<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
  <updated>2023-06-09T12:20:54Z</updated>
  <generator>https://njump.me</generator>

  <title>Nostr notes by Richard Myers [ARCHIVE]</title>
  <author>
    <name>Richard Myers [ARCHIVE]</name>
  </author>
  <link rel="self" type="application/atom+xml" href="https://njump.me/npub12jllrss5nmygfhg7j9ztk2te80t96kumx7cllfc29skut6phqh5qfhfxgj.rss" />
  <link href="https://njump.me/npub12jllrss5nmygfhg7j9ztk2te80t96kumx7cllfc29skut6phqh5qfhfxgj" />
  <id>https://njump.me/npub12jllrss5nmygfhg7j9ztk2te80t96kumx7cllfc29skut6phqh5qfhfxgj</id>
  <icon></icon>
  <logo></logo>




  <entry>
    <id>https://njump.me/nevent1qqsxmdnq83005udskefaur9neps5pje7tggkdyre3y6aukfukq6926gzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7snf2tu8</id>
    
      <title type="html">📅 Original date posted:2020-05-07 📝 Original message: ...</title>
    
    <link rel="alternate" href="https://njump.me/nevent1qqsxmdnq83005udskefaur9neps5pje7tggkdyre3y6aukfukq6926gzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7snf2tu8" />
    <content type="html">
      In reply to &lt;a href=&#39;/nevent1qqsxv57zzypazx0qr6gzxj4p0srlndq4xq8h6z3q6yz5wr7tl40ftwsp0ehxp&#39;&gt;nevent1q…ehxp&lt;/a&gt;&lt;br/&gt;_________________________&lt;br/&gt;&lt;br/&gt;📅 Original date posted:2020-05-07&lt;br/&gt;📝 Original message:&lt;br/&gt;Thanks Antoine for starting this thread, I&amp;#39;ve also been curious about the&lt;br/&gt;current thinking on light clients and incentivized full node services after&lt;br/&gt;seeing the LSAT work.&lt;br/&gt;&lt;br/&gt;On Wed, May 6, 2020 at 11:40 AM Antoine Riard &amp;lt;antoine.riard at gmail.com&amp;gt;&lt;br/&gt;wrote:&lt;br/&gt;&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Yeah, I hadn&amp;#39;t time to read the spec yet but that was clearly something&lt;br/&gt;&amp;gt; like LSATs I meaned speaking about monetary compensation to price&lt;br/&gt;&amp;gt; resources. I just hope it isn&amp;#39;t too much tie to HTTP because you may want&lt;br/&gt;&amp;gt; to read/write over other communication channels like&lt;br/&gt;&amp;gt; tx-broadcast-over-radio to solve first-hop privacy.&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;I think we should consider alternative peer-to-peer communication channels&lt;br/&gt;both in the context of supporting light client users and encouraging full&lt;br/&gt;node diversity.&lt;br/&gt;&lt;br/&gt;Because block headers and block filters can be cached and forwarded we can&lt;br/&gt;use pure broadcast systems like geostationary satellites or radio systems&lt;br/&gt;with various trade-offs between range and bandwidth such as amateur radio,&lt;br/&gt;unlicensed UHF and community WiFi.  Protocol features that support&lt;br/&gt;low-bandwidth broadcast and local peer-to-peer networks add resilience to&lt;br/&gt;the Bitcoin network because they can not be as easily sybilled, censored or&lt;br/&gt;surveilled en mass, as centralized ISPs can be.&lt;br/&gt;&lt;br/&gt;Bandwidth is the primary limitation of these alternative last-mile networks&lt;br/&gt;compared to nodes using wired internet connections. We would like all&lt;br/&gt;Bitcoin nodes to operate as equal peers (flat network), but the reality is&lt;br/&gt;that potential Bitcoin users do not have equal access to affordable&lt;br/&gt;bandwidth from centralized providers. A system that lets light clients&lt;br/&gt;access full nodes over local peer-to-peer networks could make self-custody&lt;br/&gt;more accessible to light-client users and more local full nodes&lt;br/&gt;incentivized to provide services over local peer-to-peer networks could&lt;br/&gt;help increase the geographic diversity of full nodes.&lt;br/&gt;&lt;br/&gt;For example, a light client could have inbound connections for block&lt;br/&gt;headers and filters from 1) other light client peers via bluetooth, 2) an&lt;br/&gt;ISP connected full node via a community WiFi network and 3) a blocksat&lt;br/&gt;connected full node via a UHF mesh network.  These scenarios in more detail:&lt;br/&gt;&lt;br/&gt;1) two nearby light clients can exchange cached block headers, block&lt;br/&gt;filters and full blocks over bluetooth or shared local WiFi - either tit&lt;br/&gt;for tat or altruistically. Full blocks can be used to spot check block&lt;br/&gt;filters and new block headers can help detect forks. There is no&lt;br/&gt;communication cost and when the local internet is censored or down can help&lt;br/&gt;(slowly) relay network state from any small set of operating links to the&lt;br/&gt;outside internet.&lt;br/&gt;&lt;br/&gt;2) a light client can query an ISP connected full node on the same&lt;br/&gt;unmetered local WiFi network and exchange differences in block headers&lt;br/&gt;opportunistically or pay for large missing ranges of headers, filters or&lt;br/&gt;full blocks using a payment channel. Cost is reduced and privacy is&lt;br/&gt;enhanced for the light client by not using a centralized ISP. Bandwidth for&lt;br/&gt;running the full node can be amortized and subsidized by payments from&lt;br/&gt;light clients who they resell data to.&lt;br/&gt;&lt;br/&gt;3) an off-grid validating full node can receive block information from the&lt;br/&gt;blocksat, but cross validate block headers from nearby full nodes connected&lt;br/&gt;to ISPs and light clients with cached information via low-bandwidth&lt;br/&gt;long-range UHF mesh radio. This full node has no fixed bandwidth costs and&lt;br/&gt;can also earn LN payments from light clients to help subsidize their&lt;br/&gt;initial hardware purchase.&lt;br/&gt;&lt;br/&gt;I also believe a light-client could confirm specific transactions by&lt;br/&gt;querying for Merkle proofs instead of full blocks when using a&lt;br/&gt;low-bandwidth long distance and/or multi-hop radio link without the same&lt;br/&gt;privacy linking concerns these queries would have if made using an internet&lt;br/&gt;address tied to their identity or more specific physical location. I&lt;br/&gt;wouldn&amp;#39;t argue to add this to the core protocol, but like Watchtowers it&amp;#39;s&lt;br/&gt;a service that can monetize and support the operation of a full node.&lt;br/&gt;&lt;br/&gt;  -- Richard&lt;br/&gt;-------------- next part --------------&lt;br/&gt;An HTML attachment was scrubbed...&lt;br/&gt;URL: &amp;lt;&lt;a href=&#34;http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20200507/f6246a76/attachment.html&amp;gt&#34;&gt;http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20200507/f6246a76/attachment.html&amp;gt&lt;/a&gt;;
    </content>
    <updated>2023-06-09T13:00:03Z</updated>
  </entry>

  <entry>
    <id>https://njump.me/nevent1qqs9zkn5tdw4tjeaf5fye2gjvjz4egxrgewqzhfplqcmzlhuz8fuesszyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7su9qg5z</id>
    
      <title type="html">📅 Original date posted:2020-05-12 📝 Original message: ...</title>
    
    <link rel="alternate" href="https://njump.me/nevent1qqs9zkn5tdw4tjeaf5fye2gjvjz4egxrgewqzhfplqcmzlhuz8fuesszyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7su9qg5z" />
    <content type="html">
      In reply to &lt;a href=&#39;/nevent1qqspaj0248nl6rk8gfm46xtdxjz24u0xmup6qqhgakmwq3sjhducm0c93gufj&#39;&gt;nevent1q…gufj&lt;/a&gt;&lt;br/&gt;_________________________&lt;br/&gt;&lt;br/&gt;📅 Original date posted:2020-05-12&lt;br/&gt;📝 Original message:&lt;br/&gt;Thanks for sharing your thoughts ZmnSCPxj. I think I can summarize your&lt;br/&gt;concern as: A node without direct internet connectivity can not rely on an&lt;br/&gt;opportunistically incentivized local network peer for blockchain&lt;br/&gt;information because the off-grid node&amp;#39;s direct LN peers could collude to&lt;br/&gt;not forward the payment.&lt;br/&gt;&lt;br/&gt;On Mon, May 11, 2020 at 7:44 AM ZmnSCPxj &amp;lt;ZmnSCPxj at protonmail.com&amp;gt; wrote:&lt;br/&gt;&lt;br/&gt;&amp;gt; &amp;gt; 2) a light client can query an ISP connected full node on the same&lt;br/&gt;&amp;gt; unmetered local WiFi network and exchange differences in block headers&lt;br/&gt;&amp;gt; opportunistically or pay for large missing ranges of headers, filters or&lt;br/&gt;&amp;gt; full blocks using a payment channel. Cost is reduced and privacy is&lt;br/&gt;&amp;gt; enhanced for the light client by not using a centralized ISP. Bandwidth for&lt;br/&gt;&amp;gt; running the full node can be amortized and subsidized by payments from&lt;br/&gt;&amp;gt; light clients who they resell data to.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; A relatively pointless observation, but it seems to me that:&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; * The light client is requesting for validation information, because...&lt;br/&gt;&amp;gt; * ...its direct peers might be defrauding it, leading to...&lt;br/&gt;&amp;gt; * ...the money it *thinks* it has in its channels being valueless.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Thus, if the light client opportunistically pays for validation&lt;br/&gt;&amp;gt; information (whether full blocks, headers, or filters), the direct peers it&lt;br/&gt;&amp;gt; has could just as easily not forward any payments, thus preventing the&lt;br/&gt;&amp;gt; light client from paying for the validation information.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Indeed, if the direct peer *is* defrauding the light client, the direct&lt;br/&gt;&amp;gt; peer has no real incentive to actually forward *any* payments --- to do so&lt;br/&gt;&amp;gt; would be to reduce the possible earnings it gets from defrauding the light&lt;br/&gt;&amp;gt; client.&lt;br/&gt;&amp;gt; (&amp;#34;Simulating&amp;#34; the payments so that the light client will not suspect&lt;br/&gt;&amp;gt; anything runs the risk that the light client will be able to forward all&lt;br/&gt;&amp;gt; its money out of the channel, and the cheating peer is still potentially&lt;br/&gt;&amp;gt; liable for any funds it originally had in the channel if it gets caught.)&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;One question I had is: how can a malicious direct payment peer &amp;#34;simulate&amp;#34; a&lt;br/&gt;successful payment made by an off-grid victim peer to an information&lt;br/&gt;source?  The censoring peer wouldn&amp;#39;t be able to return the preimage for a&lt;br/&gt;payment they failed to forward. Also, since the information provider and&lt;br/&gt;off-grid node can presumably communicate via their local network&lt;br/&gt;connection, it would be obvious if all of the victims LN peers were failing&lt;br/&gt;to forward payments (whether maliciously or due to routing failures) to an&lt;br/&gt;information provider they could otherwise communicate with.&lt;br/&gt;&lt;br/&gt;Any LN payments not monitored by a watchtower that are received by the&lt;br/&gt;eclipsed off-grid victim node would be at risk in this attack scenario.&lt;br/&gt;Likewise any layer 1 payments they received should be buried under&lt;br/&gt;sufficient valid block headers before being relied on.&lt;br/&gt;&lt;br/&gt;I don&amp;#39;t see how a LN node one-step removed from a direct internet&lt;br/&gt;connection is at more risk than an internet connected node eclipsed by&lt;br/&gt;their ISP, for example. In both cases, failure to get timely blockchain&lt;br/&gt;info should trigger warnings to stop accepting payments.&lt;br/&gt;&lt;br/&gt;&lt;br/&gt;&amp;gt; What would work would be to use a system similar to watchtowers, wherein&lt;br/&gt;&amp;gt; the validation-information-provider is prepaid and issues tokens that can&lt;br/&gt;&amp;gt; be redeemed later.&lt;br/&gt;&amp;gt; But this is not suitable for opportunistic on-same-WiFi where, say, a&lt;br/&gt;&amp;gt; laptop is running a validation-information-provider-for-payment program on&lt;br/&gt;&amp;gt; the same WiFi as a light-client mobile phone, if we consider that the&lt;br/&gt;&amp;gt; laptop and mobile may have never met before and may never meet again.&lt;br/&gt;&amp;gt; It would work if the laptop altruistically serves the blocks, but not if&lt;br/&gt;&amp;gt; it were for (on-Lightning) payment.&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;There&amp;#39;s another problem if we can&amp;#39;t rely on a recurring relationship with&lt;br/&gt;an information provider besides not being able to prepay for validation&lt;br/&gt;information doesn&amp;#39;t make sense. We don&amp;#39;t want an information provider to&lt;br/&gt;collect payments for serving invalid information. Maybe for very small&lt;br/&gt;payments this isn&amp;#39;t a problem, but ideally validity could be coded into the&lt;br/&gt;HTLC.&lt;br/&gt;&lt;br/&gt;For example, an alternative HTLC construct that only paid for valid 81 B&lt;br/&gt;headers that hash to 32 B values with a number of leading zeros committed&lt;br/&gt;to by the HTLC. It would make more economic sense for an internet gateway&lt;br/&gt;node to serve valid mined header to nodes on their local WiFi network than&lt;br/&gt;to create bogus ones with the same (high) amount of work.&lt;br/&gt;&lt;br/&gt;&lt;br/&gt;&amp;gt; So it seems to me that this kind of service is best ridden on top of&lt;br/&gt;&amp;gt; watchtower service providers.&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;Public watchtowers or some sort of HTTP proxy data cache similar to a&lt;br/&gt;watchtower makes the most sense to me because they would be expected to be&lt;br/&gt;economically motivated and LN payment aware. Full nodes could potentially&lt;br/&gt;be incentivized to exchange new data with other nodes in a tit-for-tat way,&lt;br/&gt;but I don&amp;#39;t expect them to be incentivized by light clients using LN&lt;br/&gt;micropayments in a server-client arrangement.&lt;br/&gt;&lt;br/&gt;Network agents that monetize full node information services beyond channel&lt;br/&gt;monitoring would be more than just a &amp;#34;Watchtower&amp;#34; for light clients. Would&lt;br/&gt;they be more like incentivized Electrum servers? Are there still privacy&lt;br/&gt;concerns when they serve generic/un-personalized headers/filters/blocks to&lt;br/&gt;light clients? A personal, altruistic or friends and family watchtower is&lt;br/&gt;also possible, but I&amp;#39;m thinking about how light clients without this&lt;br/&gt;possibility can be served.&lt;br/&gt;&lt;br/&gt;Happy new epoch,&lt;br/&gt;&lt;br/&gt;  -- Richard&lt;br/&gt;&lt;br/&gt;-- &lt;br/&gt;Richard Myers&lt;br/&gt;Decentralized Applications Engineer, goTenna&lt;br/&gt;gotenna.com&lt;br/&gt;@gotenna&lt;br/&gt;-------------- next part --------------&lt;br/&gt;An HTML attachment was scrubbed...&lt;br/&gt;URL: &amp;lt;&lt;a href=&#34;http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20200512/ea1a456e/attachment.html&amp;gt&#34;&gt;http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20200512/ea1a456e/attachment.html&amp;gt&lt;/a&gt;;
    </content>
    <updated>2023-06-09T13:00:03Z</updated>
  </entry>

  <entry>
    <id>https://njump.me/nevent1qqszlnk27sw8zhqpr477djnxdj6gu30va2jte87ttlm5x4yhdahcs4szyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7s2pghg3</id>
    
      <title type="html">📅 Original date posted:2019-10-01 📝 Original message: ...</title>
    
    <link rel="alternate" href="https://njump.me/nevent1qqszlnk27sw8zhqpr477djnxdj6gu30va2jte87ttlm5x4yhdahcs4szyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7s2pghg3" />
    <content type="html">
      In reply to &lt;a href=&#39;/nevent1qqsy3ty57fwknd249fsu7e0sqa823rfsj3ms4vpekkj0r64pkgwhcmg527wry&#39;&gt;nevent1q…7wry&lt;/a&gt;&lt;br/&gt;_________________________&lt;br/&gt;&lt;br/&gt;📅 Original date posted:2019-10-01&lt;br/&gt;📝 Original message:&lt;br/&gt;Thanks Christian for pulling together this concise summary.&lt;br/&gt;&lt;br/&gt;1.  General agreement on the usefulness of noinput / anyprevoutanyscript /&lt;br/&gt;&amp;gt;     anyprevout.&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;I certainly support the unification and adoption of the sighash_noinput and&lt;br/&gt;anyprevoutput* proposals to enable eltoo, but also to make possible better&lt;br/&gt;off-chain protocol designs generally.&lt;br/&gt;&lt;br/&gt;Among the various advantages previously discussed, the particular use case&lt;br/&gt;benefits from eltoo I want to take advantage of is less interactive payment&lt;br/&gt;channel negotiation.&lt;br/&gt;&lt;br/&gt;In talking with people about eltoo this summer, I found most people&lt;br/&gt;generally support adding this as an option to Lightning. The only general&lt;br/&gt;concern I heard, if any,  was the vague idea that rebindable transactions&lt;br/&gt;could be somehow misused or abused.&lt;br/&gt;&lt;br/&gt;I believe when these concerns are made more concrete they can be classified&lt;br/&gt;and addressed.&lt;br/&gt;&lt;br/&gt;I don&amp;#39;t find too compelling the potential problem of a &amp;#39;bad wallet&lt;br/&gt;designer&amp;#39;, whether lazy or dogmatic, misusing noinput. I think there are&lt;br/&gt;simpler ways to cut corners and there will always be plenty of good wallet&lt;br/&gt;options people can choose.&lt;br/&gt;&lt;br/&gt;Because scripts signed with no_input signatures are only really exchanged&lt;br/&gt;and used for off-chain negotiations, very few should ever appear on chain.&lt;br/&gt;Those that do should represent non-cooperative situations that involve&lt;br/&gt;signing parties who know not to reuse or share scripts with these public&lt;br/&gt;keys again. No third party has any reason to spend value to a&lt;br/&gt;multisignature script they don&amp;#39;t control, whether or not a no_input&lt;br/&gt;signature exists for it.&lt;br/&gt;&lt;br/&gt;2.  Is there strong support or opposition to the chaperone signatures&lt;br/&gt;&amp;gt;     introduced in anyprevout / anyprevoutanyscript? I think it&amp;#39;d be best to&lt;br/&gt;&amp;gt;     formulate a concrete set of pros and contras, rather than talk about&lt;br/&gt;&amp;gt;     abstract dangers or advantages.&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;As I mentioned before, I don&amp;#39;t think the lazy wallet designer advantage is&lt;br/&gt;enough to justify the downsides of chaperone signatures. One additional&lt;br/&gt;downside is the additional code complexity required to flag whether or not&lt;br/&gt;a chaperone output is included. By comparison, the code changes for&lt;br/&gt;creating a no_input digest that skips the prevout and prevscript parts of a&lt;br/&gt;tx is much less intrusive and easier to maintain.&lt;br/&gt;&lt;br/&gt;3.  The same for output tagging / explicit opt-in. What are the advantages&lt;br/&gt;&amp;gt; and&lt;br/&gt;&amp;gt;     disadvantages?&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;I see the point ZmnSCPxj makes about tagged outputs negatively impacting&lt;br/&gt;the anonymity set of taproot transactions. The suggested work around would&lt;br/&gt;impose a cost to unilateral closes of an additional translation transaction&lt;br/&gt;and not using the work around would cause a hit to anonymity for off-chain&lt;br/&gt;script users. I feel both costs are too high relative to the benefit gained&lt;br/&gt;of preventing sloppy reuse of public keys.&lt;br/&gt;&lt;br/&gt;4.  Shall we merge BIP-118 and bip-anyprevout. This would likely reduce the&lt;br/&gt;&amp;gt;     confusion and make for simpler discussions in the end.&lt;br/&gt;&lt;br/&gt;&lt;br/&gt;I believe they should be merged. I also think both chaperone signatures and&lt;br/&gt;output tagging should become part of the discussion of security&lt;br/&gt;alternatives, but not part of the initial specification.&lt;br/&gt;&lt;br/&gt;I understand the desire to be conservative with protocol changes that could&lt;br/&gt;be misused. However, with just taproot and taproot public key types the&lt;br/&gt;anyprevout functionality is already very opt-in and not something that&lt;br/&gt;might accidentally get used. Belt-and-suspender protections like chaperone&lt;br/&gt;signatures and tagged outputs have their own impacts on code complexity,&lt;br/&gt;on-chain transaction sizes and transaction anonymity that also must be&lt;br/&gt;considered.&lt;br/&gt;&lt;br/&gt;I believe efforts like descriptors will help people follow best practices&lt;br/&gt;when working with complex scripts without pushing extra complexity for&lt;br/&gt;safety into the consensus layer of bitcoin. Anywhere we can make core code&lt;br/&gt;simpler, and handle foot-guns in higher level non-consensus code, the&lt;br/&gt;better.&lt;br/&gt;&lt;br/&gt;_______________________________________________&lt;br/&gt;&lt;br/&gt;&amp;gt; Lightning-dev mailing list&lt;br/&gt;&amp;gt; Lightning-dev at lists.linuxfoundation.org&lt;br/&gt;&amp;gt; &lt;a href=&#34;https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev&#34;&gt;https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev&lt;/a&gt;&lt;br/&gt;&amp;gt;&lt;br/&gt;-------------- next part --------------&lt;br/&gt;An HTML attachment was scrubbed...&lt;br/&gt;URL: &amp;lt;&lt;a href=&#34;http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20191001/f57d3131/attachment-0001.html&amp;gt&#34;&gt;http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20191001/f57d3131/attachment-0001.html&amp;gt&lt;/a&gt;;
    </content>
    <updated>2023-06-09T12:56:23Z</updated>
  </entry>

  <entry>
    <id>https://njump.me/nevent1qqsqrksc3nwaulxmx0aw3jrzpm0jfw0ana6g9pt8ypup4t2rhqaa5yszyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7se5pspx</id>
    
      <title type="html">📅 Original date posted:2019-09-16 📝 Original message: ...</title>
    
    <link rel="alternate" href="https://njump.me/nevent1qqsqrksc3nwaulxmx0aw3jrzpm0jfw0ana6g9pt8ypup4t2rhqaa5yszyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7se5pspx" />
    <content type="html">
      In reply to &lt;a href=&#39;/nevent1qqsyn6wankjgy3kslg6vgggccq2jhg3mj59pg2kly059d929senp3gqpr5k4f&#39;&gt;nevent1q…5k4f&lt;/a&gt;&lt;br/&gt;_________________________&lt;br/&gt;&lt;br/&gt;📅 Original date posted:2019-09-16&lt;br/&gt;📝 Original message:&lt;br/&gt;Thanks for the feedback ZmnSCPxj.&lt;br/&gt;&lt;br/&gt;I imagine a future where most people do not typically have single-signer&lt;br/&gt;&amp;gt; ownership of coins onchain, but are instead share-owners of coins, with&lt;br/&gt;&amp;gt; single-signer ownership occurring onchain only in the case of dispute or&lt;br/&gt;&amp;gt; for long-term cold storage.&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;The change-in-membership ritual you describe seems like a good start for&lt;br/&gt;elaborating on this idea.&lt;br/&gt;&lt;br/&gt;Some aspects of multi-party Decker-Russell-Osuntokun channels have analogs&lt;br/&gt;to a signet blockchain that use a n-of-n federation of signers. But other&lt;br/&gt;places, like change-in-membership, do not have direct analogs.&lt;br/&gt;&lt;br/&gt;For example, some signet concepts with multi-party channel analogs:&lt;br/&gt;&lt;br/&gt;block script:&lt;br/&gt;* the first &amp;#39;update&amp;#39; and &amp;#39;settle&amp;#39; transactions, aka &amp;#39;setup&amp;#39; and &amp;#39;refund&amp;#39;&lt;br/&gt;transactions, define the set of signers that must sign subsequent channel&lt;br/&gt;updates&lt;br/&gt;&lt;br/&gt;genesis block:&lt;br/&gt;* the initial &amp;#39;funding&amp;#39; transaction, aka outpoint of the commitment&lt;br/&gt;transaction, which establishes the funded channel&lt;br/&gt;&lt;br/&gt;utxo set:&lt;br/&gt;* the specific set of on-chain outputs from the &amp;#39;settlement&amp;#39; transaction&lt;br/&gt;that spends the balance of the latest &amp;#39;update&amp;#39; transaction signed by the&lt;br/&gt;complete set of channel parties.&lt;br/&gt;&lt;br/&gt;mempool:&lt;br/&gt;* the set of proposals for specific changes to the set of outputs from the&lt;br/&gt;latest &amp;#39;settlement&amp;#39; transaction (similar to update_add_htlc,&lt;br/&gt;update_fail_htlc, etc)&lt;br/&gt;&lt;br/&gt;Concepts where layer two channels do not have an obvious analog to a layer&lt;br/&gt;one signet blockchain:&lt;br/&gt;&lt;br/&gt;cooperative close:&lt;br/&gt;* when all parties mutually agree to close the channel&lt;br/&gt;* close the channel with a layer one transaction which finalizes the&lt;br/&gt;outputs from the most recent channel output state&lt;br/&gt;* should be optimized for privacy and low on-chain fees&lt;br/&gt;&lt;br/&gt;membership change (ZmnSCPxj ritual):&lt;br/&gt;* when channel parties want to leave or add new members to the channel&lt;br/&gt;* close and reopen a new channel via something like a channel splicing&lt;br/&gt;transaction to the layer one blockchain&lt;br/&gt;* should be optimized for privacy and low on-chain fees paid for by parties&lt;br/&gt;entering and leaving the channel&lt;br/&gt;&lt;br/&gt;balance change (similar to membership change):&lt;br/&gt;* when channel parties want to add or remove some of the finalized value in&lt;br/&gt;the channel&lt;br/&gt;* close and reopen a new channel via something like a channel splicing&lt;br/&gt;transaction to the layer one blockchain&lt;br/&gt;* should be optimized for privacy and low on-chain fees paid for by parties&lt;br/&gt;adding and removing value from the channel&lt;br/&gt;&lt;br/&gt;uncooperative close:&lt;br/&gt;* when one or more nodes fails to sign the next channel state update&lt;br/&gt;* use a layer one transaction to commit both finalized and un-finalized&lt;br/&gt;outputs from the most recent channel output state&lt;br/&gt;* script timeouts determine when channel parties should uncooperatively&lt;br/&gt;close the channel if not all parties have signed the next &amp;#39;update&amp;#39; and&lt;br/&gt;&amp;#39;settlement&amp;#39; transaction&lt;br/&gt;&lt;br/&gt;uncooperative membership change:&lt;br/&gt;* a subset of channel parties might want to cooperatively sign a channel&lt;br/&gt;splicing transaction to &amp;#39;splice out&amp;#39; uncooperative parties&lt;br/&gt;&lt;br/&gt;mining, mining reward and difficulty adjustment&lt;br/&gt;* no equivalent concept for multi-party channels&lt;br/&gt;&lt;br/&gt;transaction fees:&lt;br/&gt;* updates to layer two channels do not incur transactions fees&lt;br/&gt;* invalid updates dropped to layer one should be paid by cheating node&lt;br/&gt;* splice in/out transactions should be paid by requesting signers only&lt;br/&gt;* do transaction fees prevent &amp;#39;griefing&amp;#39; attacks?&lt;br/&gt;&lt;br/&gt;privacy:&lt;br/&gt;* disassociate a particular update from signer(s)&lt;br/&gt;* disassociate IP address of signers from signature&lt;br/&gt;* using SIGHASH_ALL for cooperative closes&lt;br/&gt;&lt;br/&gt;liveness:&lt;br/&gt;* if signers know they will be offline, can they pre-sign updates that just&lt;br/&gt;commit their own outputs, rather then splice out?&lt;br/&gt;* contingent tap-leafs to splice out non-responsive signers&lt;br/&gt;&lt;br/&gt;The &amp;#34;block&amp;#34; that would need to be signed by the participants would actually&lt;br/&gt;&amp;gt; be a Decker-Russell-Osuntokun update&#43;state transaction, and would commit to&lt;br/&gt;&amp;gt; the UTXO set rather than the transaction set.&lt;br/&gt;&amp;gt; Unless I misunderstand your meaning here.&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt; Oops, ya, I did mean a &amp;#34;block&amp;#34; to be a particular Decker-Russell-Osuntokun&lt;br/&gt;update&#43;state transaction.&lt;br/&gt;&lt;br/&gt;I think it will be useful to have these ideas in the back of my mind as I&lt;br/&gt;work on making eltoo scripts that support multi-party channels.&lt;br/&gt;&lt;br/&gt;-- &lt;br/&gt;Richard Myers&lt;br/&gt;Decentralized Applications Engineer, goTenna&lt;br/&gt;gotenna.com&lt;br/&gt;@gotenna&lt;br/&gt;-------------- next part --------------&lt;br/&gt;An HTML attachment was scrubbed...&lt;br/&gt;URL: &amp;lt;&lt;a href=&#34;http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20190916/afc6b87e/attachment.html&amp;gt&#34;&gt;http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20190916/afc6b87e/attachment.html&amp;gt&lt;/a&gt;;
    </content>
    <updated>2023-06-09T12:56:04Z</updated>
  </entry>

