Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6FE8AAF8 for ; Tue, 1 May 2018 17:07:25 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qt0-f169.google.com (mail-qt0-f169.google.com [209.85.216.169]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id CCDE36E4 for ; Tue, 1 May 2018 17:07:23 +0000 (UTC) Received: by mail-qt0-f169.google.com with SMTP id g13-v6so15250826qth.8 for ; Tue, 01 May 2018 10:07:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=KfGVPbqfziXbf3iY47lAPIW8ZPTfbhu03WAHWAfGAAQ=; b=BWKV6mQ3kXFxUOdAVAWe1pKBi+ChAXs1cKdOnES+khthOAiWWTfIOtchK0kPxb+uUm RM1lPUPEgXICKBikaK8su6XSi3uiXmCu2ZRCvHM/eKVifHr1kD1ij4J4bRtrVXYk41eG /7nFxsnF7041hqLtVnJoPU6bEiBJE6CLO+r4iRy7S7QUhPFNAfqee8EOVjfykdYO1PMR kmgW2gMokECKothY4Vs5CRYAIb0i6uok6fdsfN5OqgbebBlNFTiZwl5j6fvmAj3RS0Cn RNpd7Aqo2H5lv6YkVW5yFwpF423h2T5YhrNMB/ihanUgW19iKV01+cjQdqKsjDUi9Uxg kHSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=KfGVPbqfziXbf3iY47lAPIW8ZPTfbhu03WAHWAfGAAQ=; b=FthCKLLMFAyypHmrnVadRum52TE1OVS06x3I+SfAbpWvqWRV3LawLy3mmdu++0e+or ZAkpFFIMwD8O/0/mSYl7p5xFxp5KWTfZZvp6Jvhbhp9F7vJF2pASk7QSE6yyPzqittZm Oam9MTFUO0Ebf5qiW5kC0HT/ekaX+z/Svzb6xCses7Qdw5WjBMd9bF8XwlxYn03Q+sOG xcy+1epnsp86zFQDaC0WZYM02igVmR4TsoPgGSb0OY0mppKAFF6tWVmMG3+eAsiaY8Rp TVy2bi01akPEDUuXOZAXnM5pJl2xvopB47xxUDGavViKk9uLCJ4aPKhef6m+jwh/7/Sb zsKA== X-Gm-Message-State: ALQs6tBZk9vJSQtIyFRHZRHnBGlud9Q9A8NspcW573Z+h5u8yBOLfSaE r249ZHxiKeXGSIZwdustsZtul8z9h5sKkk8WtmmlY7xc X-Google-Smtp-Source: AB8JxZrp7lWLgJ3nyvKxhPluBo7mFe0Uu2zaSJMm8Tug8t2fz0jmnUaDgMvTGAymp5KIcBLXZHAo0o4U6Nmt4RyAPLg= X-Received: by 2002:ac8:35f0:: with SMTP id l45-v6mr14134245qtb.317.1525194442742; Tue, 01 May 2018 10:07:22 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.50.92 with HTTP; Tue, 1 May 2018 10:07:22 -0700 (PDT) In-Reply-To: <87in87gx0q.fsf@gmail.com> References: <874ljsitvx.fsf@gmail.com> <87vac7hakf.fsf@gmail.com> <87in87gx0q.fsf@gmail.com> From: Jim Posen Date: Tue, 1 May 2018 10:07:22 -0700 Message-ID: To: Christian Decker Content-Type: multipart/alternative; boundary="000000000000f91f89056b2800f2" X-Spam-Status: No, score=-1.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,FREEMAIL_REPLY,HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Tue, 01 May 2018 18:14:17 +0000 Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] eltoo: A Simplified update Mechanism for Lightning and Off-Chain Contracts X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 May 2018 17:07:25 -0000 --000000000000f91f89056b2800f2 Content-Type: text/plain; charset="UTF-8" I'm still not following why this doesn't accumulate. In the example route, let's look at it from the point of view of C. C sees the following regardless of whether D or E or someone behind E is the last hop in the route: B -> HTLC(expire = X + delta) -> C -> HTLC(expire = X) -> D So D is not required to reveal the preimage before time X, and in the case of an on-chain settle, C needs to be able to redeem the HTLC output through the timeout clause before time X + delta. C can't redeem the HTLC (with sufficient confirmations) at least until the settlement transaction is confirmed. So it seems to me that regardless of the overall route and the maximum CSV on it, the delta for the C hop has to be greater than the CSV delay on the update transaction. And that this must be true at every hop for the same reason. On Tue, May 1, 2018 at 9:29 AM, Christian Decker wrote: > Jim Posen writes: > > Can you explain why a fixed offset along the whole circuit is enough to > > ensure safely as opposed to an increased delta at each hop? > > Sure. Let's assume we have chosen a path `A->B->C->D->E`. For simplicity > let's assume they all have a CLTV delta of 144 blocks (lnd's default > setting). Furthermore let's assume that the CSV timeout for the channels > is also 144. > > This means that with the current LN-penalty mechanism you'd have the > following CLTV deltas in the HTLC: > > ``` > A -(576)-> B -(432)-> C -(288)-> D -(144)-> E > ``` > > Meaning that if the current time is approaching the absolute CLTV we > need initiate a channel closure to safely fetch the preimage on-chain, > and be able to turn around and send it on the upstream channel. > > This is minimal, but can be arbitrarily higher, if you follow the best > practice of obfuscating the final destination by building a shadow route > behind the real recipient, and add it's CLTV deltas and fees to your > route. > > With eltoo you'd need to make sure that you have the settlement > transaction confirmed before your desired CLTV timeout delta begins to > count down. So if the CLTV of the HTLC is `now + CSV timeout + CLTV > delta` you need to initiate a close, whereas Lightning allows you to > wait for time `now + CLTV delta`. Effectively this results in the > following time deltas: > > ``` > A -(576+144)-> B -(432+144)-> C -(288+144)-> D -(144+144)-> E > ``` > > Taking the last hop for example, if we had a CLTV of 1000 with eltoo > we'd need to start closing at height 712, instead of 856 with > LN-penalty. However, this increased delta does not accumulate along the > path, it's just a fixed offset. The longer the route, the smaller the > actual impact of this offset. > --000000000000f91f89056b2800f2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I'm still not following why this doesn't accumulat= e.

