From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 9E3F49E8 for ; Thu, 17 Aug 2017 13:38:28 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-oi0-f52.google.com (mail-oi0-f52.google.com [209.85.218.52]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 77DA7443 for ; Thu, 17 Aug 2017 13:38:28 +0000 (UTC) Received: by mail-oi0-f52.google.com with SMTP id g131so66295869oic.3 for ; Thu, 17 Aug 2017 06:38:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Jj/tX6nzlkspvA8fQAbGqet5MJjHYEyJwBWgMGymsoU=; b=tXzsNm+9TYwDEuCp73czJgbELn+yvlAMsMwyCewBTK952arBJhDS2Gw5IF9ljbxptg iZbhsSqtSeb43xBjwZ6MIJIjkzfrmHBQf6SbS0i1npiRJFltA2POpsNT3awwHwH5TPfO HLo2MjjYby0xh8fqVStL1ljsoOjcFety623g9Gtz4fVGg+JO271lkUggSlwzKgq7EWIj 5NePe0IDKe6BuHVmsXY/S1sJ9IMAs6F27pI9YHjUjW85gxYuGHgYYvyn/icNwevVO5GP 5Y4TFwDLfOt+Bn2UaGBMlNYj8miSOzPSjN7ytxAqxTBt3wrmMsXO02Q6zk5Gfx5sUxBC zMWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Jj/tX6nzlkspvA8fQAbGqet5MJjHYEyJwBWgMGymsoU=; b=JhUbbkS+An6skzFq/P2XQDEuXbKbI1J+eHC2cSkHCVz6UvuPELogWuVnMwKNJep4ki GlgSO2wQ4E7AiXxt/WJSanbbYHsuGixJknyLdpjbvA06dyfU8ZK62kgyEAvStd/Qu3OY wP2ugjEDj5VrnNh27uTlYJ6QAyPaA435LYpjsVf9VaxmLZEleMjpv2OGDHQVP6+L5rdU pSFvQ28P5bILT5q18jizQdaQ4JV40YmuLEhAMjFmQ3e04iVnupjBB4EQdF3k3ewELRM0 AxNb9KFtRS7y35zd7NjvwvSrmmEOMYT/LL/2n1nOu4xFem8O06BeiaM6Jb6jl4nvsIZP Cgxg== X-Gm-Message-State: AHYfb5hBPgIG93HZoVYeIVE7kaJHbtKvwEDGLZGfTotuJgDvyXStlCfi lfR1QO3YV5B2pUXZmcLLzyk5OT0ciw== X-Received: by 10.202.214.145 with SMTP id n139mr7209288oig.48.1502977107526; Thu, 17 Aug 2017 06:38:27 -0700 (PDT) MIME-Version: 1.0 Received: by 10.58.18.227 with HTTP; Thu, 17 Aug 2017 06:38:26 -0700 (PDT) Received: by 10.58.18.227 with HTTP; Thu, 17 Aug 2017 06:38:26 -0700 (PDT) In-Reply-To: References: From: Natanael Date: Thu, 17 Aug 2017 15:38:26 +0200 Message-ID: To: Bitcoin Dev , Conrad Burchert Content-Type: multipart/alternative; boundary="001a113dda34998d250556f32099" Subject: Re: [bitcoin-dev] Fwd: [Lightning-dev] Lightning in the setting of blockchain hardforks X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Aug 2017 13:38:28 -0000 --001a113dda34998d250556f32099 Content-Type: text/plain; charset="UTF-8" Couldn't scripts like this have a standardized "hardfork unroll" mechanism, where if a hardfork is activated and signaled to its clients, then those commitments that are only meant for their original chain can be reversed and undone just on the hardfork? Then the users involved would just send an unroll transaction which is only valid on the hardfork. - Sent from my phone Den 17 aug. 2017 14:52 skrev "Conrad Burchert via bitcoin-dev" < bitcoin-dev@lists.linuxfoundation.org>: > Some notes: > > Hardforks like Bitcoin ABC without a malleability fix are very unlikely to > have payment channels, so the problem does not exist for those. > > The designers of a hardfork which does have a malleability fix will > probably know about payment channels, so they can just build a replay > protection that allows the execution of old commitments. That needs some > kind of timestamping of commitments, which would have to be integrated in > the channel design. The easiest way would be to just write the time of > signing the commitment in the transaction and the replay protection accepts > old commitments, but rejects one's which were signed after the hardfork. > These timestamps can essentially be one bit (before or after a hardfork) > and if the replay protection in the hardfork only accepts old commitments > for something like a year, then it can be reused for more hardforks later > on. Maybe someone comes up with an interesting way of doing this without > using space. > > Nevertheless hardforking while having channels open will always be a mess > as an open channel