summaryrefslogtreecommitdiff
path: root/eb/7baf9f5d24a23b9e3c0ba2214245e7b6d0de56
blob: c761bd7f6793e5c6a746917302fe499bd5422ca8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
Return-Path: <rich@gotenna.com>
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
 by lists.linuxfoundation.org (Postfix) with ESMTP id A400FC016F
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 12 May 2020 10:10:18 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by fraxinus.osuosl.org (Postfix) with ESMTP id 9CDFA86B8A
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 12 May 2020 10:10:18 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id y1lucQefpi3T
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 12 May 2020 10:10:17 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com
 [209.85.208.54])
 by fraxinus.osuosl.org (Postfix) with ESMTPS id E1CD786207
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 12 May 2020 10:09:47 +0000 (UTC)
Received: by mail-ed1-f54.google.com with SMTP id s10so10604440edy.9
 for <bitcoin-dev@lists.linuxfoundation.org>;
 Tue, 12 May 2020 03:09:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gotenna-com.20150623.gappssmtp.com; s=20150623;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=XBBZM94yBWUPA9RoHmlkhec9Z2cKBxiLq+eNuiETUmM=;
 b=M6Yj9d5yrlG6h8lUMPuuPwLFIwiqdHU7Nl7FL3oUtxbS8sx/cC2kWAMLwjKLJSruXO
 nbuvqGD9+2lsaa2Sp+93Q+twnymDGpf/XlDC0xFJ8ou81hCwfhcZOxLi4TKhMZs5A1QO
 auAaHMJEkO+qBHyd4192eJTwBa+t2wrmA4EeSnN0/tuG1dQ/R0jPLcpNqd4P22vXeMl5
 Zi/nU0VRctxMp6Kb0eNU60SGu42/fgRj4GfSwfuF6X23kq9vupmlQ9FpC+yA5Z/dxAQ4
 hVZdMAtLfaEYGytSl91dvfGyZt4LHJbtQtHpbdaEkauo87MdvEKYvsJNfSdnoKUy07ge
 ZgxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=XBBZM94yBWUPA9RoHmlkhec9Z2cKBxiLq+eNuiETUmM=;
 b=j/sPwmatVrtac0+RWHupBcI35ODIlYCw4DwlgzayTe3KMIX5SsXxb1EOaVAAMPO6LX
 sk3Mn4aloMmWXD+NhMsogU+cMH2hqoFuoLXRJ1bwUANqSaK28rVTfK9JEuXjk4roOgR8
 8Rzd/xQpmGOkhKGI5GpclzI4gz8RqCoPMmIjO69x3lgTktiXHbkHzmVA7B9oxj14yfSO
 TXYvcXc7+75i+h6xmefvF79iKmMq9+YE5ZuO4hodBQzQ+09rFajjlW+cHssDZy7lL8LQ
 OY/QYVzkhwgLy1MmWm9aGUxCd4LyvC2xoF/v0qw6RFrW/gk0UoXtz2eo7iR1ExY2iqPB
 s56g==
X-Gm-Message-State: AGi0PuYGHzK1nvOz7/saKD1Alg32moKfmFF7mpoWPcPT+rrPiMlC1Kcf
 eTO9hrfTKPXhjeguQWyIpiI59lIpI6yBT0nkjR/M4Q==
X-Google-Smtp-Source: APiQypIVnbq5VIqFHXyQP0TBwsGjP9NN71c6/Zkug3hbWE/bRNXTaF86rJsl7O5iBbZQhdBhaZ89JF9TzXb9vTlVcWs=
X-Received: by 2002:aa7:dac3:: with SMTP id x3mr17719354eds.379.1589278185514; 
 Tue, 12 May 2020 03:09:45 -0700 (PDT)
MIME-Version: 1.0
References: <CALZpt+GBPbf+Pgctm5NViNons50aQs1RPQkEo3FW5RM4fL9ztA@mail.gmail.com>
 <CAO3Pvs8rkouxQY912VW04pmn-hdAhMNL_6E_nXDmkeibBegwkA@mail.gmail.com>
 <CALZpt+H1OOhrOXUMO7Fn_9Vgx8_sNPAshdd8+euAT_NWgd7uqA@mail.gmail.com>
 <CACJVCgL4fAs7-F2O+T-gvTbpjsHhgBrU73FaC=EUHG5iTi2m2Q@mail.gmail.com>
 <dcn-zTdD8PQxsZoDJtOP90GBPqRXKuCwYkvkOWeoJmArexkFapaA1M_xLONcoM6qTVh7nJCbmBCOvUQYobI_WPbC5deMOgfytSRi1zIgJ_o=@protonmail.com>
In-Reply-To: <dcn-zTdD8PQxsZoDJtOP90GBPqRXKuCwYkvkOWeoJmArexkFapaA1M_xLONcoM6qTVh7nJCbmBCOvUQYobI_WPbC5deMOgfytSRi1zIgJ_o=@protonmail.com>
From: Richard Myers <rich@gotenna.com>
Date: Tue, 12 May 2020 12:09:34 +0200
Message-ID: <CACJVCgKG9w8n7TzN3jdzirEYUMJq7YezYLhg_h00B8ELfoN9-g@mail.gmail.com>
To: ZmnSCPxj <ZmnSCPxj@protonmail.com>
Content-Type: multipart/alternative; boundary="000000000000b2831c05a570a96d"
X-Mailman-Approved-At: Tue, 12 May 2020 10:50:38 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>,
 "lightning-dev\\\\\\\\@lists.linuxfoundation.org"
 <lightning-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [Lightning-dev] On the scalability issues of
 onboarding millions of LN mobile clients
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
 <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 10:10:18 -0000

--000000000000b2831c05a570a96d
Content-Type: text/plain; charset="UTF-8"

Thanks for sharing your thoughts ZmnSCPxj. I think I can summarize your
concern as: A node without direct internet connectivity can not rely on an
opportunistically incentivized local network peer for blockchain
information because the off-grid node's direct LN peers could collude to
not forward the payment.

On Mon, May 11, 2020 at 7:44 AM ZmnSCPxj <ZmnSCPxj@protonmail.com> wrote:

> > 2) a light client can query an ISP connected full node on the same
> unmetered local WiFi network and exchange differences in block headers
> opportunistically or pay for large missing ranges of headers, filters or
> full blocks using a payment channel. Cost is reduced and privacy is
> enhanced for the light client by not using a centralized ISP. Bandwidth for
> running the full node can be amortized and subsidized by payments from
> light clients who they resell data to.
>
> A relatively pointless observation, but it seems to me that:
>
> * The light client is requesting for validation information, because...
> * ...its direct peers might be defrauding it, leading to...
> * ...the money it *thinks* it has in its channels being valueless.
>
> Thus, if the light client opportunistically pays for validation
> information (whether full blocks, headers, or filters), the direct peers it
> has could just as easily not forward any payments, thus preventing the
> light client from paying for the validation information.
>
> Indeed, if the direct peer *is* defrauding the light client, the direct
> peer has no real incentive to actually forward *any* payments --- to do so
> would be to reduce the possible earnings it gets from defrauding the light
> client.
> ("Simulating" the payments so that the light client will not suspect
> anything runs the risk that the light client will be able to forward all
> its money out of the channel, and the cheating peer is still potentially
> liable for any funds it originally had in the channel if it gets caught.)
>

One question I had is: how can a malicious direct payment peer "simulate" a
successful payment made by an off-grid victim peer to an information
source?  The censoring peer wouldn't be able to return the preimage for a
payment they failed to forward. Also, since the information provider and
off-grid node can presumably communicate via their local network
connection, it would be obvious if all of the victims LN peers were failing
to forward payments (whether maliciously or due to routing failures) to an
information provider they could otherwise communicate with.

Any LN payments not monitored by a watchtower that are received by the
eclipsed off-grid victim node would be at risk in this attack scenario.
Likewise any layer 1 payments they received should be buried under
sufficient valid block headers before being relied on.

I don't see how a LN node one-step removed from a direct internet
connection is at more risk than an internet connected node eclipsed by
their ISP, for example. In both cases, failure to get timely blockchain
info should trigger warnings to stop accepting payments.


> What would work would be to use a system similar to watchtowers, wherein
> the validation-information-provider is prepaid and issues tokens that can
> be redeemed later.
> But this is not suitable for opportunistic on-same-WiFi where, say, a
> laptop is running a validation-information-provider-for-payment program on
> the same WiFi as a light-client mobile phone, if we consider that the
> laptop and mobile may have never met before and may never meet again.
> It would work if the laptop altruistically serves the blocks, but not if
> it were for (on-Lightning) payment.
>

There's another problem if we can't rely on a recurring relationship with
an information provider besides not being able to prepay for validation
information doesn't make sense. We don't want an information provider to
collect payments for serving invalid information. Maybe for very small
payments this isn't a problem, but ideally validity could be coded into the
HTLC.

For example, an alternative HTLC construct that only paid for valid 81 B
headers that hash to 32 B values with a number of leading zeros committed
to by the HTLC. It would make more economic sense for an internet gateway
node to serve valid mined header to nodes on their local WiFi network than
to create bogus ones with the same (high) amount of work.


> So it seems to me that this kind of service is best ridden on top of
> watchtower service providers.
>

Public watchtowers or some sort of HTTP proxy data cache similar to a
watchtower makes the most sense to me because they would be expected to be
economically motivated and LN payment aware. Full nodes could potentially
be incentivized to exchange new data with other nodes in a tit-for-tat way,
but I don't expect them to be incentivized by light clients using LN
micropayments in a server-client arrangement.

Network agents that monetize full node information services beyond channel
monitoring would be more than just a "Watchtower" for light clients. Would
they be more like incentivized Electrum servers? Are there still privacy
concerns when they serve generic/un-personalized headers/filters/blocks to
light clients? A personal, altruistic or friends and family watchtower is
also possible, but I'm thinking about how light clients without this
possibility can be served.

Happy new epoch,

  -- Richard

-- 
Richard Myers
Decentralized Applications Engineer, goTenna
gotenna.com
@gotenna