In the example route, let's look at it from the p= oint of view of C. C sees the following regardles= s of whether D or E or someone behind E is the last hop in the route= :

B -> HTLC(expire =3D X + delta) -> C ->= HTLC(expire =3D X) -> D

So D is not required t= o reveal the preimage before time X, and in the case of an on-chain settle,= C needs to be able to redeem the HTLC output through the timeout clause be= fore time X + delta. C can't redeem the HTLC (with sufficient confirmat= ions) at least until the settlement transaction is confirmed. So it seems t= o me that regardless of the overall route and the maximum CSV on it, the de= lta for the C hop has to be greater than the CSV delay on the update transa= ction. And that this must be true at every hop for the same reason.

On Tue, May 1, 2018 a= t 9:29 AM, Christian Decker <decker.christian@gmail.com> wrote:
Jim Posen &= lt;jim.posen@gmail.com> write= s:
> Can you explain why a fixed offset along the whole circuit is enough t= o
> ensure safely as opposed to an increased delta at each hop?

Sure. Let's assume we have chosen a path `A->B->C->D-&g= t;E`. For simplicity
let's assume they all have a CLTV delta of 144 blocks (lnd's defaul= t
setting). Furthermore let's assume that the CSV timeout for the channel= s
is also 144.

This means that with the current LN-penalty mechanism you'd have the following CLTV deltas in the HTLC:

```
A -(576)-> B -(432)-> C -(288)-> D -(144)-> E
```

Meaning that if the current time is approaching the absolute CLTV we
need initiate a channel closure to safely fetch the preimage on-chain,
and be able to turn around and send it on the upstream channel.

This is minimal, but can be arbitrarily higher, if you follow the best
practice of obfuscating the final destination by building a shadow route behind the real recipient, and add it's CLTV deltas and fees to your route.

With eltoo you'd need to make sure that you have the settlement
transaction confirmed before your desired CLTV timeout delta begins to
count down. So if the CLTV of the HTLC is `now + CSV timeout + CLTV
delta` you need to initiate a close, whereas Lightning allows you to
wait for time `now + CLTV delta`. Effectively this results in the
following time deltas:

```
A -(576+144)-> B -(432+144)-> C -(288+144)-> D -(144+144)-> E ```

Taking the last hop for example, if we had a CLTV of 1000 with eltoo
we'd need to start closing at height 712, instead of 856 with
LN-penalty. However, this increased delta does not accumulate along the
path, it's just a fixed offset. The longer the route, the smaller the actual impact of this offset.

--000000000000f91f89056b2800f2--