Return-Path: Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by lists.linuxfoundation.org (Postfix) with ESMTP id A400FC016F for ; Tue, 12 May 2020 10:10:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 9CDFA86B8A for ; Tue, 12 May 2020 10:10:18 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y1lucQefpi3T for ; Tue, 12 May 2020 10:10:17 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54]) by fraxinus.osuosl.org (Postfix) with ESMTPS id E1CD786207 for ; Tue, 12 May 2020 10:09:47 +0000 (UTC) Received: by mail-ed1-f54.google.com with SMTP id s10so10604440edy.9 for ; Tue, 12 May 2020 03:09:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotenna-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=XBBZM94yBWUPA9RoHmlkhec9Z2cKBxiLq+eNuiETUmM=; b=M6Yj9d5yrlG6h8lUMPuuPwLFIwiqdHU7Nl7FL3oUtxbS8sx/cC2kWAMLwjKLJSruXO nbuvqGD9+2lsaa2Sp+93Q+twnymDGpf/XlDC0xFJ8ou81hCwfhcZOxLi4TKhMZs5A1QO auAaHMJEkO+qBHyd4192eJTwBa+t2wrmA4EeSnN0/tuG1dQ/R0jPLcpNqd4P22vXeMl5 Zi/nU0VRctxMp6Kb0eNU60SGu42/fgRj4GfSwfuF6X23kq9vupmlQ9FpC+yA5Z/dxAQ4 hVZdMAtLfaEYGytSl91dvfGyZt4LHJbtQtHpbdaEkauo87MdvEKYvsJNfSdnoKUy07ge ZgxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XBBZM94yBWUPA9RoHmlkhec9Z2cKBxiLq+eNuiETUmM=; b=j/sPwmatVrtac0+RWHupBcI35ODIlYCw4DwlgzayTe3KMIX5SsXxb1EOaVAAMPO6LX sk3Mn4aloMmWXD+NhMsogU+cMH2hqoFuoLXRJ1bwUANqSaK28rVTfK9JEuXjk4roOgR8 8Rzd/xQpmGOkhKGI5GpclzI4gz8RqCoPMmIjO69x3lgTktiXHbkHzmVA7B9oxj14yfSO TXYvcXc7+75i+h6xmefvF79iKmMq9+YE5ZuO4hodBQzQ+09rFajjlW+cHssDZy7lL8LQ OY/QYVzkhwgLy1MmWm9aGUxCd4LyvC2xoF/v0qw6RFrW/gk0UoXtz2eo7iR1ExY2iqPB s56g== X-Gm-Message-State: AGi0PuYGHzK1nvOz7/saKD1Alg32moKfmFF7mpoWPcPT+rrPiMlC1Kcf eTO9hrfTKPXhjeguQWyIpiI59lIpI6yBT0nkjR/M4Q== X-Google-Smtp-Source: APiQypIVnbq5VIqFHXyQP0TBwsGjP9NN71c6/Zkug3hbWE/bRNXTaF86rJsl7O5iBbZQhdBhaZ89JF9TzXb9vTlVcWs= X-Received: by 2002:aa7:dac3:: with SMTP id x3mr17719354eds.379.1589278185514; Tue, 12 May 2020 03:09:45 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Richard Myers Date: Tue, 12 May 2020 12:09:34 +0200 Message-ID: To: ZmnSCPxj Content-Type: multipart/alternative; boundary="000000000000b2831c05a570a96d" X-Mailman-Approved-At: Tue, 12 May 2020 10:50:38 +0000 Cc: Bitcoin Protocol Discussion , "lightning-dev\\\\\\\\@lists.linuxfoundation.org" Subject: Re: [bitcoin-dev] [Lightning-dev] On the scalability issues of onboarding millions of LN mobile clients X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 May 2020 10:10:18 -0000 --000000000000b2831c05a570a96d Content-Type: text/plain; charset="UTF-8" Thanks for sharing your thoughts ZmnSCPxj. I think I can summarize your concern as: A node without direct internet connectivity can not rely on an opportunistically incentivized local network peer for blockchain information because the off-grid node's direct LN peers could collude to not forward the payment. On Mon, May 11, 2020 at 7:44 AM ZmnSCPxj wrote: > > 2) a light client can query an ISP connected full node on the same > unmetered local WiFi network and exchange differences in block headers > opportunistically or pay for large missing ranges of headers, filters or > full blocks using a payment channel. Cost is reduced and privacy is > enhanced for the light client by not using a centralized ISP. Bandwidth for > running the full node can be amortized and subsidized by payments from > light clients who they resell data to. > > A relatively pointless observation, but it seems to me that: > > * The light client is requesting for validation information, because... > * ...its direct peers might be defrauding it, leading to... > * ...the money it *thinks* it has in its channels being valueless. > > Thus, if the light client opportunistically pays for validation > information (whether full blocks, headers, or filters), the direct peers it > has could just as easily not forward any payments, thus preventing the > light client from paying for the validation information. > > Indeed, if the direct peer *is* defrauding the light client, the direct > peer has no real incentive to actually forward *any* payments --- to do so > would be to reduce the possible earnings it gets from defrauding the light > client. > ("Simulating" the payments so that the light client will not suspect > anything runs the risk that the light client will be able to forward all > its money out of the channel, and the cheating peer is still potentially > liable for any funds it originally had in the channel if it gets caught.) > One question I had is: how can a malicious direct payment peer "simulate" a successful payment made by an off-grid victim peer to an information source? The censoring peer wouldn't be able to return the preimage for a payment they failed to forward. Also, since the information provider and off-grid node can presumably communicate via their local network connection, it would be obvious if all of the victims LN peers were failing to forward payments (whether maliciously or due to routing failures) to an information provider they could otherwise communicate with. Any LN payments not monitored by a watchtower that are received by the eclipsed off-grid victim node would be at risk in this attack scenario. Likewise any layer 1 payments they received should be buried under sufficient valid block headers before being relied on. I don't see how a LN node one-step removed from a direct internet connection is at more risk than an internet connected node eclipsed by their ISP, for example. In both cases, failure to get timely blockchain info should trigger warnings to stop accepting payments. > What would work would be to use a system similar to watchtowers, wherein > the validation-information-provider is prepaid and issues tokens that can > be redeemed later. > But this is not suitable for opportunistic on-same-WiFi where, say, a > laptop is running a validation-information-provider-for-payment program on > the same WiFi as a light-client mobile phone, if we consider that the > laptop and mobile may have never met before and may never meet again. > It would work if the laptop altruistically serves the blocks, but not if > it were for (on-Lightning) payment. > There's another problem if we can't rely on a recurring relationship with an information provider besides not being able to prepay for validation information doesn't make sense. We don't want an information provider to collect payments for serving invalid information. Maybe for very small payments this isn't a problem, but ideally validity could be coded into the HTLC. For example, an alternative HTLC construct that only paid for valid 81 B headers that hash to 32 B values with a number of leading zeros committed to by the HTLC. It would make more economic sense for an internet gateway node to serve valid mined header to nodes on their local WiFi network than to create bogus ones with the same (high) amount of work. > So it seems to me that this kind of service is best ridden on top of > watchtower service providers. > Public watchtowers or some sort of HTTP proxy data cache similar to a watchtower makes the most sense to me because they would be expected to be economically motivated and LN payment aware. Full nodes could potentially be incentivized to exchange new data with other nodes in a tit-for-tat way, but I don't expect them to be incentivized by light clients using LN micropayments in a server-client arrangement. Network agents that monetize full node information services beyond channel monitoring would be more than just a "Watchtower" for light clients. Would they be more like incentivized Electrum servers? Are there still privacy concerns when they serve generic/un-personalized headers/filters/blocks to light clients? A personal, altruistic or friends and family watchtower is also possible, but I'm thinking about how light clients without this possibility can be served. Happy new epoch, -- Richard -- Richard Myers Decentralized Applications Engineer, goTenna gotenna.com @gotenna --000000000000b2831c05a570a96d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thanks for sharing your thoughts ZmnSCPxj. I think I = can summarize your concern as: A node without direct internet connectivity = can not rely on an opportunistically incentivized local network peer for bl= ockchain information because the off-grid node's direct LN peers could = collude to not forward the payment.

On Mon, May 11, 2020 at 7:44 = AM ZmnSCPxj <ZmnSCPxj@protonm= ail.com> wrote:
> 2) a=C2=A0light client can query an ISP connected full node on the sam= e unmetered local WiFi network and exchange differences in block headers op= portunistically or pay for large missing ranges of headers, filters or full= blocks using a payment channel. Cost is reduced and privacy=C2=A0is enhanc= ed for the light client by not using a centralized ISP. Bandwidth for runni= ng the full node can be amortized=C2=A0and subsidized by payments from ligh= t clients who they resell data to.

A relatively pointless observation, but it seems to me that:

* The light client is requesting for validation information, because...
* ...its direct peers might be defrauding it, leading to...
* ...the money it *thinks* it has in its channels being valueless.

Thus, if the light client opportunistically pays for validation information= (whether full blocks, headers, or filters), the direct peers it has could = just as easily not forward any payments, thus preventing the light client f= rom paying for the validation information.

Indeed, if the direct peer *is* defrauding the light client, the direct pee= r has no real incentive to actually forward *any* payments --- to do so wou= ld be to reduce the possible earnings it gets from defrauding the light cli= ent.
("Simulating" the payments so that the light client will not susp= ect anything runs the risk that the light client will be able to forward al= l its money out of the channel, and the cheating peer is still potentially = liable for any funds it originally had in the channel if it gets caught.)

One question I had is: how can a malicio= us direct payment peer "simulate" a successful payment made by an= off-grid victim peer to an information source?=C2=A0 The=C2=A0censoring pe= er wouldn't be able to return the preimage for a payment they failed to= forward. Also, since the information provider and off-grid node can presum= ably communicate via their local network connection, it would be obvious if= all of the victims LN peers were failing to forward payments (whether mali= ciously or due to routing failures) to an information provider they could o= therwise communicate with.

Any LN payments not mon= itored by a watchtower that are received by the eclipsed=C2=A0off-grid vict= im node would be at risk in this attack scenario. Likewise any layer 1 paym= ents they received should be buried under sufficient valid block headers be= fore being relied on.

I don't see how a LN nod= e one-step removed from a direct internet connection is at more risk than a= n internet connected node eclipsed by their ISP, for example. In both cases= , failure to get timely blockchain info should trigger warnings to stop acc= epting payments.
=C2=A0
What would work would be to use a system similar to watchtowers, wherein th= e validation-information-provider is prepaid and issues tokens that can be = redeemed later.
But this is not suitable for opportunistic on-same-WiFi where, say, a lapto= p is running a validation-information-provider-for-payment program on the s= ame WiFi as a light-client mobile phone, if we consider that the laptop and= mobile may have never met before and may never meet again.
It would work if the laptop altruistically serves the blocks, but not if it= were for (on-Lightning) payment.

There= 's another problem if we can't rely on a recurring relationship wit= h an information provider besides not being able to prepay for validation i= nformation doesn't make sense. We don't want an information provide= r=C2=A0to collect payments for serving invalid information. Maybe for very = small payments this isn't a problem, but ideally validity could be code= d into the HTLC.

For example, an alternative HTLC = construct that only paid for valid 81 B headers that hash to 32 B values wi= th a number of leading zeros committed to by the HTLC. It would make more = economic sense for an internet gateway node to serve valid mined header to = nodes on their=C2=A0local WiFi network than to create bogus ones with the s= ame (high) amount of work.
=C2=A0
So it seems to me that this kind of service is best ridden on top of watcht= ower service providers.

Public watchtow= ers or some sort of HTTP proxy data cache similar to=C2=A0a watchtower make= s the most sense to me because they would be expected to be economically mo= tivated and LN payment aware. Full nodes could potentially be incentivized= to exchange new data with other nodes in a tit-for-tat way, but I don'= t expect them to be incentivized by light clients using LN micropayments in= a server-client arrangement.

Network agents that = monetize full node information services beyond channel monitoring would be = more than just a "Watchtower" for light clients. Would they be mo= re like incentivized Electrum servers? Are there still privacy concerns whe= n they=C2=A0serve generic/un-personalized headers/filters/blocks to light c= lients?=C2=A0A personal, altruistic or friends and family watchtower is als= o possible, but I'm thinking about how light clients without this possi= bility can be served.

Happy new epoch,
<= br>
=C2=A0 -- Richard

--
Richard Myers
Decentralized Applicati= ons Engineer, goTenna
g= otenna.com
@gotenna
--000000000000b2831c05a570a96d--