  <entry>
    <id>https://njump.me/nevent1qqsgjhqvd9lar2zr0f2ynarnu075efhxhweqf3c9c9xwnu0xh02y08qzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7svxtsht</id>
    
      <title type="html">📅 Original date posted:2019-09-09 📝 Original message: I ...</title>
    
    <link rel="alternate" href="https://njump.me/nevent1qqsgjhqvd9lar2zr0f2ynarnu075efhxhweqf3c9c9xwnu0xh02y08qzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7svxtsht" />
    <content type="html">
      In reply to &lt;a href=&#39;/nevent1qqst0huwhgc8upnfvutt00r05x0luyk7vly46v8f850fkhqcyxknmxqpkyvmn&#39;&gt;nevent1q…yvmn&lt;/a&gt;&lt;br/&gt;_________________________&lt;br/&gt;&lt;br/&gt;📅 Original date posted:2019-09-09&lt;br/&gt;📝 Original message:&lt;br/&gt;I believe using the eltoo update scheme as a way to consolidate blocks of&lt;br/&gt;off-chain transactions is an interesting idea worth exploring.&lt;br/&gt;&lt;br/&gt;ZmnSCPxj brings up some limitations on arbitrary outputs scripts in eltoo.&lt;br/&gt;Although using CSV is more complicated and outputs must also use&lt;br/&gt;SIGHASH_NOINPUT [1], the ability to have multiple party channels and the&lt;br/&gt;most used types of scripts makes eltoo compelling compared to LN-Penalty&lt;br/&gt;for this kind of application.&lt;br/&gt;&lt;br/&gt;The multiple party aspect in particular introduces an interesting way to&lt;br/&gt;unify concepts from different second layer protocols like federated&lt;br/&gt;sidechains and statechains (ht. aakselrod [2]).&lt;br/&gt;&lt;br/&gt;Though the Statechains proposal relies on eltoo [3], I think what Christian&lt;br/&gt;suggested does not try to solve the dynamic membership problem. That&amp;#39;s why&lt;br/&gt;I think of this as more an evolution of the channel factory paper towards&lt;br/&gt;something like a federated sidechain.&lt;br/&gt;&lt;br/&gt;I think this reconciliation between the off-chain model and the on-chain&lt;br/&gt;&amp;gt; model, with many concepts cleanly mapping from one context to another&lt;br/&gt;&amp;gt; (state outputs = UTXO, off-chain update = on-chain transactions,&lt;br/&gt;&amp;gt; cut-through = confirmation, operation batching = block creation) is&lt;br/&gt;&amp;gt; rather nice :-)&lt;br/&gt;&lt;br/&gt;&lt;br/&gt;One additional concept that could be new to this off-chain blockchain model&lt;br/&gt;would be something like batched multi-party loop-in/out. In a&lt;br/&gt;Schnorr/Taproot world you could add signers/inputs and remove&lt;br/&gt;signers/outputs with a single multi-signature negotiated off-chain. You&amp;#39;d&lt;br/&gt;still like to limit these onchain txs, even if they are small, but updating&lt;br/&gt;channels periodically seems like a straight forward way to address the&lt;br/&gt;dynamic membership problem.&lt;br/&gt;&lt;br/&gt;I guess this all gets back to how to design an off-chain protocol for&lt;br/&gt;managing these negotiations. Ultimately I can imagine a sort of multi-party&lt;br/&gt;eltoo based &amp;#39;signet&amp;#39; with the same RPC interface, but different transaction&lt;br/&gt;validation and block creation logic.  Perhaps there would be a new message&lt;br/&gt;where the channel parties would add their signature before forwarding a&lt;br/&gt;valid block, and the block wouldn&amp;#39;t be built on until all parties had&lt;br/&gt;signed.&lt;br/&gt;&lt;br/&gt;[1]&lt;br/&gt;&lt;a href=&#34;https://lists.linuxfoundation.org/pipermail/lightning-dev/2018-August/001383.html&#34;&gt;https://lists.linuxfoundation.org/pipermail/lightning-dev/2018-August/001383.html&lt;/a&gt;&lt;br/&gt;[2] &lt;a href=&#34;https://twitter.com/stile65/status/1171030423394078720&#34;&gt;https://twitter.com/stile65/status/1171030423394078720&lt;/a&gt;&lt;br/&gt;[3]&lt;br/&gt;&lt;a href=&#34;https://medium.com/@RubenSomsen/statechains-non-custodial-off-chain-bitcoin-transfer-1ae4845a4a39&#34;&gt;https://medium.com/@RubenSomsen/statechains-non-custodial-off-chain-bitcoin-transfer-1ae4845a4a39&lt;/a&gt;&lt;br/&gt;-------------- next part --------------&lt;br/&gt;An HTML attachment was scrubbed...&lt;br/&gt;URL: &amp;lt;&lt;a href=&#34;http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20190909/bb60fee0/attachment.html&amp;gt&#34;&gt;http://lists.linuxfoundation.org/pipermail/lightning-dev/attachments/20190909/bb60fee0/attachment.html&amp;gt&lt;/a&gt;;
    </content>
    <updated>2023-06-09T12:56:03Z</updated>
  </entry>

  <entry>
    <id>https://njump.me/nevent1qqsfufad57w2hxtasnv5lqt4tghx99n0c0v6nw25g26f5ud4kp5c3jqzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7s2nqvw7</id>
    
      <title type="html">📅 Original date posted:2022-04-24 📝 Original message:Hi ...</title>
    
    <link rel="alternate" href="https://njump.me/nevent1qqsfufad57w2hxtasnv5lqt4tghx99n0c0v6nw25g26f5ud4kp5c3jqzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7s2nqvw7" />
    <content type="html">
      In reply to &lt;a href=&#39;/nevent1qqst62vwckkrykyddgg56kvnt0y56gzgsml8xlurm8pgal6r3vru8xgxpw7qe&#39;&gt;nevent1q…w7qe&lt;/a&gt;&lt;br/&gt;_________________________&lt;br/&gt;&lt;br/&gt;📅 Original date posted:2022-04-24&lt;br/&gt;📝 Original message:Hi darosior,&lt;br/&gt;&lt;br/&gt;Thanks for sharing your thoughts on this.&lt;br/&gt;&lt;br/&gt;&amp;gt; I would like to know people&amp;#39;s sentiment about doing (a very slightly tweaked version of) BIP118 in place of&lt;br/&gt;&amp;gt; (or before doing) BIP119.&lt;br/&gt;&lt;br/&gt;Sounds good to me. Although from an activation perspective it may not be either/or, both proposals do compete for scarce reviewer time so their ordering will necessarily be driven by reviewer&amp;#39;s priorities. My priority is eltoo which is why I focus on BIP-118.&lt;br/&gt;&lt;br/&gt;&amp;gt; SIGHASH_ANYPREVOUTANYSCRIPT, if its &amp;#34;ANYONECANPAY&amp;#34; behaviour is made optional [0], can emulate CTV just fine.&lt;br/&gt;&lt;br/&gt;For someone not as versed in CTV, why is it necessary that ANYONECANPAY be optional to emulate CTV? Is there a write-up that explains how APO-AS w/out ANYONECANPAY approximates CTV?&lt;br/&gt;&lt;br/&gt;In the case of eltoo commit txs, we use bring-your-own-fee (BYOF) to late-bind fees; that means ANYONECANPAY will always be paired with APO-AS for eltoo. Settlement txs in eltoo use just APO and do not necessarily need to be paired with ANYONECANPAY.&lt;br/&gt;&lt;br/&gt;I would guess making ANYONECANPAY the default for APO-AS was a way to squeeze in one more sighash flag. Perhaps there&amp;#39;s another way to do it?&lt;br/&gt;&lt;br/&gt;Including SIGHASH_GROUP with APO for eltoo is also tempting. Specifically so the counter-party who commits a settlement tx can use for fees their settled to_self balance. How to rejigger the sighash flags to accommodate both APO and GROUP may be worth some discussion.&lt;br/&gt;&lt;br/&gt;The BIP-118 proposal will certainly benefit from having input from reviewers looking at other protocols than eltoo.&lt;br/&gt;&lt;br/&gt;  -- Richard
    </content>
    <updated>2023-06-07T23:08:00Z</updated>
  </entry>

