-
Notifications
You must be signed in to change notification settings - Fork 491
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trampoline Routing (2021 edition) (Feature 56/57) #829
base: master
Are you sure you want to change the base?
Conversation
Hi @t-bast can you please link to |
https://github.com/lightningnetwork/lightning-rfc/blob/trampoline-routing-no-gossip/proposals/trampoline.md is the best way to read it (with github's markdown viewer). |
Regarding trampoline invoices: Do you suggest to create a new tagged field for |
@ecdsa the proposed spec has a new tagged field |
Yes, I think it's better to introduce a new one, tailored for trampoline. |
Very nice proposal, can't wait to see this in action. The onion A rationale that I couldn't find, but I think Acinq are using this for I just have the following points that I am still a bit unclear on:
|
This is true. However, attackers have no control on what channels will be used to relay with trampoline, so this would be a blind attack against the whole network rather than targetting specific nodes (which is still concerning).
I think we want to introduce a different, more flexible invoice routing hint. Let's explore the advantages and drawbacks of using the current routing hints (let me know if I'm missing important points there):
It's also important to note that to receive trampoline payments, the recipient still needs to upgrade his software to support trampoline onion decryption, so it's a good opportunity to implement a new routing hint format at the same time. The advantages and drawbacks of using new routing hints are:
To exemplify the argument that the design space for recipient privacy would be bigger, I've been toying with the idea of short-lived tor-like circuits between mobile wallet recipients and trampoline nodes.
Obviously if Bob uses a mobile wallet with private channels, Carol and Dave know that he is the final recipient when forwarding payments to him (frequent IP address changes, offline most of the time, etc). Of course, this idea is very hand-wavy for now and has a lot of holes (and maybe route blinding works better and achieves the same results), so please don't poke at it too much yet, you will find issues, but that's not the point. I'm mentioning it because it shows how more flexible routing hints can provide a wider design space for recipients, which is important IMO. |
The current proposal adds a single new failure message, The current Eclair implementation seems to return |
The previous proposal had a It is true that we may rely on trial-and-error and the
I think the proposal should clarify whether the values returned in the error message are relative to the current payment, or independent of the payment. (note that I have a slight preference for fixed values. If these values depend on the payment, clients might have to do more trial-and-error in order to discover them, which might result in more htlcs flying around) |
If it does that, it's a bug. It should only do that for small payments to phoenix wallets that don't have enough incoming liquidity (and thus need a new channel opened on-the-fly). For other cases it should return I think the errors returned should be the following:
Of course, trampoline nodes may also use other errors such as
I decided to remove that mechanism because it wasn't working well: it's impossible to correctly estimate fees for all possible payments. It will force clients to overpay too often, or will still need a trial-and-error when you try to minimize the overpayment. I'm now more in favour of the trial-and-error approach, where I think this approach is the most flexible one: we should leave some room for implementations to make different choices, to ensure we have a diverse network. |
In practice, wallets will be compelled to include both I guess the data in |
Yes, that's true. And the transition period during which both will be required will likely last months (hopefully not years though as non-trampoline wallets will have an incentive to migrate to the new routing hints, even if they don't want to support trampoline). I think these new routing hints will solve a few issues that the current routing hints have, so people would upgrade to use them regardless of trampoline, and once that's done the size overhead will be somewhat negligible.
They will be different for cases where current |
It seems to me like this proposal should be split into two: one that
This looks like a new requirement to me, since the last trampoline
We can totally do that as well, however I think upgrading the
Is this not orthogonal to the original trampoline proposal? I don't
Reusing an existing error code seems wrong to me Overall I think two smaller proposals with a single feature being |
Sounds good, I'll keep the current PR open and up-to-date for people who want
I don't see any satisfactory way of doing that... That's why I want to avoid having that scenario in the spec and prefer doing E2E If you find a satisfying way of achieving that I'm interested, but I don't think
That's a reasonable objection, I'll make a separate PR.
I mentioned this simply as an example to show that it allows a larger design
Sure, we can do that, it's more explicit that way. |
Like I said above, it would be useful to have distinct error numbers for In the first case, Trampoline A does not know about Trampoline B, and the sender should not ask TA to forward to TB again. In the second case, the sender will know that TA failed to forward a certain amount to TB, but it may be able to forward a different amount right now, or the same amount later. Perhaps even more granularity is desirable. If TA fails to find a path to TB, it might return the "capacity" it believes it can send to TB in the error message. |
I integrated all these requirements in the trampoline onion PR, let's discuss it there: #836. |
dbe2bcf
to
b80370d
Compare
This proposal allows nodes running on constrained devices to sync only a small portion of the network and leverage trampoline nodes to calculate the missing parts of the payment route. The main idea is to use layered onions: a normal onion contains a smaller onion for the last hop of the route, and that smaller onion contains routing information to reach the next trampoline hop.
b80370d
to
03e9309
Compare
This proposal allows nodes running on constrained devices to sync only a small portion of the network and leverage trampoline nodes to calculate the missing parts of the payment route while providing the same privacy as fully source-routed payments.
The main idea is to use layered onions: a normal onion contains a smaller onion for the last hop of the route, and that smaller onion contains routing information about the next trampoline hop.
This PR provides a high-level view of trampoline routing, where concepts and designs are presented in a more user-friendly format than formal spec work. This document lets reviewers see the big picture and how all the pieces work together. It also contains pretty detailed examples that should give reviewers some intuition about the subtle low-level details.
Then reviewers can move on to #836 which contains the usual spec format for the onion construction: this is where we'll work on the nitty-gritty details.
This PR supercedes #654 based on what we learnt after 1 year running trampoline in production in Phoenix and many discussions with @ecdsa while Electrum worked on their own trampoline implementation. The important changes are:
cltv_expiry_delta
that must be used for the last trampoline hopcltv_expiry_delta
: since senders need at most two trampoline hops to protect their privacy (and in some cases, only one trampoline hop), this retry-on-failure approach doesn't add too much latency in practice