t-bast
t-bast / SIGHASH_ANYAMOUNT.md
Last active May 24, 2022 13:24

A different approach to solve RBF for off-chain contracts

Key observation: on-chain fees for off-chain application settlement should be endogenous, not exogenous. In more plain english, there is no good reason to bring funds from "outside" of an off-chain contract to pay the fees necessary to settle that contract on-chain. Any party in the contract is ready to burn at most their contract balance in on-chain fees, but it wouldn't make sense to burn more, even for a scorched earth strategy. This is something I brought up a while ago in lightning/bolts#845

We could achieve this with an extension to SIGHASH_ANYPREVOUT, which I'm calling SIGHASH_ANYAMOUNT. This could be a flag to complement a SIGHASH_ANYPREVOUT / SIGHASH_ANYPREVOUTANYSCRIPT and add the following behavior:

@t-bast
t-bast / on-chain-vs-off-chain-fee.md
Last active April 26, 2022 07:01
When is it more economical to make an on-chain tx rather than an off-chain one?

Economics of making on-chain vs off-chain payments

The fees for on-chain payments are independent of the payment amount, while the fees for off-chain payments are proportional to the amount sent. It is trivial to compute the amount at which it makes more sense to make an on-chain payment.

Parameters used to compute the following numbers:

  • the weight of a 2 inputs, 2 outputs on-chain transaction using p2wpkh is 836 vbytes
  • a route in the lightning network has roughly a median 1000ppm proportional fee
@t-bast
t-bast / feerate-unconfirmed-ancestors.md
Last active January 28, 2022 07:42
Correctly setting feerate with unconfirmed ancestors 

   Mempool #1
+------------------------------------------------------------------------------+
|                                                                              |
|      1 sat/byte                  1 sat/byte                  1 sat/byte      |
|   +-------------+             +-------------+             +-------------+    |
|   |     tx1     |------------>|     tx2     |------------>|     tx3     |    |
|   +-------------+             +-------------+             +-------------+    |
|                                                                              |
@t-bast
t-bast / bip32-adventures.md
Last active October 20, 2021 09:13
BIP32 adventures

Combining BIP32 keys for fun and profit

We only consider non-hardened children here.

Private parent key → private child key

CKDpriv((kpar, cpar), i) → (ki, ci) computes a child extended private key from the parent extended private key:

  • I = HMAC-SHA512(cpar, serP(point(kpar)) || ser32(i))
  • IL = I[0:32]
@t-bast
t-bast / pinning.md
Created September 21, 2021 15:14
Pinning stuff

Pinning discussion

pinning

@t-bast
t-bast / asymmetrical-feature.md
Created July 9, 2021 12:38
Asymmetrical feature example

Asymmetrical features

Let's explore the following scenario. There is an asymmetrical feature F, with a clear client side and provider side. The client side of the protocol is activated by feature X. The provider side of the protocol is activated by feature Y.

Some nodes want to be a client, but not a provider, and want to connect only to nodes that are providers of this feature. They obviously turn on feature X. Since they are only clients of the feature, they cannot turn on feature Y, so how do they require their peers to support feature Y?

@t-bast
t-bast / trampoline-error.md
Created June 10, 2020 15:55
Description of trampoline error encryption/decryption

Trampoline error encryption

Trampoline nodes apply the same error-wrapping mechanism that's used for normal onions at the trampoline onion level. That means there's simply two layers of error wrapping.

Notations

We note ss(Alice, Bob) the shared secret between Alice and Bob for the outer onion encryption, and tss(Alice, Bob) the shared secret between Alice and Bob