  <entry>
    <id>https://njump.me/nevent1qqsd9amsfjajkw3gahnzwtm766p7r7vehqw86vxgp0qpdxjwjqlrmcgzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7set7cjr</id>
    
      <title type="html">📅 Original date posted:2021-08-17 📝 Original message:I ...</title>
    
    <link rel="alternate" href="https://njump.me/nevent1qqsd9amsfjajkw3gahnzwtm766p7r7vehqw86vxgp0qpdxjwjqlrmcgzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7set7cjr" />
    <content type="html">
      In reply to &lt;a href=&#39;/nevent1qqs8tphfj47qzdfqz72dna7g844pdz06k9t6x4d9rfdpqdl6qyfaqfckdzqeq&#39;&gt;nevent1q…zqeq&lt;/a&gt;&lt;br/&gt;_________________________&lt;br/&gt;&lt;br/&gt;📅 Original date posted:2021-08-17&lt;br/&gt;📝 Original message:I implemented some basic functional test scripts for the eltoo channel update scheme to better understand BIP-118/Anyprevout (APO). My tests are based on the rough Taproot eltoo scripts AJ Towns outlined on this list back in 2019. These tests also require AJ&amp;#39;s APO branch of core. This is just the start of a real eltoo implementation, but I wanted to share it to get feedback and to help others interested in understanding APO and eltoo.&lt;br/&gt;&lt;br/&gt;If you want to take a quick look, my functional tests are implemented in the function &amp;#34;test_tapscript_eltoo&amp;#34;:&lt;br/&gt;&lt;a href=&#34;https://github.com/remyers/bitcoin/blob/eltoo-anyprevout/test/functional/simulate_eltoo.py#L1623&#34;&gt;https://github.com/remyers/bitcoin/blob/eltoo-anyprevout/test/functional/simulate_eltoo.py#L1623&lt;/a&gt;&lt;br/&gt;&lt;br/&gt;I&amp;#39;ve also written a blog post that describes in more detail how to run the tests and includes notes that I hope will be helpful to anyone else interested in APO and eltoo:&lt;br/&gt;&lt;a href=&#34;https://yakshaver.org/2021/07/26/first.html&#34;&gt;https://yakshaver.org/2021/07/26/first.html&lt;/a&gt;&lt;br/&gt;&lt;br/&gt;I&amp;#39;d love to work with anyone else interested in eltoo and APO who wants to help extend and elaborate these tests. Any PRs for the eltoo tests or blog post would be very welcome.&lt;br/&gt;&lt;br/&gt;Many thanks to AJ and Christian Decker who have both been very generous with their time in helping me understand the finer details of APO and eltoo.&lt;br/&gt;&lt;br/&gt;All the best,&lt;br/&gt;&lt;br/&gt;-- Richard&lt;br/&gt;-------------- next part --------------&lt;br/&gt;An HTML attachment was scrubbed...&lt;br/&gt;URL: &amp;lt;&lt;a href=&#34;http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210817/3302d5cf/attachment.html&amp;gt&#34;&gt;http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20210817/3302d5cf/attachment.html&amp;gt&lt;/a&gt;;
    </content>
    <updated>2023-06-07T22:58:13Z</updated>
  </entry>

  <entry>
    <id>https://njump.me/nevent1qqstsd0y8alhemx0frwl0sn8smuy8hznpjpx9j8dakm2fwyqh8zc5fqzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7spusftd</id>
    
      <title type="html">📅 Original date posted:2020-08-07 📝 Original message:When ...</title>
    
    <link rel="alternate" href="https://njump.me/nevent1qqstsd0y8alhemx0frwl0sn8smuy8hznpjpx9j8dakm2fwyqh8zc5fqzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7spusftd" />
    <content type="html">
      In reply to &lt;a href=&#39;/nevent1qqs0l0me6l4ugyxeqpafvufelqjsskru7ly8fujxdy6gxw78gudzcfclscqft&#39;&gt;nevent1q…cqft&lt;/a&gt;&lt;br/&gt;_________________________&lt;br/&gt;&lt;br/&gt;📅 Original date posted:2020-08-07&lt;br/&gt;📝 Original message:When you say that a special relay network might be more &amp;#34;smart about&lt;br/&gt;replacement&amp;#34; in the context of ANYPREVOUT*, do you mean these nodes could&lt;br/&gt;RBF parts of a package like this:&lt;br/&gt;&lt;br/&gt;&lt;br/&gt;Given:&lt;br/&gt; - Package A = UpdateTx_A(n=1): txin: AnchorTx, txout: SettlementTx_A(n=1)&lt;br/&gt;-&amp;gt; HtlcTxs(n=1)_A -&amp;gt; .chain of  transactions that pin UpdateTx_A(n=1) with&lt;br/&gt;high total fee, etc.&lt;br/&gt;&lt;br/&gt;&lt;br/&gt;And a new package with higher fee rate versions of ANYPREVOUT* transactions&lt;br/&gt;in the package, but otherwise lower total fee:&lt;br/&gt;&lt;br/&gt; - Package B = UpdateTx_B(n=1): txin: AnchorTx, txout: SettlementTx_B(n=1)&lt;br/&gt;-&amp;gt; HtlcTxs(n=1)_B -&amp;gt; low total fee package&lt;br/&gt;&lt;br/&gt;&lt;br/&gt;Relay just the higher up-front fee-rate transactions from package B which&lt;br/&gt;get spent by the high absolute fee child transactions from package A:&lt;br/&gt;&lt;br/&gt; - Package A&amp;#39; = UpdateTx_B(n=1): txin: AnchorTx, txout: SettlementTx_B(n=1)&lt;br/&gt;-&amp;gt; HtlcTxs(n=1)_A -&amp;gt; ...chain of up to 25 txs that pin UpdateTx(n=1) with&lt;br/&gt;high total fee, etc.&lt;br/&gt;&lt;br/&gt;On Thu, Aug 6, 2020 at 5:59 PM Matt Corallo via bitcoin-dev &amp;lt;&lt;br/&gt;bitcoin-dev at lists.linuxfoundation.org&amp;gt; wrote:&lt;br/&gt;&lt;br/&gt;&amp;gt; In general, SIGHASH_NOINPUT makes these issues much, much simpler to&lt;br/&gt;&amp;gt; address, but only if we assume that nodes can&lt;br/&gt;&amp;gt; somehow be &amp;#34;smart&amp;#34; about replacement when they see a SIGHASH_NOINPUT spend&lt;br/&gt;&amp;gt; which can spend an output that something else&lt;br/&gt;&amp;gt; in the mempool already spends (potentially a different input than the&lt;br/&gt;&amp;gt; relaying node thinks the transaction should&lt;br/&gt;&amp;gt; spend). While ideally we&amp;#39;d be able to shove that (significant) complexity&lt;br/&gt;&amp;gt; into the Bitcoin P2P network, that may not be&lt;br/&gt;&amp;gt; feasible, but we could imagine a relay network of lightning nodes doing&lt;br/&gt;&amp;gt; that calculation and then passing the&lt;br/&gt;&amp;gt; transactions to their local full nodes.&lt;br/&gt;-------------- next part --------------&lt;br/&gt;An HTML attachment was scrubbed...&lt;br/&gt;URL: &amp;lt;&lt;a href=&#34;http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20200807/79ab9202/attachment.html&amp;gt&#34;&gt;http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20200807/79ab9202/attachment.html&amp;gt&lt;/a&gt;;
    </content>
    <updated>2023-06-07T18:26:10Z</updated>
  </entry>

  <entry>
    <id>https://njump.me/nevent1qqspu0k4us9n73785lrhq7e2mkd2f8fahtwvze46dpfxva9fde0xt6qzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7stau763</id>
    
