This document contains sample fee-bumping scenarios used by lightning nodes to replace a malicious commitment transaction. Commitments transactions in these test cases don't pay any fees. The fee-bumping child (the anchor transaction) spends from one or more commitment transactions and an unrelated wallet transaction (used to add funds).
The actual tests implementing this can be found here.
During the recent Oakland Dev Summit, some lightning engineers got together to discuss DoS protection for onion messages. Rusty proposed a very simple rate-limiting scheme that statistically propagates back to the correct sender, which we describe in details below.
Nodes apply per-peer rate limits on incoming onion messages that should be relayed (e.g. N/seconds with some burst tolerance). It is recommended to allow more onion messages from peers with whom you have channels, for example 10/seconds when you have a channel and 1/second when you don't.
Key observation: on-chain fees for off-chain application settlement should be endogenous, not exogenous. In more plain english, there is no good reason to bring funds from "outside" of an off-chain contract to pay the fees necessary to settle that contract on-chain. Any party in the contract is ready to burn at most their contract balance in on-chain fees, but it wouldn't make sense to burn more, even for a scorched earth strategy. This is something I brought up a while ago in lightning/bolts#845
We could achieve this with an extension to SIGHASH_ANYPREVOUT, which I'm calling SIGHASH_ANYAMOUNT.
This could be a flag to complement a SIGHASH_ANYPREVOUT / SIGHASH_ANYPREVOUTANYSCRIPT and add the following behavior:
The fees for on-chain payments are independent of the payment amount, while the fees for off-chain payments are proportional to the amount sent. It is trivial to compute the amount at which it makes more sense to make an on-chain payment.
Parameters used to compute the following numbers:
Mempool #1
+------------------------------------------------------------------------------+
| |
| 1 sat/byte 1 sat/byte 1 sat/byte |
| +-------------+ +-------------+ +-------------+ |
| | tx1 |------------>| tx2 |------------>| tx3 | |
| +-------------+ +-------------+ +-------------+ |
| |
We only consider non-hardened children here.
CKDpriv((kpar, cpar), i) → (ki, ci) computes a child extended private key from the parent extended private key:
Pinning discussion
Let's explore the following scenario. There is an asymmetrical feature F, with a clear client side and provider side. The client side of the protocol is activated by feature X. The provider side of the protocol is activated by feature Y.
Some nodes want to be a client, but not a provider, and want to connect only to nodes that are providers of this feature. They obviously turn on feature X. Since they are only clients of the feature, they cannot turn on feature Y, so how do they require their peers to support feature Y?
Phoenix implements trusted swaps for users' convenience (to allow easy onboarding and offboarding). But it's not a satisfying solution for the following reasons:
Trampoline nodes apply the same error-wrapping mechanism that's used for normal onions at the trampoline onion level. That means there's simply two layers of error wrapping.
We note ss(Alice, Bob) the shared secret between Alice and Bob for the outer onion encryption, and tss(Alice, Bob) the shared secret between Alice and Bob