--000000000000b2831c05a570a96d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Thanks for sharing your thoughts ZmnSCPxj. I think I =
can summarize your concern as: A node without direct internet connectivity =
can not rely on an opportunistically incentivized local network peer for bl=
ockchain information because the off-grid node&#39;s direct LN peers could =
collude to not forward the payment.</div><div><br></div><div class=3D"gmail=
_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Mon, May 11, 2020 at 7:44 =
AM ZmnSCPxj &lt;<a href=3D"mailto:ZmnSCPxj@protonmail.com">ZmnSCPxj@protonm=
ail.com</a>&gt; wrote:</div><blockquote class=3D"gmail_quote" style=3D"marg=
in:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1e=
x">
&gt; 2) a=C2=A0light client can query an ISP connected full node on the sam=
e unmetered local WiFi network and exchange differences in block headers op=
portunistically or pay for large missing ranges of headers, filters or full=
 blocks using a payment channel. Cost is reduced and privacy=C2=A0is enhanc=
ed for the light client by not using a centralized ISP. Bandwidth for runni=
ng the full node can be amortized=C2=A0and subsidized by payments from ligh=
t clients who they resell data to.<br>
<br>
A relatively pointless observation, but it seems to me that:<br>
<br>
* The light client is requesting for validation information, because...<br>
* ...its direct peers might be defrauding it, leading to...<br>
* ...the money it *thinks* it has in its channels being valueless.<br>
<br>
Thus, if the light client opportunistically pays for validation information=
 (whether full blocks, headers, or filters), the direct peers it has could =
just as easily not forward any payments, thus preventing the light client f=
rom paying for the validation information.<br>
<br>
Indeed, if the direct peer *is* defrauding the light client, the direct pee=
r has no real incentive to actually forward *any* payments --- to do so wou=
ld be to reduce the possible earnings it gets from defrauding the light cli=
ent.<br>
(&quot;Simulating&quot; the payments so that the light client will not susp=
ect anything runs the risk that the light client will be able to forward al=
l its money out of the channel, and the cheating peer is still potentially =
liable for any funds it originally had in the channel if it gets caught.)<b=
r></blockquote><div><br></div><div>One question I had is: how can a malicio=
us direct payment peer &quot;simulate&quot; a successful payment made by an=
 off-grid victim peer to an information source?=C2=A0 The=C2=A0censoring pe=
er wouldn&#39;t be able to return the preimage for a payment they failed to=
 forward. Also, since the information provider and off-grid node can presum=
ably communicate via their local network connection, it would be obvious if=
 all of the victims LN peers were failing to forward payments (whether mali=
ciously or due to routing failures) to an information provider they could o=
therwise communicate with.</div><div><br></div><div>Any LN payments not mon=
itored by a watchtower that are received by the eclipsed=C2=A0off-grid vict=
im node would be at risk in this attack scenario. Likewise any layer 1 paym=
ents they received should be buried under sufficient valid block headers be=
fore being relied on.</div><div><br></div><div>I don&#39;t see how a LN nod=
e one-step removed from a direct internet connection is at more risk than a=
n internet connected node eclipsed by their ISP, for example. In both cases=
, failure to get timely blockchain info should trigger warnings to stop acc=
epting payments.</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" st=
yle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padd=
ing-left:1ex">
What would work would be to use a system similar to watchtowers, wherein th=
e validation-information-provider is prepaid and issues tokens that can be =
redeemed later.<br>
But this is not suitable for opportunistic on-same-WiFi where, say, a lapto=
p is running a validation-information-provider-for-payment program on the s=
ame WiFi as a light-client mobile phone, if we consider that the laptop and=
 mobile may have never met before and may never meet again.<br>
It would work if the laptop altruistically serves the blocks, but not if it=
 were for (on-Lightning) payment.<br></blockquote><div><br></div><div>There=
&#39;s another problem if we can&#39;t rely on a recurring relationship wit=
h an information provider besides not being able to prepay for validation i=
nformation doesn&#39;t make sense. We don&#39;t want an information provide=
r=C2=A0to collect payments for serving invalid information. Maybe for very =
small payments this isn&#39;t a problem, but ideally validity could be code=
d into the HTLC.</div><div><br></div><div>For example, an alternative HTLC =
construct that only paid for valid 81 B headers that hash to 32 B values wi=
th a  number of leading zeros committed to by the HTLC. It would make more =
economic sense for an internet gateway node to serve valid mined header to =
nodes on their=C2=A0local WiFi network than to create bogus ones with the s=
ame (high) amount of work.</div><div>=C2=A0</div><blockquote class=3D"gmail=
_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204=
,204);padding-left:1ex">
So it seems to me that this kind of service is best ridden on top of watcht=
ower service providers.<br></blockquote><div><br></div><div>Public watchtow=
ers or some sort of HTTP proxy data cache similar to=C2=A0a watchtower make=
s the most sense to me because they would be expected to be economically mo=
tivated and LN payment aware.  Full nodes could potentially be incentivized=
 to exchange new data with other nodes in a tit-for-tat way, but I don&#39;=
t expect them to be incentivized by light clients using LN micropayments in=
 a server-client arrangement.</div><div><br></div><div>Network agents that =
monetize full node information services beyond channel monitoring would be =
more than just a &quot;Watchtower&quot; for light clients. Would they be mo=
re like incentivized Electrum servers? Are there still privacy concerns whe=
n they=C2=A0serve generic/un-personalized headers/filters/blocks to light c=
lients?=C2=A0A personal, altruistic or friends and family watchtower is als=
o possible, but I&#39;m thinking about how light clients without this possi=
bility can be served.</div><div><br></div><div>Happy new epoch,</div><div><=
br></div><div>=C2=A0 -- Richard</div><div><br></div></div>-- <br><div dir=
=3D"ltr" class=3D"gmail_signature">Richard Myers<br>Decentralized Applicati=
ons Engineer, goTenna<br><a href=3D"http://gotenna.com" target=3D"_blank">g=
otenna.com</a><br>@gotenna</div></div>

--000000000000b2831c05a570a96d--