      <title type="html">📅 Original date posted:2020-05-20 📝 Original ...</title>
    
    <link rel="alternate" href="https://njump.me/nevent1qqspu0k4us9n73785lrhq7e2mkd2f8fahtwvze46dpfxva9fde0xt6qzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7stau763" />
    <content type="html">
      In reply to &lt;a href=&#39;/nevent1qqsvujyhe2n8xxagm7dut2jdawke4ec6h5hpgtjrrfe32mvf6x7t2aqlms0ls&#39;&gt;nevent1q…s0ls&lt;/a&gt;&lt;br/&gt;_________________________&lt;br/&gt;&lt;br/&gt;📅 Original date posted:2020-05-20&lt;br/&gt;📝 Original message:I&amp;#39;ve been looking at using compressed block headers from the perspective of&lt;br/&gt;a node that wants to use SMS messages to sync block headers. I realized&lt;br/&gt;that it would be helpful if sendheaders2 took a parameter for how often to&lt;br/&gt;send compact blockheaders. For example, in the case of an SMS transport&lt;br/&gt;layer, it would make sense to request 4 headers at a time to optimally fill&lt;br/&gt;a 160 byte SMS message.&lt;br/&gt;&lt;br/&gt;Although using SMS messages would be about the most expensive way to&lt;br/&gt;receive block headers, it is also the most universally available to&lt;br/&gt;smartphone users, even where mobile data might be expensive or unavailable.&lt;br/&gt;If we assume an SMS costs a bulk sender 0.025 USD per SMS, then sending 4&lt;br/&gt;at a time (4 x 39 &#43; 1 byte &amp;lt; 160 byte max SMS) reduces costs 1/4 to 252&lt;br/&gt;instead of 1008 messages at a total weekly cost of ~7 instead of 26 USD.&lt;br/&gt;Still not ideal, but a huge savings.&lt;br/&gt;&lt;br/&gt;Since you&amp;#39;re proposing a new message anyway, it doesn&amp;#39;t break compatibility&lt;br/&gt;to add a parameter for how often sendheaders2 chunks up recent headers.&lt;br/&gt;&lt;br/&gt;On Fri, May 8, 2020 at 3:34 PM Will Clark via bitcoin-dev &amp;lt;&lt;br/&gt;bitcoin-dev at lists.linuxfoundation.org&amp;gt; wrote:&lt;br/&gt;&lt;br/&gt;&amp;gt; Hello list,&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; I would like to propose a compressed block header scheme for IBD and block&lt;br/&gt;&amp;gt; announcements. This proposal is derivative of previous proposals found on&lt;br/&gt;&amp;gt; this list (see links in spec below) with some modifications and&lt;br/&gt;&amp;gt; clarifications.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; The below specification (also found at&lt;br/&gt;&amp;gt; &lt;a href=&#34;https://github.com/willcl-ark/compressed-block-headers/blob/v1.0/compressed-block-headers.adoc&#34;&gt;https://github.com/willcl-ark/compressed-block-headers/blob/v1.0/compressed-block-headers.adoc&lt;/a&gt;&lt;br/&gt;&amp;gt; ) details the compression recommended along with the generated bandwidth&lt;br/&gt;&amp;gt; savings in the best-case scenario.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; I look forward to any feedback anyone has to offer on the specification&lt;br/&gt;&amp;gt; itself, as well as any additions or objections to the motivation.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Cheers,&lt;br/&gt;&amp;gt; Will&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; = Compressed block headers&lt;br/&gt;&amp;gt; Will Clark &amp;lt;will8clark at gmail.com&amp;gt;&lt;br/&gt;&amp;gt; v1.0, May 2020:&lt;br/&gt;&amp;gt; :toc: preamble&lt;br/&gt;&amp;gt; :toclevels: 4&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; This work is a derivation of these mailing list posts:&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; 1.&lt;br/&gt;&amp;gt; &lt;a href=&#34;https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-August/014876.html&#34;&gt;https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-August/014876.html&lt;/a&gt;[bitcoin-dev:&lt;br/&gt;&amp;gt; &amp;#34;Compressed&amp;#34; headers stream - 2017] (with resurrection&lt;br/&gt;&amp;gt; &lt;a href=&#34;https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-December/015385.html[here]&#34;&gt;https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-December/015385.html[here]&lt;/a&gt;&lt;br/&gt;&amp;gt; )&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; 2.&lt;br/&gt;&amp;gt; &lt;a href=&#34;https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-March/015851.html&#34;&gt;https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-March/015851.html&lt;/a&gt;[bitcoin-dev:&lt;br/&gt;&amp;gt; Optimized Header Sync]&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; &amp;#39;&amp;#39;&amp;#39;&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; == Motivation&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Block headers as exchanged by nodes over the p2p network are currently 81&lt;br/&gt;&amp;gt; bytes each.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; For low bandwidth nodes who are doing a headers-only sync, reducing the&lt;br/&gt;&amp;gt; size of the headers can provide a significant bandwidth saving. Also, nodes&lt;br/&gt;&amp;gt; can support more header-only peers for IBD and protection against eclipse&lt;br/&gt;&amp;gt; attacks if header bandwidth is reduced.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; === Background&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Currently headers are sent over the p2p network as a vector of&lt;br/&gt;&amp;gt; `block_headers`, which are composed of the following sized fields:&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; [cols=&amp;#34;&amp;lt;,&amp;gt;&amp;#34;]&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt; |Field               |Size&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; |Version             |4 bytes&lt;br/&gt;&amp;gt; |Previous block hash |32 bytes&lt;br/&gt;&amp;gt; |Merkle root hash    |32 bytes&lt;br/&gt;&amp;gt; |Time                |4 bytes&lt;br/&gt;&amp;gt; |nBits               |4 bytes&lt;br/&gt;&amp;gt; |nonce               |4 bytes&lt;br/&gt;&amp;gt; |txn_count           |1 byte&lt;br/&gt;&amp;gt; |*Total*             |81 bytes&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Some fields can be removed completely, others can be compressed under&lt;br/&gt;&amp;gt; certain conditions.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; == Proposed specification&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; === block_header2 data type&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; The following table illustrates the proposed `block_header2` data type&lt;br/&gt;&amp;gt; specification.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; [cols=&amp;#34;&amp;lt;,&amp;gt;,&amp;gt;&amp;#34;]&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt; |Field               |Size     |Compressed&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; |Bitfield            |1 byte   | 1 byte&lt;br/&gt;&amp;gt; |Version             |4 bytes  |0 \| 4 bytes&lt;br/&gt;&amp;gt; |Previous block hash |32 bytes |0 \| 32 bytes&lt;br/&gt;&amp;gt; |Merkle root hash    |32 bytes |32 bytes&lt;br/&gt;&amp;gt; |Time                |4 bytes  |2 \| 4 bytes&lt;br/&gt;&amp;gt; |nBits               |4 bytes  |0 \| 4 bytes&lt;br/&gt;&amp;gt; |nonce               |4 bytes  |4 bytes&lt;br/&gt;&amp;gt; |*Total*             |81 bytes |range: 39 - 81 bytes&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; This compression results in a maximum reduction from an 81 byte header to&lt;br/&gt;&amp;gt; best-case 39 byte header. With 629,474 blocks in the current blockchain, a&lt;br/&gt;&amp;gt; continuous header sync from genesis (requiring a single full 81 byte header&lt;br/&gt;&amp;gt; followed by only compressed `block_header2`) has been tested to have its&lt;br/&gt;&amp;gt; required bandwidth reduced from 50.98MB down to 25.86MB, a saving of 49%.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; ==== Bitfield&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; To make parsing of header messages easier and further increase header&lt;br/&gt;&amp;gt; compression, a single byte bitfield was suggested by gmaxwell footnote:[&lt;br/&gt;&amp;gt; &lt;a href=&#34;https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-December/015397.html&#34;&gt;https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-December/015397.html&lt;/a&gt;].&lt;br/&gt;&amp;gt; We propose the following amended bitfield meanings (bits re-ordered to&lt;br/&gt;&amp;gt; match `headers2` field order):&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; [cols=&amp;#34;&amp;lt;,&amp;lt;&amp;#34;]&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt; |Bit |Meaning &#43; field size to read&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; |0 &#43;&lt;br/&gt;&amp;gt; 1 &#43;&lt;br/&gt;&amp;gt; 2    |version: same as the last *distinct* value 1st ... 7th (0 byte&lt;br/&gt;&amp;gt; field) or a new 32bit distinct value (4 byte field).&lt;br/&gt;&amp;gt; |3   |prev_block_hash: is omitted (0 byte field) or included (32 byte&lt;br/&gt;&amp;gt; field)&lt;br/&gt;&amp;gt; |4   |timestamp: as small offset (2 byte field) or full (4 byte field).&lt;br/&gt;&amp;gt; |5   |nbits: same as last header (0 byte field) or new (4 byte field).&lt;br/&gt;&amp;gt; |6   |possibly to signal &amp;#34;more headers follow&amp;#34; to make the encoding&lt;br/&gt;&amp;gt; self-delimiting.&lt;br/&gt;&amp;gt; |7   |currently undefined&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; This bitfield adds 1 byte for every block in the chain, for a current&lt;br/&gt;&amp;gt; total increase of 629,474B.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; ==== Version&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; In most cases the Version field will be identical to one referenced in one&lt;br/&gt;&amp;gt; of the previous 7 unique versions, as indicated by bits 0,1,2 of the&lt;br/&gt;&amp;gt; Bitfield.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; To block 629,474 there were 616,137 blocks whose version was in the&lt;br/&gt;&amp;gt; previous 7 distinct versions, and only 13,338 blocks whose version was not,&lt;br/&gt;&amp;gt; this includes any version bit manipulation done via overt ASIC boost.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; [cols=&amp;#34;&amp;gt;,&amp;gt;,&amp;gt;,&amp;gt;&amp;#34;]&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt; |Genesis to block |Current (B) |Compressed (B) |Saving (%)&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; |629,474          |2,517,896   |53,352         |98&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; ==== Previous block hash&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; The previous block hash will always be the&lt;br/&gt;&amp;gt; `SHA256(SHA256(&amp;lt;previous_header&amp;gt;))` so is redundant, presuming you have&lt;br/&gt;&amp;gt; the previous header in the chain.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; [cols=&amp;#34;&amp;gt;,&amp;gt;,&amp;gt;,&amp;gt;&amp;#34;]&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt; |Genesis to block |Current (B) |Compressed (B) |Saving (%)&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; |629,474          |20,143,168  |0              |100&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; ==== Time&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; The timestamp (in seconds) is consensus bound, based both on the time in&lt;br/&gt;&amp;gt; the previous&lt;br/&gt;&amp;gt; header: `MAX_FUTURE_BLOCK_TIME = 2 * 60 * 60 = 7200`, and being greater&lt;br/&gt;&amp;gt; than the `MedianTimePast` of the previous 11 blocks. Therefore this can be&lt;br/&gt;&amp;gt; safely represented as an offset from the previous headers&amp;#39; timestamp using&lt;br/&gt;&amp;gt; a 2 byte `signed short int`.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; [cols=&amp;#34;&amp;gt;,&amp;gt;,&amp;gt;,&amp;gt;&amp;#34;]&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt; |Genesis to block |Current (B) |Compressed (B) |Saving (%)&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; |629,474          |2,517,896   |1,258,952      |50&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; ==== nBits&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; nBits currently changes once every 2016 blocks. It could be entirely&lt;br/&gt;&amp;gt; calculated by the client from the timestamps of the previous 2015 blocks&lt;br/&gt;&amp;gt; footnote:[2015 blocks are used in the adjustment calculation due to an&lt;br/&gt;&amp;gt; off-by-one error:&lt;br/&gt;&amp;gt; &lt;a href=&#34;https://bitcointalk.org/index.php?topic=43692.msg521772#msg521772&amp;#34&#34;&gt;https://bitcointalk.org/index.php?topic=43692.msg521772#msg521772&amp;#34&lt;/a&gt;;].&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; To simplify &amp;#39;light&amp;#39; client implementations which would otherwise require&lt;br/&gt;&amp;gt; consensus-valid calculation of the adjustments, we propose to transmit this&lt;br/&gt;&amp;gt; according to the &amp;lt;&amp;lt;Bitfield&amp;gt;&amp;gt; specification above.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; To block 629,474 there have been 298 nBits adjustments (vs an expected 311&lt;br/&gt;&amp;gt; -- there was none before block 32,256).&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; [cols=&amp;#34;&amp;gt;,&amp;gt;,&amp;gt;,&amp;gt;&amp;#34;]&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt; |Genesis to block |Current (B) |Compressed (B) |Saving (%)&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; |629,474          |2,517,896   |1,196          |99.6&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; ==== txn_count&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; txn_count is included to make parsing of these messages compatible with&lt;br/&gt;&amp;gt; parsing of `block` messages footnote:[&lt;br/&gt;&amp;gt; &lt;a href=&#34;https://bitcoin.stackexchange.com/questions/2104/why-is-the-block-header-txn-count-field-always-zero&#34;&gt;https://bitcoin.stackexchange.com/questions/2104/why-is-the-block-header-txn-count-field-always-zero&lt;/a&gt;].&lt;br/&gt;&amp;gt; Therefore this field and its associated byte can be removed for&lt;br/&gt;&amp;gt; transmission of compact headers.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; [cols=&amp;#34;&amp;gt;,&amp;gt;,&amp;gt;,&amp;gt;&amp;#34;]&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt; |Genesis to block |Current (B) |Compressed (B) |Saving (%)&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; |629,474          |629,474     |0              |100&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; === Service Bit&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; A new service bit would be required so that the nodes can advertise their&lt;br/&gt;&amp;gt; ability to supply compact headers.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; === P2P Messages&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Three new messages would be used by nodes that enable compact block header&lt;br/&gt;&amp;gt; support, two query messages: `getheaders2` and `sendheaders2` and one&lt;br/&gt;&amp;gt; response: `headers2`.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; ==== `getheaders2` -- Requesting compact headers&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; The new p2p message required to request compact block headers would&lt;br/&gt;&amp;gt; require the same fields as the current `getheaders` message:&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; [cols=&amp;#34;&amp;gt;,&amp;lt;,&amp;lt;,&amp;lt;&amp;#34;]&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt; |Field Size |Description          |Data type |Comments&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; |4          |version              |uint32_t  |the protocol version&lt;br/&gt;&amp;gt; |1&#43;         |hash count           |var_int   |number of block locator hash&lt;br/&gt;&amp;gt; entries&lt;br/&gt;&amp;gt; |32&#43;        |block locator hashes |char[32]  |block locator object; newest&lt;br/&gt;&amp;gt; back to genesis block (dense to start, but then sparse)&lt;br/&gt;&amp;gt; |32         |hash_stop            |char[32]  |hash of the last desired&lt;br/&gt;&amp;gt; block header; set to zero to get as many blocks as possible (2000)&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; ==== `sendheaders2` -- Request compact header announcements&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Since&lt;br/&gt;&amp;gt; &lt;a href=&#34;https://github.com/bitcoin/bips/blob/master/bip-0130.mediawiki[BIP-130]&#34;&gt;https://github.com/bitcoin/bips/blob/master/bip-0130.mediawiki[BIP-130]&lt;/a&gt;,&lt;br/&gt;&amp;gt; nodes have been able to request to receive new headers directly in&lt;br/&gt;&amp;gt; `headers` messages, rather than via an `inv` of the new block hash and&lt;br/&gt;&amp;gt; subsequent `getheader` request and `headers` response (followed by a final&lt;br/&gt;&amp;gt; `getdata` to get the tip block itself, if desired). This is requested by&lt;br/&gt;&amp;gt; transmitting an empty `sendheaders` message after the version handshake is&lt;br/&gt;&amp;gt; complete.]&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Upon receipt of this message, the node is permitted, but not required, to&lt;br/&gt;&amp;gt; preemptively announce new headers with the `headers2` message (instead of&lt;br/&gt;&amp;gt; `inv`). Preemptive header announcement is supported by the protocol version&lt;br/&gt;&amp;gt; ≥ 70012 | Bitcoin Core version ≥ 0.12.0.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; For the motivational use-case it makes sense to also update this mechanism&lt;br/&gt;&amp;gt; to support sending header updates using compact headers using a new message.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; ==== `headers2` -- Receiving compact headers&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; A `headers2` message is returned in response to `getheaders2` or at new&lt;br/&gt;&amp;gt; header announcement following a `sendheaders2` request. It contains both&lt;br/&gt;&amp;gt; `length` and `headers` fields. The `headers` field contains a variable&lt;br/&gt;&amp;gt; length vector of `block_header2`:&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt; |Field Size |Description |Data type       |Comments&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; |1&#43;         |length      |var_int         |Length of `headers`&lt;br/&gt;&amp;gt; |39-81x?    |headers     |block_header2[] |Compressed block headers in&lt;br/&gt;&amp;gt; &amp;lt;&amp;lt;block_header2 data type&amp;gt;&amp;gt; format&lt;br/&gt;&amp;gt; |===&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; === Implementation&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; * The first header in the first `block_header2[]` vector to a&lt;br/&gt;&amp;gt; newly-connected client MUST contain the full nBits`, `timestamp`, `version`&lt;br/&gt;&amp;gt; and `prev_block_hash` fields, along with a correctly populated `bitfield`&lt;br/&gt;&amp;gt; byte.&lt;br/&gt;&amp;gt; * Subsequent headers in a contiguous vector SHOULD follow the compressed&lt;br/&gt;&amp;gt; &amp;lt;&amp;lt;block_header2 data type&amp;gt;&amp;gt; format.&lt;br/&gt;&amp;gt; * Subsequent compressed headers supplied to an already-connected client&lt;br/&gt;&amp;gt; (requesting compressed headers), SHOULD follow the compressed&lt;br/&gt;&amp;gt; &amp;lt;&amp;lt;block_header2 data type&amp;gt;&amp;gt; format.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; _______________________________________________&lt;br/&gt;&amp;gt; bitcoin-dev mailing list&lt;br/&gt;&amp;gt; bitcoin-dev at lists.linuxfoundation.org&lt;br/&gt;&amp;gt; &lt;a href=&#34;https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev&#34;&gt;https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev&lt;/a&gt;&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;&lt;br/&gt;-- &lt;br/&gt;Richard Myers&lt;br/&gt;Decentralized Applications Engineer, goTenna&lt;br/&gt;gotenna.com&lt;br/&gt;@gotenna&lt;br/&gt;-------------- next part --------------&lt;br/&gt;An HTML attachment was scrubbed...&lt;br/&gt;URL: &amp;lt;&lt;a href=&#34;http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20200520/f9b6f40d/attachment-0001.html&amp;gt&#34;&gt;http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20200520/f9b6f40d/attachment-0001.html&amp;gt&lt;/a&gt;;
    </content>
    <updated>2023-06-07T18:24:35Z</updated>
  </entry>

  <entry>
    <id>https://njump.me/nevent1qqsd7rzpv95xnw9v0ldg4wppn7q6gpgjqyc6dq9edm5yhs82rmr07gqzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7skpjxwk</id>
    
      <title type="html">📅 Original date posted:2020-05-12 📝 Original message:Thanks ...</title>
    
    <link rel="alternate" href="https://njump.me/nevent1qqsd7rzpv95xnw9v0ldg4wppn7q6gpgjqyc6dq9edm5yhs82rmr07gqzyp2tluwzzj0v3pxar6g5fwef0yaavh2mnvmmrla8pgkzm30gxuz7skpjxwk" />
    <content type="html">
      In reply to &lt;a href=&#39;/nevent1qqsvx7g9whgh44wltc3v6shkd50caagxhtp42muugm5r9z588v76resrr2y8z&#39;&gt;nevent1q…2y8z&lt;/a&gt;&lt;br/&gt;_________________________&lt;br/&gt;&lt;br/&gt;📅 Original date posted:2020-05-12&lt;br/&gt;📝 Original message:Thanks for sharing your thoughts ZmnSCPxj. I think I can summarize your&lt;br/&gt;concern as: A node without direct internet connectivity can not rely on an&lt;br/&gt;opportunistically incentivized local network peer for blockchain&lt;br/&gt;information because the off-grid node&amp;#39;s direct LN peers could collude to&lt;br/&gt;not forward the payment.&lt;br/&gt;&lt;br/&gt;On Mon, May 11, 2020 at 7:44 AM ZmnSCPxj &amp;lt;ZmnSCPxj at protonmail.com&amp;gt; wrote:&lt;br/&gt;&lt;br/&gt;&amp;gt; &amp;gt; 2) a light client can query an ISP connected full node on the same&lt;br/&gt;&amp;gt; unmetered local WiFi network and exchange differences in block headers&lt;br/&gt;&amp;gt; opportunistically or pay for large missing ranges of headers, filters or&lt;br/&gt;&amp;gt; full blocks using a payment channel. Cost is reduced and privacy is&lt;br/&gt;&amp;gt; enhanced for the light client by not using a centralized ISP. Bandwidth for&lt;br/&gt;&amp;gt; running the full node can be amortized and subsidized by payments from&lt;br/&gt;&amp;gt; light clients who they resell data to.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; A relatively pointless observation, but it seems to me that:&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; * The light client is requesting for validation information, because...&lt;br/&gt;&amp;gt; * ...its direct peers might be defrauding it, leading to...&lt;br/&gt;&amp;gt; * ...the money it *thinks* it has in its channels being valueless.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Thus, if the light client opportunistically pays for validation&lt;br/&gt;&amp;gt; information (whether full blocks, headers, or filters), the direct peers it&lt;br/&gt;&amp;gt; has could just as easily not forward any payments, thus preventing the&lt;br/&gt;&amp;gt; light client from paying for the validation information.&lt;br/&gt;&amp;gt;&lt;br/&gt;&amp;gt; Indeed, if the direct peer *is* defrauding the light client, the direct&lt;br/&gt;&amp;gt; peer has no real incentive to actually forward *any* payments --- to do so&lt;br/&gt;&amp;gt; would be to reduce the possible earnings it gets from defrauding the light&lt;br/&gt;&amp;gt; client.&lt;br/&gt;&amp;gt; (&amp;#34;Simulating&amp;#34; the payments so that the light client will not suspect&lt;br/&gt;&amp;gt; anything runs the risk that the light client will be able to forward all&lt;br/&gt;&amp;gt; its money out of the channel, and the cheating peer is still potentially&lt;br/&gt;&amp;gt; liable for any funds it originally had in the channel if it gets caught.)&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;One question I had is: how can a malicious direct payment peer &amp;#34;simulate&amp;#34; a&lt;br/&gt;successful payment made by an off-grid victim peer to an information&lt;br/&gt;source?  The censoring peer wouldn&amp;#39;t be able to return the preimage for a&lt;br/&gt;payment they failed to forward. Also, since the information provider and&lt;br/&gt;off-grid node can presumably communicate via their local network&lt;br/&gt;connection, it would be obvious if all of the victims LN peers were failing&lt;br/&gt;to forward payments (whether maliciously or due to routing failures) to an&lt;br/&gt;information provider they could otherwise communicate with.&lt;br/&gt;&lt;br/&gt;Any LN payments not monitored by a watchtower that are received by the&lt;br/&gt;eclipsed off-grid victim node would be at risk in this attack scenario.&lt;br/&gt;Likewise any layer 1 payments they received should be buried under&lt;br/&gt;sufficient valid block headers before being relied on.&lt;br/&gt;&lt;br/&gt;I don&amp;#39;t see how a LN node one-step removed from a direct internet&lt;br/&gt;connection is at more risk than an internet connected node eclipsed by&lt;br/&gt;their ISP, for example. In both cases, failure to get timely blockchain&lt;br/&gt;info should trigger warnings to stop accepting payments.&lt;br/&gt;&lt;br/&gt;&lt;br/&gt;&amp;gt; What would work would be to use a system similar to watchtowers, wherein&lt;br/&gt;&amp;gt; the validation-information-provider is prepaid and issues tokens that can&lt;br/&gt;&amp;gt; be redeemed later.&lt;br/&gt;&amp;gt; But this is not suitable for opportunistic on-same-WiFi where, say, a&lt;br/&gt;&amp;gt; laptop is running a validation-information-provider-for-payment program on&lt;br/&gt;&amp;gt; the same WiFi as a light-client mobile phone, if we consider that the&lt;br/&gt;&amp;gt; laptop and mobile may have never met before and may never meet again.&lt;br/&gt;&amp;gt; It would work if the laptop altruistically serves the blocks, but not if&lt;br/&gt;&amp;gt; it were for (on-Lightning) payment.&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;There&amp;#39;s another problem if we can&amp;#39;t rely on a recurring relationship with&lt;br/&gt;an information provider besides not being able to prepay for validation&lt;br/&gt;information doesn&amp;#39;t make sense. We don&amp;#39;t want an information provider to&lt;br/&gt;collect payments for serving invalid information. Maybe for very small&lt;br/&gt;payments this isn&amp;#39;t a problem, but ideally validity could be coded into the&lt;br/&gt;HTLC.&lt;br/&gt;&lt;br/&gt;For example, an alternative HTLC construct that only paid for valid 81 B&lt;br/&gt;headers that hash to 32 B values with a number of leading zeros committed&lt;br/&gt;to by the HTLC. It would make more economic sense for an internet gateway&lt;br/&gt;node to serve valid mined header to nodes on their local WiFi network than&lt;br/&gt;to create bogus ones with the same (high) amount of work.&lt;br/&gt;&lt;br/&gt;&lt;br/&gt;&amp;gt; So it seems to me that this kind of service is best ridden on top of&lt;br/&gt;&amp;gt; watchtower service providers.&lt;br/&gt;&amp;gt;&lt;br/&gt;&lt;br/&gt;Public watchtowers or some sort of HTTP proxy data cache similar to a&lt;br/&gt;watchtower makes the most sense to me because they would be expected to be&lt;br/&gt;economically motivated and LN payment aware. Full nodes could potentially&lt;br/&gt;be incentivized to exchange new data with other nodes in a tit-for-tat way,&lt;br/&gt;but I don&amp;#39;t expect them to be incentivized by light clients using LN&lt;br/&gt;micropayments in a server-client arrangement.&lt;br/&gt;&lt;br/&gt;Network agents that monetize full node information services beyond channel&lt;br/&gt;monitoring would be more than just a &amp;#34;Watchtower&amp;#34; for light clients. Would&lt;br/&gt;they be more like incentivized Electrum servers? Are there still privacy&lt;br/&gt;concerns when they serve generic/un-personalized headers/filters/blocks to&lt;br/&gt;light clients? A personal, altruistic or friends and family watchtower is&lt;br/&gt;also possible, but I&amp;#39;m thinking about how light clients without this&lt;br/&gt;possibility can be served.&lt;br/&gt;&lt;br/&gt;Happy new epoch,&lt;br/&gt;&lt;br/&gt;  -- Richard&lt;br/&gt;&lt;br/&gt;-- &lt;br/&gt;Richard Myers&lt;br/&gt;Decentralized Applications Engineer, goTenna&lt;br/&gt;gotenna.com&lt;br/&gt;@gotenna&lt;br/&gt;-------------- next part --------------&lt;br/&gt;An HTML attachment was scrubbed...&lt;br/&gt;URL: &amp;lt;&lt;a href=&#34;http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20200512/ea1a456e/attachment-0001.html&amp;gt&#34;&gt;http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20200512/ea1a456e/attachment-0001.html&amp;gt&lt;/a&gt;;
    </content>
    <updated>2023-06-07T18:24:27Z</updated>
  </entry>

</feed>