Good morning again list, particularly cdecker who is the "Decker" in
Decker-Wattenhofer,
Below is some numbers for implementing a sidepool using Decker-Wattenhofer, in
case `SIGHASH_NOINPUT` so we can do Decker-Russell-Osuntokun takes two more
years.
First, I should note that ***if*** we deploy something like this using
Decker-Wattenhofer decrementing-`nSequence` mechanisms, we need the following
numbers:
number_of_stages: The number of nested decrementing-nSequence stages
steps_per_stage: The number of steps from the starting nSequence of one
stage to the lowest nSequence=0, inclusive
blocks_per_step: The number of blocks from one step to the next.
These numbers all kind-of suck in the following ways:
`number_of_stages` plus 1 is the number of transactions that need to be
confirmed in case of a unilateral close.
The "plus 1" here is due to the "kickoff transaction" which initiates the
unilateral close and start the relative `nSequence` timers, and cannot itself
be one of the stages of the nested decrementing-`nSequence` mechanisms.
`steps_per_stage` raised to the `number_of_stages` is the maximum number of
updates.
Once the mechanism saturates, we *need* to do an onchain operation.
This can just be a "no-op splice" where we just spend the current funding txout
into a new funding txout with a refreshed mechanism starting from state 0.
`blocks_per_step` is the maximum amount of time that a participant can safely
be offline during a unilateral close.
If a participant is offline for longer than this period, the other participants
may present an older state where the offline participant has less money.
`number_of_stages` times (`steps_per_stage` minus 1) times `blocks_per_step` is
the longest time that a unilateral close will take.
Due to the number of updates being `steps_per_stage` ***raised*** to
`number_of_stages`, if we halve the number of stages (to reduce onchain
footprint in the unilateral close case) we need to *square* `steps_per_stage`,
which greatly increases the longest time the unilateral close will take.
For example, suppose we set:
number_of_stages = 8
steps_per_stage = 2
blocks_per_step = 144 (1 day)
Then:
* The worst case is that a unilateral close will lock up funds for 8 days (8 *
144 blocks).
Unilateral closes *may* take shorter than that.
* A participant cannot be offline for longer than 144 blocks
* The mechanism can only support 256 (2 to the 8) updates.
* Note that a swap requires two updates: one to offer the HTLC, the second to
claim or reject it.
However, a single update can service multiple swaps in parallel; they just
have to all happen simultaneously.
* The above implies that number of swaps is half of the number of updates.
Now, for the specific case of `steps_per_stage = 2`, if we halve the
`number_of_stages` we need to square `steps_per_stage`, and squaring that is
just `steps_per_stage = 4`.
Thus the halving of the `number_of_stages` is cancelled out by the squaring of
`steps_per_stage`, implying that `steps_per_stage = 4` is optimal.
Beyond that, further halvings of the `number_of_stages` will cause squarings of
the `steps_per_stage` to retain the small number of updates and greatly
increase the worst-case lock-up time in a unilateral close.
--
The point of the sidepools mechanism is that it is another settlement layer on
top of the blockchain layer, which we hope is cheaper than just using the
blockchain.
Then we have direct-on-blockchain published channels, and if the channels
become grossly imbalanced, participants can initiate a "swap party" on the
sidepool.
In a "swap party" the participants then try to move their imbalanced channels
back to balance by offering HTLCs on the sidepool.
All of the sidepool-offerred HTLCs are then bundled into a single update of the
sidepool.
Then, the channels put a "reverse" HTLC in the opposite direction, and the
preimages are sent in the channel.
Once the channel-side HTLCs are fulfilled or failed, the participants can then
bundle all the claims and failures on the sidepool side in a second update.
(Each is basically a peerswap with your counterparties, except that the "other
side" of the peerswap is inside the sidepool instead of in a blockchain layer.
This is also amenable to "forwardable peerswaps" as well, and should be
designed as such)
Then, the sidepool enters a "moratorium" period during which another swap party
cannot be initiated.
Alternatively, swap parties can be scheduled at fixed regular intervals, which
might be easier for institutional nodes --- maintenance actions such as updates
and regular shutdowns can be scheduled so that they do not coincide with swap
parties.
For example, swap parties might be scheduled at 00:00 UTC every day.
If swap parties are done once per day, then a 256-update mechanism can last for
128 days, which is just slightly more than 3 months.
Having to do one onchain tranaction per 3 months in order to "reset" the
mechanism sounds like a reasonable deal to me; the alternative is to perform
HTLCs about once a day on the blockchain layer for each channel you want to
update at the same rate.
Regards,
ZmnSCPxj
_______________________________________________
Lightning-dev mailing list
[email protected]
https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev
