1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 01:50:03 +01:00
Commit Graph

69 Commits

Author SHA1 Message Date
Rusty Russell
aed3d28d5a BOLT 12: offers, sixth draft
A BOLT11 "invoice" has proven too low-level for human use in many
scenarios.  Efforts like lnurl have covered the gap, but integrating
some of such higher layers into the lightning protocol itself has many
advantages.

This draft defines three new things:

1. A new invoice format.  I know, this is painful, but it maps almost
   1:1 to the current format (though signatures are very different),
   is easier to implement, and easier to send via the lightning
   network itself.

2. Formats for an "offer", which for all intents and purposes serves
   as the new, persistent invoice for users.

3. Format for an "invoice_request": this is a message sent via the
   lightning network itself to receive the real invoice, or can
   be used directly in a send-money scenario (e.g. ATM).

The offer (for accepting payments) or invoice_request (for sending
payments) are usually presented via a QR code or similar, the replies
are sent using onion messages.  Each copies fields from the prior so
it stands alone, to allow statelessness.

Features which have been deliberately omitted for the initial version:
- Recurrence.
- Invoice replacement ("don't accept that old payment!")
- Payer proof for refunds.

This effort has been EPIC, and there is absolutely no way I could have
done this without the often thankless task of implementing,
re-implementing, revising and re-reading this text.

In particular I have been delighted to receive the mental boost from
the following people:

1. Thomas H of ACINQ (https://github.com/thomash-acinq)
2. Jeffrey Czyz of Square Crypto (https://github.com/jkczyz)
3. Joost Jager (https://github.com/joostjager)
4. Aditya Sharma (https://github.com/adi2011)
5. Rene Pickhardt (https://github.com/renepickhardt)
6. Bastien Teinturier of ACINQ (https://github.com/t-bast)
7. Valentine Wallace of LDK (https://github.com/valentinewallace)
8. Matt Corallo of LDK (https://github.com/BlueMatt)

Also @bjarnemagnussen, @ellemouton, @animatedbarber, @617a7a,
@instagibbs, @evansmj, @eupn and @yyforyongyu.

(And no doubt others over the years, who I've accidentally omitted!)

Yes, of course, thanks to my family for their patience with me.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-09-24 19:40:59 +09:00
Rusty Russell
5dd9d9cd5f BOLT 2: quiescence protocol.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>




Header from folded patch 'bolt_2__set_an_initiator_in_quiescence.patch':

BOLT #2: Set an initiator in quiescence.

This is especially useful for protocols such as splicing; for
simplified commitment transactions, there is already an implied
initiator at each point, so having the negotiation at splicing
time would be redundant.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>



Header from folded patch 'option_quiesce__feature_to_support_stfu_method.patch':

option_quiesce: feature to support stfu method.

In practice, sftu is useless unless you have something (e.g. channel_upgrade)
which uses it, but adding a feature is best practice IMHO.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2024-06-18 07:08:11 +09:30
t-bast
1e48543ff1 Add section about liquidity griefing
This issue is non-trivial and worth mentioning, otherwise implementations
may forget to handle this which would result in an easy way of attacking
node's on-chain liquidity, creating a large opportunity cost.
2024-02-13 11:55:23 -06:00
niftynei
c00c0dd7bc interactive-tx: Add dual-funding flow, using the interactive tx protocol
This commit adds the interactive transaction construction protcol, as
well as the first practical example of using it, v2 of channel
establishment.

Note that for v2 we also update the channel_id, which now uses the hash
of the revocation_basepoints. We move away from using the funding
transaction id, as the introduction of RBF* makes it such that a single
channel may have many funding transaction id's over the course of
its lifetime.

*Later, also splicing
2024-02-13 11:55:23 -06:00
niftynei
15fb2df63a spelling: fix spelling mistakes + add new words to ignore spelling 2024-02-13 11:55:23 -06:00
Rusty Russell
f0f35ec73b fixup! BOLT 4: onion message support.
Typo fixes from @t-bast, @thomash-acinq and @remyers.
2023-08-01 06:20:16 +09:30
Rusty Russell
17ceba42dc BOLT 4: onion message support.
These use onion encoding for simple one-way messaging: there are no error returns.
However, every onion uses route blinding *even if it doesn't need to*.

You can prove what path was used to reach you by including `path_id` in the
encrypted_data_tlv.

Note that this doesn't actually define the payload we're transporting:
that's explictly defined to be payloads in the 64-255 range.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2023-08-01 06:20:16 +09:30
t-bast
c4c5a8e5fb Bolt 4: add blinded payments
Add specification requirements for using route blinding to make payments
while preserving recipient anonymity. Implementers must ensure they
understand all those requirements, there are subtle attacks that could let
malicious senders deanonymize the route if incompletely implemented.
2023-03-28 08:44:14 +02:00
Rusty Russell
e60d594abf
Fix typo and aspell list. (#963)
Since Travis died, we don't get CI to check these any more :(

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-02-25 12:17:18 +01:00
Rusty Russell
3508e4e85d BOLT 2: option_shutdown_anysegwit
In bitcoin 0.19.0, standardness rules are going to be relaxed to allow
future witness versions.  Once this is widely deployed, it will be safe
to accept them, smoothing use of future segwit versions.

See: https://github.com/bitcoin/bitcoin/pull/15846

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-05-25 06:46:27 +09:30
Johan T. Halseth
a00418f5f9
bolt-09: reserve feature bits for option_anchors_zero_fee_htlc_tx (#828) 2021-01-04 20:40:57 +01:00
Joost Jager
1739746afa
Anchor outputs
This commit extends the specification with a new commitment format that
adds two anchor outputs to the commitment transaction. Anchor outputs
are a safety feature that allows a channel party to unilaterally increase
the fee of the commitment transaction using CPFP and ensure timely
confirmation on the chain. There is no cooperation required from the
remote party.
2020-08-19 15:27:21 +02:00
Rusty Russell
9e8e29af9b
Complete the Fundamental Types. (#778)
* Rename all the 'varint' to 'bigsize'.

Having both is confusing; we chose the name bigsize, so use it
explicitly.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* BOLT 7: use `byte` instead of `u8`.

`u8` isn't a type; see BOLT #1 "Fundamental Types".

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* BOLT 1: promote bigsize to a Fundamental Type.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-05-25 22:25:46 +02:00
Antoine Riard
11fd658059
Make explicit witness must conform to MINIMALIF (#764) 2020-04-27 21:50:57 +02:00
Thorkil Værge
85068c5099
Add bolt11 test vector with amount in p units (#699) 2020-03-03 18:36:44 +01:00
Bastien Teinturier
dcbf858397
Clarify numerical comparison of pubkeys (#743)
We are using lexixographic order (which is the same as big-endian
when inputs have the same size, such as compressed public keys).
2020-02-18 09:53:12 +01:00
Olaoluwa Osuntokun
8dd0b75809 BOLT-04: modify Sphinx packet construction to use starting random bytes
In this commit, we modify the existing instructions to create the Sphinx
packet to no longer start out with a zero initialize set of 1366 bytes.
Instead, we now instruct the sender to use _random_ bytes derived from a
CSPRG. This fixes a recently discovered privacy leak that allows an
adversarial exit hop to ascertain a lower bound on the true path length.

Note that this doesn't affect packet processing, so this is a backwards
compatible change. Only clients need to update in order to avoid this
privacy leak.

After this change is applied, the test vectors as is don't match the
spec, as they're created using the original all zero starting bytes. We
can either update these with our specified set of random bytes, or leave
them as is, as they're fully deterministic as is.

An alternative path would be to generate more random bytes from the
shared secret as we do elsewhere (the chacha based CSPRNG).
2020-01-24 18:17:10 +01:00
Rusty Russell
b2a3c2fb07 BOLT 9: Add feature bits for payment_secret and basic_mpp.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-12-13 03:48:57 +00:00
Rusty Russell
206084c939 BOLT 9: flatten feature fields.
We simply specify, in each case, where they will appear ("Context").

Because `globalfeatures` is already in use, we fold that into the
renamed `localfeatures` field to unify them (now called `features`),
but dissuade further use.

Note also: we REQUIRE minimal `features` field in
channel_announcement, since otherwise both sides of channel will not
agree and not be able to create their signatures!

Consider these theoretical future features:

`opt_dlog_chan`: a new channel type which uses a new discrete log HTLC
type, but can't support traditional HTLC:

* `init`: presents as odd (optional) or even (if traditional channels
  not supported)
* `node_announcement`: the same as above, so you can seek suitable peers.
* `channel_announcement`: presents as even (compulsory), since users need
  to use the new HTLCs.

`opt_wumbochan`: a node which allows channels > 2^24 satoshis:

* `init`: presents as odd (optional), or maybe even (if you only want
  giant channels)
* `node_announcement`: the same as above, so you can seek suitable peers.
* `channel_announcement`: not present, since size of channel indicates
  capacity.

`opt_wumbohtlc`: a channel which allows HTLCs > 2^32 millisatoshis:

* `init`: presents as odd (optional), or even (compulsory)
* `node_announcement`: the same as above, so you can seek suitable peers.
* `channel_announcement`: odd (optional) since you can use the channel
  without understanding what this option means.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Co-Authored-By: Bastien Teinturier <31281497+t-bast@users.noreply.github.com>
2019-11-25 19:34:23 +00:00
Rusty Russell
2afe3559e8 option_static_remotekey: final draft.
This separates out the static remotekey changes from the more ambitious
option_simplified_commitment (which also included pushme outputs and
bring-your-own-fee for HTLC outputs).

As per http://www.erisian.com.au/meetbot/lightning-dev/2019/lightning-dev.2019-09-02-20.06.html

Thanks to everyone for feedback: @araspitzu @roasbeef @bitconner

Suggested-by: @roasbeef
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-09-26 06:19:58 +00:00
sstone
1f95ea95bc Spelling fixes 2019-09-16 22:36:59 +02:00
sstone
0b5ba0cd4e BOLT7: query_short_channel_ids: allow requesting specific information (folded)
Nodes can append additional data to their `query_short_channel_ids`
messages, which consists in one flag per short channel id and
specifies what they would like to receive (`node_announcement`,
`channel_announcement`, or/and one `channel_update` or both).
2019-09-16 22:36:59 +02:00
Rusty Russell
3da8923453 spelling: check all the .md files
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-07-28 07:03:19 +00:00
Christian Decker
4ac1bcc99b bolt04: Shut the spellchecker up 2019-07-26 11:38:33 +02:00
Rusty Russell
2fe6af8567 spellcheck: allow space-separated hex, and a few new terms.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-07-22 23:27:13 +00:00
Conner Fromknecht
65784f755f BOLT01: swap CompactSize for BigSize in TLV format
This commit modifies the varint encoding used for TLV types and lengths
to use a custom format called BigSize. The format is identical to
bitcoin's CompactSize, except it replaces the use of little-endian
encodings for multi-byte values with big-endian. This is done to prevent
mixing endianness within the protocol, since otherwise CompactSize would
be the first introduction of little-endian encodings.
2019-07-22 15:19:09 -05:00
Ugam Kamat
1db481ffeb BOLT #7: receiving node requirements related to timestamp for channel_update message (#621)
Clarify timestamp requirements for channel_update messages.
2019-07-16 09:24:26 +02:00
Conner Fromknecht
779664cd82
BOLT01: add TLV spec 2019-06-12 15:14:55 -07:00
Rusty Russell
a07dc3df3b BOLT 2: add missing spellcheck words, change 'funding txo' to 'funding output'.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-12-10 02:46:07 +00:00
Rusty Russell
fd9da9b95e BOLT 7: Add compressed (zlib) encoding.
[ Note: in retrospect, adding this in the initial draft without its
  own feature bit was a mistake.  It was a premature optimization,
  adds complexity and removes the ability to disable it if a problem
  is found without disabling gossip_queries entirely.  However, it
  is already deployed as-is. --RR ]
  
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-28 00:21:23 +00:00
Rusty Russell
f6312d9a70 BOLT 7: query_messages option.
[ This was a joint effort by many people, with iterations not
  indicated in this final commit: thanks to all who reviewed and
  polished!  Particularly: @jimpo @cdecker @sstone @ZmnSCPxj ]

This enables three new functions:

1. query_short_channel_ids: they will send channel_announcement /
   channel_update / node_announcement followed by reply_short_channel_ids_done.
2. query_channel_range: they will send one or more reply_channel_range
   with the short_channel_ids in these blocks.
3. gossip_timestamp_filter: filters what gossip they send.

It also changes behavior: we no longer send a `channel_announcement`
until we have at least one `channel_update`.  The announcement is
fairly useless without an update already, but this in particular
enables reasonable timestamp filtering (channel_announcement does not
have an explicit timestamp).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-06-28 00:21:23 +00:00
DanielWeigl
48bbee8d55 add the word 'regtest' to the spellchecker 2018-04-30 20:23:38 +00:00
Jim Posen
c4e42bcfd6 BOLT 4: Rearrange sections, moving dependent concepts lower. 2018-03-05 20:11:32 +01:00
Jim Posen
3927ae3fd1 BOLT 4: Update onion construction reference code.
The description now suggests the use of an ephemeral private key, so
the reference code is simplified by using that concept. The reference
code is also updated to make fewer calls to undefined functions.
2018-03-05 20:11:32 +01:00
Jim Posen
5a3b5ce0bd BOLT 4: Clarify the onion construction section.
The new description introduces the concept of an ephemeral private key,
which I find easier to reason about and suggests a linear instead of
quadratic construction algorithm.
2018-03-05 20:11:32 +01:00
Rusty Russell
c132855d4b Spelling list: add new words.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-02-20 01:10:38 +00:00
Conner Fromknecht
e24d36eb4f aspell: adds injection attack keywords to dictionary
* javascript
 * Javascript
 * DOM
 * SQL
 * XSS
 * Implementers
 * sanitization
2018-02-05 23:38:01 +00:00
Christian Decker
815182ea26 spell: Add BTC acronym to dictionary 2018-01-22 20:10:53 +01:00
Rusty Russell
7ab1665b2a BOLT 2: clarify that feerate is in *satoshi* per ksipa.
We don't actually say that!

Closes: #336
Reported-by: Matt Corallo
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2018-01-09 03:06:29 +00:00
Landon Mutch
b36d0bd9e3 make spellcheck happy 2017-12-22 00:24:48 +00:00
Landon Mutch
4e6eb48e14 make spellcheck happy 2017-12-21 04:08:33 +00:00
Rusty Russell
e7f34dc932 spelling: add incentivize to dictionary.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-12-18 19:13:21 +00:00
Shannon Appelcline
faba9241ac Manual rebase of Shannon's PR-294 rewrite.
This got a little messy as some changes now needed to be applied in
two places, and other wording has been completely removed.  Another
pass on top will be required.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-12-08 01:09:42 +00:00
Landon Mutch
aed4b11423 make spell check happy 2017-12-07 02:36:10 +00:00
Landon Mutch
c00df17214 BOLT 0,2: update stylesheet, apply associated changes, 2nd pass copy-edit
BOLT 0: Update style sheet to reflect correct Bitcoin capitalizations
BOLT 2: Complete second pass copy-edit according to stylesheet guidelines
2017-11-28 23:11:55 +00:00
Shannon Appelcline
da67c9a3f7 Appended Bitcoins to word list 2017-11-27 23:38:01 +00:00
landonmutch
04301add81
Merge branch 'master' into master 2017-11-15 03:33:36 -08:00
Rusty Russell
4f91f0bb2a htlckey: new basepoint avoid holding the payment secret.
This is stolen from @sstone's #243 "reduce attack surface".

This breaks compatibility, as agreed at the 2017-11-13 meeting.
Note also that it does not update the test vectors.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-11-14 22:58:11 +00:00
Landon Mutch
24896d847d make spellcheck.sh happy 2017-11-13 19:18:09 -08:00
Pierre-Marie Padiou
d1fbfd30f8 BOLT 7,11: Added an optional min_final_cltv_expiry field in BOLT 11 (#258)
Added an optional `c` field in the payment request specifying the
minimum `cltv_expiry` to use for the last htlc in the route. If
not provided, default value is 9.

This commit also clarifies how `channel_update` messages are only
to be used in the context of relaying payments, and how both htlc
amounts and expiries are to be calculated backwards from the values
provided in the payment request.

Not needing the `channel_update` for the first channel in a route also
means that it is possible to make a payment through a channel which 
hasn't had any announcements yet.
2017-10-18 15:31:31 +02:00