requires you to watch the blockchain. Anybody who is > just not aware of the hardfork or is updating his client a few days too > late, can get his money stolen by an old commitment transaction where he > forgets to retaliate on the new chain. As other's can likely figure out > your client version the risk of retaliation is not too big for an attacker. > > > > 2017-08-17 13:31 GMT+02:00 Bryan Bishop via bitcoin-dev < > bitcoin-dev@lists.linuxfoundation.org>: > >> >> ---------- Forwarded message ---------- >> From: Christian Decker >> Date: Thu, Aug 17, 2017 at 5:39 AM >> Subject: Re: [Lightning-dev] Lightning in the setting of blockchain >> hardforks >> To: Martin Schwarz , >> lightning-dev@lists.linuxfoundation.org >> >> >> Hi Martin, >> >> this is the perfect venue to discuss this, welcome to the mailing list :-) >> Like you I think that using the first forked block as the forkchain's >> genesis block is the way to go, keeping the non-forked blockchain on the >> original genesis hash, to avoid disruption. It may become more difficult in >> the case one chain doesn't declare itself to be the forked chain. >> >> Even more interesting are channels that are open during the fork. In >> these cases we open a single channel, and will have to settle two. If no >> replay protection was implemented on the fork, then we can use the last >> commitment to close the channel (updates should be avoided since they now >> double any intended effect), if replay protection was implemented then >> commitments become invalid on the fork, and people will lose money. >> >> Fun times ahead :-) >> >> Cheers, >> Christian >> >> On Thu, Aug 17, 2017 at 10:53 AM Martin Schwarz >> wrote: >> >>> Dear all, >>> >>> currently the chain_id allows to distinguish blockchains by the hash of >>> their genesis block. >>> >>> With hardforks branching off of the Bitcoin blockchain, how can >>> Lightning work on (or across) >>> distinct, permanent forks of a parent blockchain that share the same >>> genesis block? >>> >>> I suppose changing the definition of chain_id to the hash of the first >>> block of the new >>> branch and requiring replay and wipe-out protection should be >>> sufficient. But can we >>> relax these requirements? Are slow block times an issue? Can we use >>> Lightning to transact >>> on "almost frozen" block chains suffering from a sudden loss of >>> hashpower? >>> >>> Has there been any previous discussion or study of Lightning in the >>> setting of hardforks? >>> (Is this the right place to discuss this? If not, where would be the >>> right place?) >>> >>> thanks, >>> Martin >>> _______________________________________________ >>> Lightning-dev mailing list >>> Lightning-dev@lists.linuxfoundation.org >>> https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev >>> >> >> _______________________________________________ >> Lightning-dev mailing list >> Lightning-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev >> >> >> >> >> -- >> - Bryan >> http://heybryan.org/ >> 1 512 203 0507 <(512)%20203-0507> >> >> _______________________________________________ >> bitcoin-dev mailing list >> bitcoin-dev@lists.linuxfoundation.org >> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev >> >> > > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > > --001a113dda34998d250556f32099 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Couldn't scripts like this have a standardized "= hardfork unroll" mechanism, where if a hardfork is activated and signa= led to its clients, then those commitments that are only meant for their or= iginal chain can be reversed and undone just on the hardfork? Then the user= s involved would just send an unroll transaction which is only valid on the= hardfork.=C2=A0

- Sent from= my phone

Den 17 aug. 2017 14:52 skrev "Conrad Burchert via bitcoin-dev"= ; <bitcoin-dev@= lists.linuxfoundation.org>:
Some notes:

Hardforks like Bitcoin ABC without a malleability fix are very unlikely = to have payment channels, so the problem does not exist for those.

The designers of a hardfork which does have a malleability= fix will probably know about payment channels, so they can just build a re= play protection that allows the execution of old commitments. That needs so= me kind of timestamping of commitments, which would have to be integrated i= n the channel design. The easiest way would be to just write the time of si= gning the commitment in the transaction and the replay protection accepts o= ld commitments, but rejects one's which were signed after the hardfork.= These timestamps can essentially be one bit (before or after a hardfork) a= nd if the replay protection in the hardfork only accepts old commitments fo= r something like a year, then it can be reused for more hardforks later on.= Maybe someone comes up with an interesting way of doing this without using= space.

Nevertheless hardforking while having chan= nels open will always be a mess as an open channel requires you to watch th= e blockchain. Anybody who is just not aware of the hardfork or is updating = his client a few days too late, can get his money stolen by an old commitme= nt transaction where he forgets to retaliate on the new chain. As other'= ;s can likely figure out your client version the risk of retaliation is not= too big for an attacker.



2017-08-17 13:31 GMT+02:0= 0 Bryan Bishop via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>:

---------- Forwarded message ----------
From: Christian Decker <decker.christian@gmail.co= m>
Date: Thu, Aug 17, 2017 at 5:39 AM
Subject: Re: [Lig= htning-dev] Lightning in the setting of blockchain hardforks
To: Martin = Schwarz <m= artin.schwarz@gmail.com>, lightning-dev@lists.linuxfoundation= .org


Hi Martin,

this is = the perfect venue to discuss this, welcome to the mailing list :-)
Like you I think that using the first forked block as the forkchain's= genesis block is the way to go, keeping the non-forked blockchain on the o= riginal genesis hash, to avoid disruption. It may become more difficult in = the case one chain doesn't declare itself to be the forked chain.
=

Even more interesting are channels that are open during= the fork. In these cases we open a single channel, and will have to settle= two. If no replay protection was implemented on the fork, then we can use = the last commitment to close the channel (updates should be avoided since t= hey now double any intended effect), if replay protection was implemented t= hen commitments become invalid on the fork, and people will lose money.

Fun times ahead :-)

Cheers,<= /div>
Christian

On Th= u, Aug 17, 2017 at 10:53 AM Martin Schwarz <martin.schwarz@gmail.com> wrote:
Dear all,

currently the chain_id allows to distinguish blockc= hains by the hash of their genesis block.

With har= dforks branching off of the Bitcoin blockchain, how can Lightning work on (= or across)
distinct, permanent forks of a parent blockchain that = share the same genesis block?

I suppose changing t= he definition of chain_id to the hash of the first block of the new
branch and requiring replay and wipe-out protection should be sufficient= . But can we=C2=A0
relax these requirements? Are slow block times= an issue? Can we use Lightning to transact
on "almost froze= n" block chains suffering from a sudden loss of hashpower?
<= br>
Has there been any previous discussion or study of Lightning = in the setting of hardforks?
(Is this the right place to discuss = this? If not, where would be the right place?)

tha= nks,
Martin
_______________________________________________
Lightning-dev mailing list
Lightning-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.o= rg/mailman/listinfo/lightning-dev

_______________________________________________
Lightning-dev mailing list
Lightning-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.o= rg/mailman/listinfo/lightning-dev




--

_______________________________________________
bitcoin-dev mailing list
= bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev



_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org= /mailman/listinfo/bitcoin-dev

--001a113dda34998d250556f32099--