1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 10:00:04 +01:00
Commit Graph

325 Commits

Author SHA1 Message Date
Christian Decker
565ed92581 bolt10: Add condition querying and bech32 encoding 2017-08-21 22:53:18 +02:00
Christian Decker
5c022cca0f bolt10: Typo in sup 2017-08-21 22:53:18 +02:00
Christian Decker
e9ce66b49b bolt10: Added some initial policies 2017-08-21 22:53:18 +02:00
Christian Decker
51115481dd bolt10: Initial draft of the subdomain structure. 2017-08-21 22:53:18 +02:00
Olaoluwa Osuntokun
25fc33bfbb glossary: move definition of chain_hash to BOLT #0
This commit modifies the glossary to add a new entry which defines the
usage of `chain_hash` throughout the remainder of the documents.
Additionally, we now also specify which chain hash we expect for
Bitcoin within the glossary.

This commit also modifies BOLT #2 and #7 to omit the definition of the
expected `chain_hash` value for Bitcoin.
2017-08-08 10:06:21 +09:30
Olaoluwa Osuntokun
956e8809d9 BOLT 7: add chain_hashes values to channel_update and channel_announcment
This commit adds a 32-byte `chain_hash` value to both the
`channel_update` and `channel_announcement` messages. The rationale for
this change is that this value is already present within the
`open_channel` for identifying _which_ chain to open the channel
within. As is now, if a pair of peers had channels open on two chains
which somehow are encoded using the same `short_channel_id`, then the
announcements would be ambitious. We resolve this by explicitly
including the `chain_hash` is all channel related announcement
messages.

Note that with this change, we now require 40-bytes to uniquely
identify a channel globally.

Additionally, this modification of the channel announcement messages
allows peers to start building up a heterogenous network graph.
2017-08-08 10:06:21 +09:30
Rusty Russell
094a86ecdb BOLT 2: rework and specify exact shutdown retransmission semantics.
1. Change descriptions of closing tx construction to references to BOLT 3.
2. Recipient *should* check the fee offer has improved in closing_signed.
3. Therefore, sender *must* improve closing offer.
4. Offers do not persist across reconnection, so no state req'd, and
   also helps if fee has changed.
5. You don't need to re-send `shutdown` if you received `closing_signed`
   (implicit acknowledgement).
6. You don't have to accept a `channel_reestablish` which requests the last
   revoke_and_ack be retransmitted if you've already received `closing_signed`
   (which is an implicit acknowledgement).

Closes: #201
Closes: #199
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-08 10:05:18 +09:30
Rusty Russell
4dc97605cc BOLT 3: define closing transaction.
The only surprise here (maybe?) is that we use the commitment number encoding.
I think that makes sense, but it was unspecified before.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-08 10:05:18 +09:30
Rusty Russell
a49543e8ea BOLT 11: change r to hold multiple entries.
Allows us to put multiple routes in; there was previous confusion.

Closes: #215
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-08 09:55:19 +09:30
kek-coin
3274087bd4 Reword proportional fee explanation. 2017-08-07 22:03:58 +09:30
Christian Decker
059125dda4 tools: Add CLTV acronyms 2017-07-30 15:15:24 +02:00
Christian Decker
170cb318a1 BOLT7: Add shadow route extension in the recommendations
This is a recommendation to fuzz the CLTV on the HTLCs such that nodes
along the route have a harder time identifying the intended
recipient. We can either add a random offset or we can start a random
walk from the intended recipient and create a shadow route extension.

Closes #185
2017-07-30 15:15:24 +02:00
Christian Decker
964527158e tools: Adding 'BOLTs' to the dictionary 2017-07-24 13:25:15 -07:00
Christian Decker
efd8096fa6 BOLT4: clarify that failure_code may reuse message type numbers
We reuse the numeric values that we previously assigned to message
types in the failure_code, but there is no possibility for a mixup
since the latter is not transmitted directly on the transport layer
but wrapped in a return packet. Hence there is no way of confusing the
two. Added a short clarification.

Reported-by: Janus Troelsen @ysangkok
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-07-24 13:25:15 -07:00
Pierre-Marie Padiou
df66a4e85a BOLT 11: fix formatting typo, r length value, and channel_id->short_channel_id (#212)
* BOLT 11: fix formatting typo, and `r` length value.

The r field is 408 bytes long, which is 82 characters encoded;
this should have been updated when the fee and cltv sizes were
updated (prior to merge into repo).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

* BOLT 11: `channel_id`->`short_channel_id`
2017-07-24 10:26:49 +02:00
Pierre-Marie Padiou
80688d7900 BOLT 11: Clarify that providing a payment description or description hash is mandatory (#200)
Added a `d` or `h` field to test vectors
2017-07-15 10:30:26 +09:30
Christian Decker
d67a28227c tools: Update formatting of python tools 2017-07-11 12:11:12 +02:00
Janus
22544d7789 Script for extracting structured protocol messages
This changes extract-formats.py so that other scripts can use it, but retains normal functionality.
The new script (structured.py) parses the CSV variant and shows a representation of an OrderedMap.
This could be used to write parsers.
2017-07-11 12:11:12 +02:00
Christian Decker
a11d234e18 tools: Disable alignment check when we have a variable length field
If we have a variable length field we should not check the alignment
of the following fields, the check will be off anyway.
2017-07-11 11:09:03 +02:00
Christian Decker
a257554456 BOLT7: Reorder feature bitmaps in order to allow future changes
Appending new fields to the end of the messages allows us to add new
fields to an existing message, however it does not allow removing
existing fields, e.g., dropping the pubkeys like #187 proposes. Moving
the features bitmap at the beginning of the signed payload allows
this type of change in the future. Nodes verify the integrity of the
message and then check whether there are any even bits they don't
implement. These even bits being required features would then result
in the message being discarded.

In addition to what we discussed during the call I also went ahead and
did the same reordering on `node_announcement`, which I think has the
same issue.

There is a subtle change in semantics, i.e., previously we would
add channels with unknown bits to our local view, but then ignore them
when computing a route. Now we no longer add them to our view, and may
discard the announcement altogether, stopping the broadcast. This is
safe I think since otherwise we'd be forwarding things we can only
verify the signatures of, but nothing else.
2017-07-11 11:09:03 +02:00
Rusty Russell
365a5a0f9f BOLT 4: channel_id -> short_channel_id
Consistency with BOLT 7 makes this much clearer.

Closes: #195
Reported-by: https://github.com/nayuta-ueno
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-11 10:41:01 +09:30
Rusty Russell
b574c18f24 BOLT 2: closing fee is based on final commitment "base fee" not actual fee.
The actual fee of the final tx may include eliminated outputs, which can
differ between one side and the other (since they have different thresholds).

Simplify this corner case by using our base fee calculation as the upper bound;
it should be close enough we don't care, but disagreement here could cause
negotiation breakdown.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-11 10:40:30 +09:30
Rusty Russell
83aaaedcd5 BOLT 2: make it clear that we set fee, *then* eliminate outputs.
You can't eliminate an output and also guarantee a certain fee, so
we need to define exactly how to do this.

Since the output is (presumably) dust, we might as well just discard it
(effectively increasing the fee).  This avoids the peer directly benefiting
from the elimination as well.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-11 10:40:30 +09:30
Christian Decker
a537af3d62 BOLT7: Refer to announce_channel bit, not channels_public
This was changed a while ago, but not reflected here.
2017-07-11 10:39:54 +09:30
Christian Decker
f2d03e707b BOLT7: Allow channel_updates for non-public channels
This was pointed out by @btcontract in #188: we need to communicate
our forwarding parameters even for private channels since otherwise
the other endpoint cannot use the private channel for incoming
routes. So we also accept `channel_update`s for our own channels even
for channels that were not announced publicly. Adds a bit of special
handling for our own channels in the gossip, but it is needed since
private channels would be completely unusable otherwise.
2017-07-11 10:39:54 +09:30
Christian Decker
a5437d065b BOLT7: Add network view pruning (#191)
Explicitly mentions that nodes SHOULD monitor the chain for channel
closes, and that a node MAY be removed if no open channels for that
node remain open.

