Dear Antoine and list, I think that another call to discuss jamming would be great. I would suggest making it a repeating call every 2 weeks, starting from Monday the 28th at 7 pm UTC.
Antoine - Thank you for your work! I have a few questions to better understand the details. 1. Are the tokens transferable between users? For example, if Ned is a routing node, and Alice has some of their tokens, can she give these tokens to Bob? If yes - could this lead to the creation of a secondary market? If no - will that slow down the transaction flow that a new node can send? 2. Do you have a recommended policy for the creation of tokens and their use? Ideally, there will be a policy that would mitigate both slow and quick jamming, without harming usability too much. 3. You write "the reputation credentials to liquidity units translation can be severed" - does this mean that the value of the token changes? Is that in the spirit of changing the fees in a channel? If this is the case, can't a routing node "trick" a user into buying many tokens and then bring the price up? 4. How would these tokens work with blinded paths and other privacy-preserving suggestions? Thanks again, Clara On Sun, Nov 20, 2022 at 11:01 PM Antoine Riard <antoine.ri...@gmail.com> wrote: > Hi LN Devs, > > tl;dr A formalization of a reputation-based scheme to solve channel > jamming is proposed. The system relies on "credentials" issued by routing > hops and requested to be attached to each HTLC forward request. The > "credentials" can be used by a reputation algorithm to reward/punish > payment senders and allocate channel liquidity resources efficiently. The > "credentials" initial distribution can be bootstrapped leveraging one-time > upfront fees paid toward the routing hops. Afterwards, the "credentials" > subsequent distribution can rely on previous HTLC traffic. > > A protocol description can be found here, with few extensions already to > the BOLTs: > > https://github.com/lightning/bolts/pull/1043 > > There is also a work-in-progress proof-of-concept in LDK (on top of our > coming soon^TM HTLC intercepting API): > > https://github.com/lightningdevkit/rust-lightning/pull/1848 > > This work builds on previous reputation-scheme research [0] [1]. It also > integrates the more recent proposals of upfront fees as a straightforward > mechanism to bootstrap the reputation system. Bootstrapping the system with > more economically cost-effective privacy-preserving UTXO ownership proofs > not only add another layer of engineering complexity, there is still a > proof size vs proof generation/validation trade-off to arbiter between ZKP > cryptosystems. > > Rather to seek for a game-theory equilibrium defined as a breakeven point > as in the latest unconditional fee research [2], this proposal aims to use > reputation credentials to allow HTLC traffic-shaping. This not only should > protect against jamming situations (either malicious > or spontaneous) but also allow active HTLC traffic-shaping, where a > routing hop can allow extended channel liquidity lockups based on > accumulated reputation (e.g for hold-invoices). This is also a reduced > overhead cost, as upfront fees are only paid at bootstrap, or when the HTLC > forward behavior can be qualified as "whitewashing" from the routing hop > viewpoint. > > It should be noted, this current reputation-credential architectural > framework assumes credentials distribution at the endpoint of the network. > However, the framework should be flexible enough for the credentials to be > harvested by the LSPs, and then distributed in a secondary fashion to their > spokes, when they need it, or even attached transparently thanks to > trampoline. So one design intuition, there is no strong attachment of the > reputation to the endpoint HTLC sender, even if the protocol is described > in a "flat" view for now. > > Let's evaluate quickly this mitigation proposal against a few criterias > emerged from recent research. > > The mitigation is effective, in the sense a routing hop can apply a > proportional relationship between the acquisition of the reputation and the > amount of liquidity resources credited in function of said reputation. In a > period of steady state, the reputation acquisition cost can be downgraded > to 0. In periods of channel congestion, the reputation credentials to > liquidity units translation can be severed, in the limit of routing hop > acceptable competitiveness. > > The mitigation is incentive-compatible, if the credentials are not honored > by their issuers, the HTLC senders can evict them from the routing network > view for a while. The successful usage of credentials can lead to more > credentials allocated for longer and more capacity-intensive channel > lockups. In case of HTLC failure, the failure source could be forgiven by > routing hops to maintain the worthiness of the sender credentials. > > The mitigation can be made transparent from the user, as the credentials > harvesting can be done automatically from a pre-allocated budget, similar > to the fee-bumping reserves requirement introduced by anchor output. At the > end of today, if we take modern browsers as an example, the average user > doesn't check manually the TLS certificates (for what they're worth...). > > The mitigation can conserve high-level privacy, as the usage of blinded > signature (or another equivalent cryptosystem breaking signature/message > linking) should allow the credentials issued during a preliminary phase to > be undistinguishable during the redeem/usage phase. New CPU/memory DoS > vectors due to the credentials processing should be watched out. > > About the ease of implementation, there are few protocol messages to > modify, a HTLC intercepting API is assumed as supported by the > implementation, onion messages support is also implied, landing EC blinded > signature in libsecp256k1-zkp shouldn't be a big deal, routing algorithms > adaptations might be more serious but still reasonable. The > "credentials-to-liquidity" allocation algorithms are likely the new real > beast, though I don't think any reputation scheme can spare them. > > There could be a concern about the centralization inertia introduced by a > reputation system. Intuitively, the argument can be made that any > historical tracking (such as routing buckets) favor established LN > incumbents at the gain of efficiency. A counter-argument can be made, a new > routing hop can lower the acquisition cost of its issued credentials to > attract more HTLC traffic (accepting higher jamming risk). > > On the ecosystem impacts, it should be studied that this proposal would > impact things like inbound channel routing fees [3], ratecard [4] or > flow-control valve [5] and the whole liquidity toolchain. Hopefully, we > don't significantly restrain the design space for future LN protocol > upgrades. > > On the proposal modularity and flexibility, each routing node has > oversight on its routing policy, acquisition methods, credentials to > liquidity rate. New acquisition methods can be experimented or deployed > when ready, e.g stakes certificates with only e2e upgrade. The credentials > themselves could have "innate" expiration time if we use things like > short-lived ZKP [6]. The credentials framework can be extended beyond > solving jamming, as a generalized risk-management framework for Bitcoin > decentralized financial network, e.g transaction signature exchange > ordering in multi-party transactions [7] or finding reliable Coinjoin > counterparties. > > Feedback welcome. > > Cheers, > Antoine > > [0] > https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-November/002884.html > [1] > https://lists.linuxfoundation.org/pipermail/lightning-dev/2022-August/003673.html > [2] > https://lists.linuxfoundation.org/pipermail/lightning-dev/2022-November/003740.html > [3] > https://lists.linuxfoundation.org/pipermail/lightning-dev/2022-July/003643.html > [4] > https://lists.linuxfoundation.org/pipermail/lightning-dev/2022-September/003685.html > [5] > https://lists.linuxfoundation.org/pipermail/lightning-dev/2022-September/003686.html > [6] https://eprint.iacr.org/2022/190.pdf > [7] https://github.com/lightning/bolts/pull/851#issuecomment-1290727242 > _______________________________________________ > Lightning-dev mailing list > Lightning-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev >
_______________________________________________ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev