Future Evolutions

LN: Future Evolutions

Gabriel Comte

Bitcoin is a living system!

Bitcoin is a living system!

  • Bitcoin is changing
  • It is involving
  • It is a work in progress
  • Lightning even more so

Dual-funded channels

What are they?

Dual-funded channels

  • Both channel parties contribute funds
  • Send and receive funds immediately
  • First dual-funded channel by Blockstream engineers
  • Version 2 channel establishment protocol

Requires

  • Finding willing and liquid channel partner
  • Channel opening markets
  • Leaking UTXO privacy
  • Protocol for agreeing on amounts

Status

Questions?

Questions about dual-funding?

Splicing

Any ideas?

Splicing

Current situation

Skipping intermediate TX

Updating channel

Decrease channel size!

Increase channel size!

On-chain <> LN interoperability

On-chain <> LN interoperability

Status

Questions?

Questions splicing?

Eltoo

Ever heard of it?

Eltoo

  • New update mechanism

Eltoo

  • New update mechanism
  • Replacement for the penalty TX
  • "Satoshi's nSequence scheme done right"
  • Paper by Decker, Russell, Osuntokun
  • Name: Derived from english 'L2' (Layer 2)

Setup

Channel state 1

Channel state 1

Channel state 2

Close channel

Close channel

Allowed ordering

Prevented orderingl

Malicious attempt

Attack prevention

Eltoo advantages

  • Removed security issue: Publish old state
  • Symmetric channel states
  • Only last channel state required

SIGHASH_ANYPREVOUT

Draft: BIP 118

Previously SIGHASH_NO_INPUT

Info page

Requires a soft fork

... community is not in consensus about it

Questions?

Questions about eltoo?

BOLT 12

Who has heard about Lightning offers?

BOLT 11 limitations

  • Inflexible payment flow
    • Receiver initiated
    • Receiver defines amount
    • Receiver needs to craft invoice manually
  • Invoices are not reusable
  • more

LNURL solves issues

  • LNURL-pay
  • LNURL-withdraw
  • Over HTTP
  • Requires web server

BOLT 12

  • Over LN itself
  • Publish an offer
  • Publish an invoice_request

Questions?

Questions about BOLT 12?

Recap: History of Atomic Routing

Routing privacy

Blinded Paths

What could that be?

Blinded Paths

  • Successor of 'rendez-vous routing'
  • Protect receiver privacy

'Regular' payments

Blinded-paths

Blinded-paths

Questions?

Questions about blinded paths?

Taproot & MuSig (Schnorr)

  • Cryptographic tricks
  • Omit some data from TX's
  • Smaller on-chain TXs
  • Better privacy
  • LN Tx may look like regular TX

LN TX

  • Multiple signatures
  • Hash lock
  • Time lock
  • HTLC

Regular TX

Transaction was signed by Key X

PTLC Routing

Ever heard of PTLCs?

PTLC Routing

  • Successor to HTLCs
  • Point TimeLocked Contract
  • Uses adaptor signatures
  • Based on Schnorr signatures

PTLC Routing

  • Use a point (PubKey) rather than hash lock
  • Point can be aggregated with other key point
  • Unilateral close path becomes smaller
  • No shared secret amongst all hops
  • No payment correlation between hops
  • Preimage as proof of payment
  • Stuckless payments

Questions?

Questions about PTLCs?

Channel Factories

¿Quién sabe?

Channel Factories

Payment channels that can spawn other payment channels

Hypothetical multiparty channel

  • 4-of-4 mulitsig
  • Alice, Bob, Carol, Dave
  • Everybody can transact with everybody!
  • New channel states require signature from everyone

Spawn 2-of-2 channels

  • Use 4-of-4 not directly as payment channels
  • Craft 2-of-2 outputs
  • Don't broadcast
  • Use 2-of-2 as regular channels
  • 2-of-2 "channel close" is just moving 4-of-4 to a new state (off-chain)

Visualization

Change channel situation

Advantages

  • Quick and seamless channel openings
  • Quick and seamless channel changes
  • Saving on-chain fees
  • More flexible capital allocation

Drawbacks

  • Dependence of many factory partners
  • If 1 party vanishes / misbehaves, factory close

Questions?

Questions about channel factories?

Watchtowers

¿Qué son?

Watchtowers

Inofficial BOLT 13

All off-chain protocols assume the user remains online and synchronised with the network. To alleviate this assumption, customers can hire a third party watching service ...

The problem

  • Your channel partner could try to publish an old channel state (old commitment TX) while you're offline
  • You might miss opportunity to release the penalty TX
  • Result:

Watchtower

  • A 3rd party watching the chain for you
  • On every new channel state, provide Watchtower with Penalty TX
  • Watchtower watches Blockchain, releases Penalty TX when required

Watchtowers improve situation for everyone

  • Attacker intimidation: You could be using a watchtower!
  • Paradox: Since there are watchtowers, watchtowers are almost never used

Drawbacks?

Do you see any issues with that scheme?

Encryption 🌈

Yes but ...

... do you see any issues with that scheme?

Solution

  • Commitment TX id: 32 bytes
  • bd671a6c09bef99431a07e314c19d0be6bea3594e4995e7c5be8acb1c7a7e97d
  • Locator: First 16 bytes
  • Encryption key: SHA256(commitmentTxId)

Conclusion

  • Watchtower only learns full TX id when old state is published!
  • Required to derive password and decrypt channel state
  • Privacy is only leaked when Watchtower action is required
  • Remember the intimidation effect!

Current state

Standard isn't perfectly followed

Standard is a bit outdated

Watchtowers exist

Degree of usage unknown

Questions?

Questions about watchtowers?

LSP standard

  • Might already be covered by "Practical Challenges in LN Adotpion"
  • Lightning Service provider
  • Standard specification

Anchor channels

Skipped in talk 'History of Paymnet Channels'

Resources