Also mentions the 2 week lazy pruning we discussed on the call.

Closes #186
2017-07-11 10:13:09 +09:30
Rusty Russell
46848dcf21 BOLT 7: fix outdated description of channel announce.
The requirements were updated in 667ca1fdd6
but not the discussion above.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-28 11:36:04 +09:30
Rusty Russell
ac8b830598 BOLT 2: channel_reestablish message, retransmission simplification.
This adds a message for each channel reconnect (after we've
sent/received `funding_signed`, ie. when we rememeber the channel),
which says exactly how many `commitment_signed` and `revoke_and_ack`
we've received.  Really, we could use one bit for each (they could
only be missing the last one), but better to be clear.

This leaves the "rollback if didn't get commitment_signed"
requirement, but avoids any need to handle update duplicates or wonder
what update number a `commitment_signed` applies to after reconnect.

Many thanks to pm47 and roasbeef especially for constructive feedback
which made this far better than I originally had.

Closes: #172
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-28 06:46:26 +09:30
Rusty Russell
8424535e1f BOLT 2: don't insist we atomically send and commit to disk.
We can't do that, so allow "write, then send".  That fails on the side of
timing out, rather than having a channel which can't be used.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-28 06:46:26 +09:30
Rusty Russell
01571c1e58 Bolt 11: Invoice Protocol for Lightning Payments (#183)
This specifies a draft invoice protocol for lightning payments.

Particular thanks for detailed feedback from:
* ZmnSCPxj <ZmnSCPxj@protonmail.com>
* @Saicere  
* @kallewoof
* @halseth 
* @cdecker 

Signed-off-by: Rusty Russell <rusty@blockstream.com>
2017-06-27 20:08:13 +09:30
Olaoluwa Osuntokun
5e666b6c99 BOLT 9: remove feature bit for channels_public
This commit removes the feature bit for channels_public as they have
been deprecated by the addition of the `announce_channel` field in the
`open_channel` message.
2017-05-27 10:30:42 +09:30
Olaoluwa Osuntokun
667ca1fdd6 BOLT 2: allow peers to conditionally signal channel announcement in open_channel
This commit gives peers the ability to signal their intent to make a
channel private in the `open_channel` message. This differs from the
current method as now peers are able to create multiple channels with
heterogeneous announcement policies _without_ disconnecting and
re-connecting in-between each channel funding. The prior requirement
for the nodes to re-connect was burdensome and unnecessary.

[ Minor tweaks from feedback folded in -- RR ]
2017-05-27 10:30:42 +09:30
Olaoluwa Osuntokun
38601f6edb BOLT 2: link to BOLT 7 when referring announcement_signature msg
This commit modifies the “Normal Operation” summarization by including
a link to BOLT #7 when mentioning the `announcement_signature` message.
Previously a reader would need to search other documents to figure out
what an `announcement_signature` was, and its purpose.
2017-05-27 10:30:42 +09:30
ZmnSCPxj
13326cca3c Enable travis to spellcheck BOLT#10 to 99. 2017-05-26 14:31:50 +09:30
Rusty Russell
1e228bcf8f Clarify init-message description
This is based on a series of patches from @EmelyanenkoK which makes the treatment of feature bits clearer and adds rationale so that future extensions can be made wisely.

Thanks to all involved!

Closes: #156 
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 09:43:31 +09:30
Rusty Russell
95e7196560 BOLT 3: fix references to RIPEMD160(revocationkey)
They should be HASH160, aka RIPEMD160(SHA256()).

Closes: #179
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-23 17:56:53 +02:00
Rusty Russell
068b0bccf9 BOLT 2,4,7: use 8 bytes for amounts, restrict add_htlc for bitcoin only. (#175)
We had 4 byte fields for amounts because people have no ability to assess
risk, and this limited the damage to $70 at a time.

But then that means $1 maximum HTLCs on Litecoin, which isn't enough
for a cup of (decent) coffee.

Rather than have boutique hacks for Litecoin we enlarge the fields now,
and simply have a bitcoin-specific restriction that the upper 4 bytes be 0.

The ctlv_expiry field is moved down in update_add_htlc, to preserve alignment.

Suggested-by: Olaoluwa Osuntokun <laolu32@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-23 12:36:34 +09:30
Olaoluwa Osuntokun
61b5b3f7b4 BOLT 3: clarify description of revocation key derivation (#170)
This commit attempts to clarify some ambiguity in the way the
revocation key derivation was formerly described. Rather than framing
the description in terms of local vs remote nodes, we instead frame the
description around the _process_ of creating a new commitment
transaction for a remote node,

[ minor typos and remove weird part-sentence -- RR ]
2017-05-20 09:50:51 +09:30
Rusty Russell
7d6a4f82f4 tools/spellcheck: expiries is a valid word.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-19 11:12:54 +09:30
sstone
f7277cea43 BOLT 4: rationale for the last node's payload
Specify the payload for the last node in the route and how it is used to return
errors. The idea is to prevent the next to last node to guess if the next node is
the final one.
2017-05-19 11:12:54 +09:30
pm47
c60e5e05ec added a channel_disabled error message 2017-05-19 11:12:54 +09:30
pm47
b7a90e7e6a added UPDATE flag to temporary_channel_failure 2017-05-19 11:12:54 +09:30
EmelyanenkoK
032d55832d Delete obsolete reference to padding 2017-05-19 10:44:24 +09:30
Rusty Russell
8b600e28ff FIXUP: length fixes from pm47 2017-05-18 09:56:05 +09:30
Christian Decker
6713b26272 aspell: Make CI happy again 2017-05-18 09:56:05 +09:30
Olaoluwa Osuntokun
60f611d7b7 BOLT 7: add current and next-generation tor onion addresses
This commit extends the set of define address descriptor types to
include support for v2 (current-gen) and v3 (next-gen) onion service
addresses. This enables user to run their Lightning nodes as onion
services, only accepting in-bound connections via their onion
addresses. Running a Lightning node behind Tor may serve to boost the
privacy of a user as they no longer need to give away their location
when advertising their node as willing to accept in-bound connections.

The current generation onion service address are widely deployed and
similar looking. They consume 10-bytes of space as they are the SHA-1
hash of a 1024-bit RSA public key. Encoding using base-32, they look
like: v2cbb2l4lsnpio4q.onion.

The next-generation onion services addresses are defined within
prop224[1]. These addresses are a bit longer as they includes a full
e25519 public key (32-bytes), a 2-byte checksum, and finally a 1 byte
version. The full length of the raw version of these addresses are
35-bytes. When encoded using base-32, then next-gem onion address look
like: btojiu7nu5y5iwut64eufevogqdw4wmqzugnoluw232r4t3ecsfv37ad.onoin.

[1]:
https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-n
g.txt
2017-05-18 09:56:05 +09:30
Olaoluwa Osuntokun
91f0deb1c1 BOLT 7: use bullet points, not numbers to enumerate address descriptor types 2017-05-18 09:56:05 +09:30
Rusty Russell
5801656c6d BOLT 2: make opening retransmissions atomic and better specified.
1. Tell the node when to broadcast the funding tx (we didn't do this!).
2. Allow timeouts generally if no progress is made (originally this
   was just when waiting for funding_locked, but it applies generally).
3. Use `funding_signed` as the commitment point: before this, we forget,
   after this, we remember.  If lost, we'll timeout.
4. The core of the retransmission requirements now only applies to
   the normal and shutdown states, and will be revised separately
   depending on #172

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-18 09:49:19 +09:30
Rusty Russell
41790a9cd7 BOLT 2: add suggestion to retransmit errors, and rationale section.
Moves it together with the similarly-reasoned `closing_signed`
retransmission.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-18 09:49:19 +09:30
Rusty Russell
72b2d4e6c2 BOLT 5: define what "failing a channel" means.
We talk about failing a channel, or channels, but we never spelled
out what a node does in that case.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-18 09:48:53 +09:30