1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 01:50:03 +01:00
Commit Graph

1073 Commits

Author SHA1 Message Date
Rusty Russell
809ad65ea0 BOLT 2: fix dangling sentence.
`channel-id` which identifies , which is derived
=>
	`channel-id` to identify the channel, which is derived

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-08 08:17:20 +09:30
Christian Decker
1060e18332 bolt07: Add flag to disable channels temporarily. (#143)
This is useful to signal either permanent or temporary channel unavailability.
2017-04-08 07:43:10 +09:30
Pierre-Marie Padiou
8f57038337 expanded definition of setup messages 2017-04-08 03:23:31 +09:30
Olaoluwa Osuntokun
f048a2c298 BOLT 1: introduce ping and pong control messages (#134)
Connections between nodes within the network may be very long lived as
payment channels have an indefinite lifetime. However, it’s likely that
for a significant portion of the life-time of a connection, no new data
will be exchanged. Additionally, on several platforms it’s possible that
Lightning clients will be put to sleep without prior warning. As a
result, we use a distinct ping message in order to probe for the
liveness of the connection on the other side, and also to keep the
established connection active.

This commit adds two new control messages to the protocol: `ping` and
`pong`. Their usage within the network is similar to the usage of such
message within other established protocols: `ping` messages specify a
number of bytes to be contained in the payload of a `pong` message, and
`pong` messages are to be sent in response to receiving a `ping` message.

Additionally, the ability for a sender to request that the receiver send
a response with a particular number of bytes enables nodes on the
network to create synthetic traffic. Such traffic can be used to
partially defend against packet and timing analysis as nodes can fake
the traffic patterns of typical exchanges, without applying any true
updates to their respective channels.

When combined with the onion routing protocol defined in BOLT#4, careful
statistically driven synthetic traffic can serve to further bolster the
privacy of participants within the network.

As a bonus, the usage of periodic `ping` message ensures frequent key
rotation between connected nodes.

[ The result is a bikeshed of every possible color! -- RR ]
2017-04-04 12:54:50 +09:30
Rusty Russell
6b80a9f258 BOLT 4: allow more overpaying.
The idea of the "SHOULD fail if amount is too much" was courtesy against
overpaying, but that's a bad idea of you value privacy and some vendor has
well-known prices.  Allow a factor of two, at least.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-04-01 23:41:44 +10:30
Rusty Russell
ed107e4ef0 tools/extract-formats.py: allow fields with _ in them.
eg. BOLT 4.

See also: #141

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-31 14:14:29 +10:30
Rusty Russell
9d29e98eec BOLT 2: htlc-cltv must be in blocks.
ie. < 500 million.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-30 12:04:20 +10:30
Fabrice Drouin
c3781c8938 Merge pull request #137 from rustyrussell/bolt3-use-remote-revocation-basepoint
BOLT 3: fix labels on test vectors.
2017-03-28 12:09:37 +02:00
Rusty Russell
5ed243de2d BOLT 3: fix labels on test vectors.
As per ElementsProject/lightning#134 Fabrice points out that to calculate
our own commitment tx, we use the *other* side's revocation basepoint:

	The revocationkey is a blinded key: the remote node provides the base,
	and the local node provides the blinding factor which it later
	reveals

Thus, we fix the test vectors by renaming "local_revocation_basepoint"
to "remote_revocation_basepoint", which is what we should be using.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-24 12:24:24 +10:30
Rusty Russell
a39b236e80 BOLT 2: require that we don't fulfill close to timeout either.
It was never mentioned, but fulfilling a timedout HTLC means a race
between timing out and fulfilling, which is bad.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-24 12:10:24 +10:30
Olaoluwa Osuntokun
9e0a0e893d BOLT 02: add a chain-hash field to the open_channel msg (#135)
This commit adds a `chain-hash` field to message that commences a
funding workflow. This field is used to specify a _target_ chain for the
proposed channel. In order to uniquely identity blockchains in a manner
that doesn't require strict coordination between developers, the genesis
hash of the target chain is used. For channels opened on the Bitcoin
blockchain, the `chain-hash` field should _always_ be set to:
000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f.

Introducing this new field _immediately_ allows nodes within the network
to open a channel within any Satoshi-derived blockchain. Nodes can have
channels open across different blockchains globally, but also have many
channels open across distinct blockchains with the same peer.
2017-03-24 12:09:41 +10:30
Clark
351ea92a6b Fix typo
Instead of "ensure the blockchain," it should be "enter the blockchain"
2017-03-22 20:08:04 +01:00
Rusty Russell
41f400a378 BOLT 2: simplify shutdown constraints.
As per discussion in #115, we now allow `shutdown` immediately following
`commitment_signed`.

This means that revoke-and-ack doesn't *always* ack the shutdown.  Rather
than specify that a revoke-and-ack which is caused by an update-commit
following the shutdown acknowledges, we leave this unacknowledged until
we actually start closing.

This means we will retransmit it on every reconnect until then.  But
that's not all that wasteful, and fairly robust.

Suggested-by: Pierre-Marie Padiou <pm.padiou@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-22 11:38:04 +10:30
Rusty Russell
b18322e06e BOLT 2: change dust limit for closing to each use their own.
Using the receiver's dust limit implies a naive node can be fooled
(by a peer with massive dust limit) into not getting its own output.

Using our own opens the possibility of creating different transactions,
so we explicitly allow the tractable case, while accepting failure on
the case where disagreement is real.

Closes: #128
Reported-by: Pierre-Marie Padiou
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-22 11:37:39 +10:30
Rusty Russell
9a572ff0a3 BOLT 2: fix remaining commit_sig references.
Left over from 00a8e97a68, which purported
to change commit_sig -> commitment_signed.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-21 10:28:18 +01:00
Rusty Russell
06a5e6cbdb tools/bolt3-bitcoind-test.sh: setup to feed BOLT3 test vector txs to bitcoind.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-17 11:31:37 +10:30
Pierre-Marie Padiou
373de09154 revoke_and_ack is acknowledged by closing_signed 2017-03-10 09:58:13 +10:30
Rusty Russell
e6aa70ebc0 BOLT 3: update test vectors for new scripts and weight calculation.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-08 05:50:44 +10:30
Rusty Russell
aeb6e45d7e BOLT 3: fix internal remote_secret_key documentation.
We didn't update it for 394da29189
"BOLT 3: fix test vector derivation."

This doesn't actually change any results, just fixes an intermediate
calculation.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-08 05:50:44 +10:30
Rusty Russell
7c59d6990b BOLT 3: update numbers in example calculation.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-08 05:50:44 +10:30
Rusty Russell
0d7cf77970 BOLT 2: reduce HTLC maximum limit based on new penalty calculations.
We can no longer allow 511 each way; reduce it to match our calculations
so we can always create a single standard penalty transaction.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-08 05:50:44 +10:30
Rusty Russell
392008a7d3 BOLT 3,5: update weight calculations for revocation key hash in script.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-08 05:50:44 +10:30
Rusty Russell
a597738b94 BOLT 3: Use revocation key hash rather than revocation key in scripts.
This means more bytes if we need to create a penalty tx, but less for
normal operation:

Witness script for offered htlcs: 139 bytes -> 133 bytes.
Witness script for accepted htlcs: 156 bytes -> 139 bytes.

It's also a little simpler; it's just an OP_IF around the old scripts
to test for the revocation key being the top arg.

Suggested-by: Joseph Poon <joseph@lightning.network>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-08 05:50:44 +10:30
pm47
557db43378 make htlc outputs of the commitment tx spendable with revocation key
(Merge conflict in test vectors fixed by selecting Pierre's, will have to
 be re-evaluated).

Closes: #105
2017-03-07 09:21:40 +10:30
Rusty Russell
034c234829 BOLT 2,3: SHOULD NOT create malleable funding tx.
But note that our funding transaction example is.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 06:39:28 +10:30
Rusty Russell
4af8e18411 BOLT 0,1,2,7: use txout not channel-id for demuxing. (#119)
At cost of a few extra bytes between peers, this avoids the whole "oops, we were on a chain fork" problem, and simplifies generation of temporary channel-ids (just pick a random one).

Now we move the announcement_signature exchange to at least 6 confirms, which makes re-xmit tricky; I resolved that by insisting on reconnect that we send if we haven't received, and reply to the first one.

The term "channel shortid" wasn't used anywhere, so I removed it; it's now a gossip-only thing anyway.

One subtle change: pkt_error on unknown channels is now "MUST ignore"; this section was reworked anyway, and we'll want this if the #120 goes through, where one side might have forgotten unformed channels).

Closes: #114
Suggested-by: Olaoluwa Osuntokun <laolu32@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* FIXUP! Two bytes for funding-output-index.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* FIXUP! Channel-id rework, temp ids, 32 bits only.

Re-add the idea of temporary channel ids: far simpler since they're now
big enough we can just fill with noise.

Remove the alignment issues by combining txid and outnum using XOR; we
could reduce to 128 bit if we really wanted to, but we don't.

Error handling is now simple again, but while editing I changed the
behaviour for unknown channels to MUST ignore (this is important for

Change the 8-byte gossip channel id to `short-channel-id`.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* FIXUP!  Minor text tweaks from Pierre-Marie and Christian

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 14:50:13 +10:30
Christian Decker
bf815005ec BOLT08: Renumbering references
We dropped reference 1 and 2 during the split, and the offset
numbering is causing a bit of head-scratching. This renumbers the
reference.

Closes #117
2017-02-28 13:48:54 +10:30
Rusty Russell
dc0b529161 BOLT 3: update test vectors for ec99f893f3
The weights of HTLCs were corrected by Pierre in "fixed htlc weight
calculation": this adjusts the test vectors to match.

This also means that the feerate thresholds change.

In addition, this fixes feerate on "maximum feerate" tests,
and corrects the fee for the htlc-timeout tx.

Reported-by: Fabrice Drouin <fabrice.drouin@acinq.fr>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-22 09:59:37 +10:30
Rusty Russell
0801f05795 BOLT 3: Note the HTLC number when annotating witness scripts.
This is more distinctive than amount.

No normative changes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-22 09:59:37 +10:30
Rusty Russell
394da29189 BOLT 3: fix test vector derivation.
The test vectors themselves were fine, but they're supposed to be derived
from known basepoints (and I was actually testing this with some new code).

I accidentally used the *remote* per-commitment-point, instead of the *local*
per-commitment-point to derive the remotekey/remote_privkey; since we are
generating the local transaction, this is wrong.  We don't need to know
the remote per-commitment-point at all, in fact.

Thus, the remotekey (and signatures) in the test vectors change.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-22 09:59:37 +10:30
pm47
6e8fe9dd2f BOLT 9: make it clear that 'channel_public' apply to all channels in the same connection 2017-02-21 14:41:27 +10:30
Pierre-Marie Padiou
03a917fa6b revoke_and_ack is not acked by update messages 2017-02-20 12:05:29 +10:30
Rusty Russell
f63d89c207 BOLT 2: document requirements of max-htlc-value-in-flight-msat
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-16 11:30:17 +01:00
sstone
a72b357ee6 BOLT 1: specify connection handling
see #109
2017-02-16 10:14:34 +10:30
pm47
0958747fe0 BOLT 2: added requirements on htlc forwarding 2017-02-16 10:07:51 +10:30
Otto Allmendinger
5114f58b0e BOLT 02: fix state listing in "Normal Operation"
Markdown wants a newline there.
2017-02-14 09:06:53 +10:30
Otto Allmendinger
560439ddf8 BOLT 02: change "responser" to "responder" 2017-02-14 09:06:53 +10:30
Otto Allmendinger
c977e7ea18 BOLT 02: Remove reference to nonexistent field
Field was removed from the message in commit b228a2e, but it's still
referenced in the description.
2017-02-14 09:06:53 +10:30
Rusty Russell
c5b0bfb620 BOLT 2: specify requirement not to send fulfill until both sides locked in.
Otherwise you can lose funds!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-13 06:30:48 +10:30
pm47
ec99f893f3 fixed htlc weight calculation 2017-02-10 11:33:41 +10:30
Christian Decker
84092130f4 Merge pull request #103 from cdecker/opt-gossip-dump
BOLT 7: Added flag for optional initial routing sync dump
2017-02-09 10:12:34 +01:00
Christian Decker
6dda9560a6 BOLT 7: Added flag for optional initial routing sync dump
Opening a lot of connections results in getting this information a
whole lot of times, so let's add an opt-in flag for the initial dump.
2017-02-09 10:11:03 +01:00
Rusty Russell
fba22970c6 BOLT 9: assign feature bits in pairs, give them names, clarify position.
Christian assumed first bit was 1, I assumed 0.  And we should generally
assign in pairs (so an optional understanding can later become compulsory),
though for the initial draft it's unnecessary.

