From weintraub.b at northeastern.edu Wed Feb 16 21:01:52 2022 From: weintraub.b at northeastern.edu (Benjamin Weintraub) Date: Wed, 16 Feb 2022 21:01:52 +0000 Subject: [Lightning-dev] Normal operation questions In-Reply-To: References: Message-ID: Hi Laolu! Thanks for the helpful reply. A couple follow up questions: 1) Why would concurrent signatures generate additional messages? My understanding is that by the time the signatures are sent, the HTLCs are already locked in. 2) Perhaps I didn't just understand your explanation, but I still don't get why the additional `commitment_signed` and `revoke_and_ack` messages are necessary. The initial pair of `commitment_signed` and `revoke_and_ack` messages establish a new state _conditioned_ on possessing the pre-image, right? So after the pre-image is shared, then all parties have assurance of the new state and therefore _could_ go to the chain (even if they don't want to, because they want to keep the channel open). Since the new state is already guaranteed by the previous commitments and revocations, what purpose do the additional commitments and revocations provide? Thanks again! Ben -- Ben Weintraub PhD Student Khoury College of Computer Sciences Northeastern University https://ben-weintraub.com/ ________________________________ From: Olaoluwa Osuntokun Sent: Tuesday, February 15, 2022 18:13 To: Benjamin Weintraub Cc: Lightning-dev at lists.linuxfoundation.org Subject: Re: [Lightning-dev] Normal operation questions Hi Benjamin, > 1) Multiple sources indicate that after Alice sends the `update_add_htlc`, > she should then send the `commitment_signed`, but why is it important that > she sends it first (before Bob)? As far as I understand, as long as she > doesn't revoke the old state before Bob commits to the new state, there > shouldn't be a problem. In that case, the order wouldn't matter---they could > even send their commitments concurrently. So does the order matter? You're correct that it isn't absolutely necessary that she sends a new signature after adding a new HTLC to the pending set of HTLCs. Alice may want to delay her signature if she has other HTLCs she wants to add to the commitment transaction, which allows her to batch/pipeline updates to the channel. If Alice is forwarding that HTLC, and Bob's side of the channel has been dormant (not making many updates), then it's her best interest to propose a new state immediately as she may generate some routing fees from a successful forward. Concurrent signatures aren't an issue, but will end up generating additional state transitions for both sides to have the exact same set of locked in HTLCs. > 2) After Bob sends the `update_fulfill_htlc`, both he and Alice exchange > `commitment_signed` and `revoke_and_ack` messages again. Why is this > necessary? After Alice receives the preimage, doesn't she have enough > information to claim her funds (with the new state)? If Bob is sending the pre-image, then _he_ is the one that is claiming the funds. Once Bob learns of the pre-image, he can go to chain if he wants to in order to claim the HTLC. However that'll be a lot slower and also cost more in chain fees than doing an update off-chain to settle the HTLC from the PoV of the commitment transaction of both parties. Both sides exchange those messages in order to update their commitment state _off chain_. Once Alice receives the pre-image (assuming a multi-hop scenario), she can opt to not wait for the full exchange, and instead _pipeline_ the pre-image back upstream in the route. In practice, this can reduce perceived user latency for payments, as you can side step the 1.5 RTTs at each hop in the route, and simply sling the pre-image all the way back to the original sender. -- Laolu On Tue, Feb 15, 2022 at 7:32 AM Benjamin Weintraub > wrote: Hi all, I have a couple questions about the Normal Operation protocol. For the following, consider a single-hop payment between Alice and Bob over a single channel. 1) Multiple sources indicate that after Alice sends the `update_add_htlc`, she should then send the `commitment_signed`, but why is it important that she sends it first (before Bob)? As far as I understand, as long as she doesn't revoke the old state before Bob commits to the new state, there shouldn't be a problem. In that case, the order wouldn't matter---they could even send their commitments concurrently. So does the order matter? 2) After Bob sends the `update_fulfill_htlc`, both he and Alice exchange `commitment_signed` and `revoke_and_ack` messages again. Why is this necessary? After Alice receives the preimage, doesn't she have enough information to claim her funds (with the new state)? Thanks! Ben -- Ben Weintraub PhD Student Khoury College of Computer Sciences Northeastern University https://ben-weintraub.com/ _______________________________________________ Lightning-dev mailing list Lightning-dev at lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: