Return-Path: Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2ADA6C0039 for ; Thu, 28 Sep 2023 15:56:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 02038820D3 for ; Thu, 28 Sep 2023 15:56:21 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 02038820D3 Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=HtjaHLEh X-Virus-Scanned: amavisd-new at osuosl.org X-Spam-Flag: NO X-Spam-Score: -0.2 X-Spam-Level: X-Spam-Status: No, score=-0.2 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zyJSsYj5ERyu for ; Thu, 28 Sep 2023 15:56:20 +0000 (UTC) Received: from mail-40137.protonmail.ch (mail-40137.protonmail.ch [185.70.40.137]) by smtp1.osuosl.org (Postfix) with ESMTPS id DDA64820C4 for ; Thu, 28 Sep 2023 15:56:19 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org DDA64820C4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1695916577; x=1696175777; bh=gdL6RgZVUBRkpDCodDl9nuzchgwyYikZWuL3iXuhLac=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=HtjaHLEhTJIp136q0Zg5eoMu1TDPDZUv1ZDW3A6kVtrxbpnZZMbxORY7J1eg0Rnqk DTm0Uc+oVeJKLVH94EP8Mot4Wwf02TTssA1xaWjcrgST1bS2pNWcv6dGqL60H60uqS lo4fgF7lfnEeGoCf39Ywdn0VHfueV8+nkSsWk8y7fd0qkDd8DXToKjwGYSlVkJT1Ec AOVkBLolMlBH0TIDnvNaXeSBYALyfuBvBWSw9zdfwSYKXx4zKbqZqajH9pSk7izqh3 IY++zutNniKvFY7y1d1hSQKWZFTR/qg9QQKeVifI4lp9GuW+cg0KiBT70kLbaUHskM v/8Tf4CfCUDYg== Date: Thu, 28 Sep 2023 15:56:11 +0000 To: ZmnSCPxj From: jlspc Message-ID: In-Reply-To: References: Feedback-ID: 36436663:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Thu, 28 Sep 2023 20:43:19 +0000 Cc: Bitcoin Protocol Discussion , "lightning-dev@lists.linuxfoundation.org" Subject: Re: [bitcoin-dev] Scaling Lightning With Simple Covenants X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2023 15:56:21 -0000 Hi ZmnSCPxj, > Good morning John, > > On the other hand, if the consensus rules are changed to allow ev= en simple covenants, this scaling bottleneck is eliminated. > > The key observation is that with covenants, a casual user can= co-own an off-chain Lightning channel without having to sign all (or any) = of the transactions on which it depends. > > Instead, a UTXO can have a covenant that guarantees the creat= ion of the casual user's channel. > > The simplest way to have a single UTXO create channels for a = large number of casual users is to put a covenant on the UTXO that forces t= he creation of a tree of transactions, the leaves of which are the casual u= sers' channels. > >=20 > > While such a covenant tree can create channels for millions o= f casual users without requiring signatures or solving a difficult group co= ordination problem, it's not sufficient for scaling. > > The problem is that each channel created by a covenant tree h= as a fixed set of owners, and changing the ownership of a channel created b= y a covenant tree requires putting the channel on-chain. > > Therefore, assuming that all casual users will eventually wan= t to pair with different dedicated users (and vice-versa), the covenant tre= e doesn't actually provide any long-term scaling benefit. > >=20 > > Fortunately, real long-term scaling can be achieved by adding= a deadline after which all non-leaf outputs in the covenant tree can be sp= ent without having to meet the conditions of the covenant. > > The resulting covenant tree is called a "timeout-tree" [9, Se= ction 5.3]. > >=20 > > Let A_1 ... A_n denote a large number of casual users, let B = be a dedicated user, and let E denote some fixed time in the future. > > User B creates a timeout-tree with expiry E where: > >  * leaf i has an output that funds a Lightning channel o= wned by A_i and B, and > >  * after time E, each non-leaf output in the covenant tr= ee can also be spent by user B without having to meet the conditions of the= covenant. > > I think, based solely on the description above, that it is not safe for d= edicated user `B` to create this, unless it gets a signature from `A_i`. You're right! > The alternative is to also infect the leaf itself with a lifetime `(A_i &= amp;& B) || (B && CLTV)`. Yes, exactly. This is the design given in the figures in the paper, as well as in the det= ailed descriptions that accompany those figures. However, the text that you quoted above was incorrect and requires the chan= ge you described. I've created a new version of the paper that includes this fix [1]. It also includes more detail (at the end of Section 4.9) on the use of hier= archical channels while performing passive rollovers. Thanks for making this correction. Regards, John [1] Law, "Scaling Lightning With Simple Covenants, version 1.1", https://gi= thub.com/JohnLaw2/ln-scaling-covenants Sent with Proton Mail secure email.