By giving names we avoid smearing values over the spec, containing them in
BOLT 9.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-08 14:16:50 -08:00
Christian Decker
4e3ad54a90 BOLT 2&7: Cleaner separation of concerns wrt announcement signatures (#97)
* BOLT 2&7: Cleaner separation of concerns wrt announcement signatures

So far we did not have any indication on what to do if a node does not
allow announcing the channel and we had a mix of concerns in the
`funding_locked` message, which would also transfer the signatures
needed for the announcement. This is a proposal about splitting the
signatures into their own message, so that simple omission is an
opt-out of announcements, and it does not mix announcement/gossip
stuff into the peer-protocol.

(It also ended up adding a localfeatures flag to opt-into the channel-announcement, and thus creating BOLT 9)
2017-02-07 11:23:39 +10:30
Rusty Russell
fb5e8667bb bolt3 fix and enhance tx testvectors (#99)
This is a smerge of Fabrice Drouin and my work: he update them, I updated them and enhanced them, he found bugs, I re-derived them, etc.

- rename keys properly
- fix fees
- sign all transactions
- Derive test transaction vectors from minimal subset of parameters.
- rewrite test vectors to test edge cases for trimming.
- add funding tx test vector, make testable on regtest.

This adds a funding transaction test (really, we only specify the output), but importantly adds enough information to duplicate a blockchain with that particular funding tx:

$ rm -rf ~/.bitcoin/regtest/
$ bitcoind -regtest=1 &
$ bitcoin-cli -regtest=1 submitblock  0000002006226e46111a0b59caaf126043eb5bbf28c34f3a5e332a1fc7b2b73cf188910fadbb20ea41a8423ea937e76e8151636bf6093b70eaff942930d20576600521fdc30f9858ffff7f20000000000101000000010000000000000000000000000000000000000000000000000000000000000000ffffffff03510101ffffffff0100f2052a010000001976a9143ca33c2e4446f4a305f23c80df8ad1afdcf652f988ac00000000
$ bitcoin-cli -regtest=1 generate 431
$ bitcoin-cli -regtest=1 sendrawtransaction 0200000001adbb20ea41a8423ea937e76e8151636bf6093b70eaff942930d20576600521fd000000006b48304502210090587b6201e166ad6af0227d3036a9454223d49a1f11839c1a362184340ef0240220577f7cd5cca78719405cbf1de7414ac027f0239ef6e214c90fcaab0454d84b3b012103535b32d5eb0a6ed0982a0479bbadc9868d9836f6ba94dd5a63be16d875069184ffffffff028096980000000000220020c015c4a6be010e21657068fc2e6a9d02b27ebe4d490a25846f7237f104d1a3cd20256d29010000001600143ca33c2e4446f4a305f23c80df8ad1afdcf652f900000000

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-07 11:15:33 +10:30
Pierre-Marie Padiou
240f914cde BOLT 2: fixed broken table of contents 2017-02-01 13:52:52 +01:00
Pierre-Marie Padiou
3ec2c166b5 BOLT 4: using 4 bytes for outgoing_cltv_value (#95) 2017-02-01 13:20:57 +01:00
Pierre-Marie Padiou
74c9fa7493 replaced payment-key by payment-hash 2017-02-01 20:46:38 +10:30
Rusty Russell
0dd1d383ed BOLT 3: fix trimming typo.
If the htlc amount, after htlc fee is *subtracted*, is less than the dust limit,
trim it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-01 12:42:04 +10:30
Christian Decker
860990fa0a bolt07: Simplify signature scheme for channel_announcement
Reorders the `channel-id` and `bitcoin-signature-x` fields so that the
signed part of the message is contiguous. Simplifies the signing logic
not to just simple signatures of a contiguous region of the message,
no need to sign signatures, they all commit to the same payload. This
also removes the chicken and egg problem @pm47 reported in #92.
Furthermore it specifies that the signed payload also includes any
future appended fields.
2017-02-01 11:02:19 +10:30