This commit modifies the elkrem root derivation for each newly created
channel. First a master elkrem root is derived from the rood HD seed
generated from private wallet data. Next, a HKDF is used with the
secret being the master elkrem root.
This file is no longer needed as each implementation of the
WalletController is expected to handle its own set up via an instance
of the WalletDriver factory struct.
This commit adds the first concrete implementation of the
WalletController interface: BtcWallet. This implementation is simply a
series of wrapper functions are the base btcwallet struct.
Additionally, for ease of use both the BlockChain IO and Signer
interface are also implemented by BtcWallet. Finally a new WalletDriver
implementation has been implemented, and will be register by the init()
method within this new package.
This commit revamps the previous WalletController interface, edging it
closer to a more complete version.
Additionally, this commit also introduces two new interfaces:
BlockchainIO, and Singer along with a new factor driver struct, the
WalletDriver.
This BlockChainIO abstracts read-only access to the blockchain, while
the Singer interface abstracts the signing of inputs from the base
wallet paving the way to hardware wallets, air-gapped signing, etc.
Finally, in order to provide an easy method for selecting a particular
concrete implementation of a WalletController interface, the concept of
registering “WalletDriver”s has been introduced. A wallet driver is
essentially the encapsulation of a factory function capable of create a
new instance of a Wallet Controller.
This commit removes the wrapper functions used to rely on the coinset
package for coin selection. In a future commit the prior behavior will
be replaced by a custom coin selection implementation which estimates
the size of the funding transaction.
This commit refactors the code within lnwallet interacting with the
ChainNotifier to accept, and call against the implementation rather
than a single concrete implementation.
LightningWallet no longer creates it’s own BtcdNotifier implementation
doing construction, now instead accepting a pre-started `ChainNotifier`
interface. All imports have been updated to reflect the new naming
scheme.
This commit fixes a bug in the lockTimeToSequence function when mapping
a block-based relative lock time to the proper sequence number.
Applying the mask isn’t necessary since the values are expected to be
blow 65K blocks.
This commit adds a basic test for cooperative channel closure. The
current test ensures correctness of the cooperative closure procedure
initiated by either the channel initiator, or the channel responder.
This commit adds glide integration in order to make lnd builds fully
reproducible. Rather than using “go get” users should now manually pull down
the repo, use glide to fetch+install the dependancies, then manually install
all related binaries.
With this change we no longer have to chase dependancies making breaking API
changes under us. We can manually update the managed dependancies once a new
stable release of a defendant package is released.
Additionally, reproducible builds are a strong requirement in order to securely
distribute future major releases of lnd.
This commit adds a new method, “PendingUpdates” to the channel state
machine which is intended to be a source to give callers a hint as to
when an additional commitment signature should be sent independent of
any request/response book keeping.
This commit patrons the state update logs properly within the channel
state machine. This change fixes a number of bugs caused by treating a
central log as two logically distinct logs. Rather than having a bit
indicating if the entry is incoming/outgoing, an entry is added to a
remote or local log depending on which modification method is used.
As a result the code is much easier to follow due to separation of
concerts.
Finally, when attempting to sign a new update with an exhausted
renovation window a distinct error is returned in order to allow higher
level callers to properly back-off and handle the protocol event.
This commit fixes a slight bug in the channel state machine’s code
executed when processing a revocation messages. With this commit after
processing a revocation, log entries which we should forward to the
downstream or upstream peer for settling/adding HTLC’s are now properly
returned.
The testa have also been updated to ensure to correct htlc’s are
returned “for forwarding”.
We no longer track HTLC’s by their r-hash within the log into the
index, as we may have multiple HTLC’s that can be redeemed by the same
pre-image. Instead we now use a separate index which is keyed by a
log-index.
Additionally, the SettleHTLC method now also returns the index of the
HTLC being settled which allows the remote party to quickly locate the
HTLC within their log.
This commit also introduces a few trace/debug log messages which will
likely be pruned in the near future
This commit finishes the initial draft of the commitment state machine.
A full re-write of the prior protocol which combines aspects of the
former ‘lnstate’ package has replaced the prior un-finished
stop-and-wait protocol.
This new protocol is designed to operate in an asynchronous environment
and to facilitate non-blocking batched and pipelined updates to the
committed channel states. The protocol is also de-synchronized meaning
that either side can propose new commitment states independent of the
actions of the other party.
The state machine implemented is very similar to that of c-lightning,
however we allow multiple unrevoked commentates in order to minimize
blocking, and also to reduce latency across several hops in a
bi-directional setting.
The current implementation consists of 3 main data structures: a
commitment chain which consist of unrevoked commitment transactions
(one for each side), and a (mostly) append-only log of HTLC updates
shared between both sides. New commitments proposed index into the log
denoting which updates they include, this allows both parties to
progress chains independent of one another. Revoked commitments, reduce
the length of the chain by one, and free up space within the revocation
window.
At this point only basic tests are in place for the state machine,
however more extensive testing infrastructure along with formal proofs
using PlusCall are planned.
This commit changes prior behavior which stored a “hot” commitment
transaction, meaning one which all the sigScript fully assembled and
able to be broadcast.
Instead, we now store the current signature for our commitment
transaction as a separate field within the database and within memory.
As a result, this eliminates a class of bugs which would erroneously
broadcast a fully loaded commitment transaction, either leading to a
loss of funds, or suspending availability to funds for a period of
time.
This update the wallet to implement the new single funder workflow
which uses revocation keys rather than revocation hashes for the
commitment transactions.
The derivation is current bed on an HKDF invocation using our private
key as the secret, and the node’s channel multi-sig key as the salt.
This scheme allows us to derive the key on the fly given data known to
only us and the remote node.
The current derivation is just a place-holder and will be re-visited at
a later time.
With this commit, the reservation workflow for the single funder use
case is now aware of the usage of revocation keys.
The changes are relatively minor:
* contributions now have RevocationKeys instead of RevocationHashes
* CompleteReservationSingle now takes the initiators revocation key
This commit implements the “send coins” RPC request which was
introduced at both the lnrpc and command line level in a prior commit.
A small refactoring has taken place w.r.t to sendmany+sendcoins in
order to eliminate some code duplication.
This commit updates the previous HTLC and commitment scripts to their
current latest evolution.
The HTLC scripts have been optimized for space savings, the
functionality itself has remained relatively unchanged. A trade off was
made to add additional bytes into the sigScript in order to avoid
extraneous CHECKSIG’s. The rationale is that an extra 1-2 bytes in the
sigScript to guide execution, are worthwhile since they’re in the
witness, and witness data may be pruned in the near future.
The primary change is within the commitment transaction itself. Instead
of using revocation hashes, we now use signature based revocation. This
saves space in the Script, and optimizes away an extra hashing
operation. Elkrem/shachain is still used but, we now use the pre-images
to homomorphically derive a public key which the other party will be
able to sign with, once we disclose the pre-image itself.
Finally, we have switched to using SHA-256 everywhere uniformly for
both revocation hashes, and payment hashes. The rationale is that the
output of ripemd160 is too small for modern security margins, and that
other coins/chains are more likely to have SHA-256 implemented, than
ripemd160.
A set of tests has also been included which contain (mostly) exhaustive
tests of all possible redemption paths for both commitment and HTLC.
This unifies some inconstancies across the code-base with hashes being
32 vs 20 bytes. All hashes, whether payment or revocation are now
uniformly 32 bytes everywhere. As a result, only OP_SHA256 will be used
within commitment and HTLC scripts. The rationale for using sha256
instead of hash160 for the HTLC payment pre-image is that alternative
chains are more likely to have sha256 implemented, rather than
ripemd160.
A forthcoming commit will update the current commitment, and HTLC
scripts.
This commit introduces the fundingManger which is used as a bridge
between the wallet’s internal ‘ChannelReservation’ workflow, and the
wire protocol’s funding messages.
The funding manger is responsible for progressing the workflow, and
communicating any errors generated during the workflow back to the
source peer.
This commit adds additional test cases to test both cases (initiator vs
responder) for a single funder channel workflow. Additionally, the
previous dual funder tests have been extended in order to detect proper
funding channel broadcast, and the ChainNotifier’s role in notifying
upstream callers that a funding transaction has been embedded in the
chain at a sufficient depth.
At this point the tests certainly need to be cleaned up. bobNode should
be replaced with a second instance of the wallet modeling a remote
peer.
This commit modifies the existing workflow to add additional paths to
be used when on the responding side of a single funder workflow.
Additionally, several bugs encountered within the existing dual funder
workflow logic have been fixed, and modified to account for the wallet
being on the igniting side of a single funder workflow.
The previous logic incorrectly assumed the returned address was already
a p2wkh address. Instead, a p2sh address was returned. So we now
correctly craft both the sigScript and witness stack for a nested p2sh
spend.
This is required since for single funder channels, we don’t contribute
any funds so we don’t need to select any change or coins for input into
the funding transaction.
This commit adds 3 methods to lnwallet.ChannelReservation intended to
facilitating a single funder channel workflow between two nodes. A
single funder workflow is characterized as the initiator committing all
the funds to a channel, with the responder only providing public keys,
and a revocation hash.
The workflow remains the same for the initiator of the funding
transaction, however for the responder, the following methods are
instead called in order:
* .ProcessSingleConribution()
* .CompleteSingleContribution()
* .FinalizeReservation()
These methods are required for the responder as they are never able to
construct the full funding transaction, and only receive the out point
of the funding transaction once available.
A cooperative closure of a LightningChannel proceeds in two steps.
First, the party who wishes to close the channel sends a signature for
the closing transaction. Next, the responder reconstructs the closing
transaction identically as the initiator did using a canonical
input/output ordering, and the currently settled balance within the
channel. At this point, the responder then broadcasts the closure
transaction. It is the responsibility of the initiator to watch for
this transaction broadcast within the network to clean up any resources
they committed to the active channel.
Only nested p2sh or pure witness outputs are used when selecting coins
for inputs to a funding transaction.
The funding transaction output now uses p2wsh rather than regular p2sh.
All tests have been updated accordingly.
This method has been added in order to allow lnd to collect eligible
unspent witness programs outputs from the wallet controller for use as
inputs to the funding transaction.
Additionally, the change address functions now also specify whether the
generated change address should be payable to a witness program or not.
The WalletController will serve as a layer of separation between “base”
Bitcoin wallet logic, and the higher level Lightning Network logic. As
a result LightningWallet will no behave as an overly wallet, relying on
the lower wallet for basic services such as new address, signing etc.
Within this higher level lies the awareness of channel types, chain
monitoring, HTLCs, and so on.
* Previously, if the call to SetUp(..) returned an error, then the test
harness would fail to stop the running bcd process, and clean up the
test directories. This would cause any subsequent tests to fail. This
commit remedies this scenario.
Allows us to remove a lot of duplicated code pertaining to wallet
setup. We also gain hooks into the wallet to trigger callbacks once the
wallet is created/opened.
Instead of creating “fake” utxos for bob, and alice. We now employ a
dedicated mining node to hand out utxos, and generate blocks with hand
picked transactions.
A major change for btcwallet adding a new RPC wallet, refactoring parts
of the wallet, and introducing new functionality has been introduced.
This commit updates lnwallet to the API changes. A future commit will
change lnwallet to use some of the new functionality such as the
notification server, etc.
Select over the quit channel in order to shutdown goroutines waiting
for funding txn confirmations. Without this we may leak goroutines
which are blocked forever if the process isn’t exiting when the walet
is signaled to shutdown.
* Hooks into the ChainNotifier infrastructure to receive a notification
once the funding transaction gets enough notifications.
* Still need to set up the notification grouting within a
LightningChannel to watch for uncooperative closures, and broadcasts
and revoked channel states.
* In preparation for regression testing once nodetest is finished.
* These sections we’re previously uncommented to allow for testing the
wallet without a full-node hooked up.
* Updates to the channel are made atomic, and consistent via a proxy
object: “ChannelUpdate” which encapsulates an update transaction. Only
one update transaction may be outstanding at any time.
* Update transactions are initiated via AddHTLC or SettleHTLC.
* Once a transaction has been begun, in order to complete the update
the transaction must first be presented with a signature from the
counter-party for our new version of the commitment tx
(VerifyNewCommitmentSigs), and finally to atomically commit the
transaction, the counterparty’s pre-image to their previous revocation
hash must be validate (Commit).
* Workflow along with expected call orders have been documented.
* With this, the initial iteration of ChannelReservation is mostly
complete.
* However, there are still some unfinished steps internally within the
wallet related to processing. Such as factoring proper tx fees,
splitting fees, some node interaction etc.
* moved sorting of transaction outside of createCommitTx also us to add
HTLC’s before sorting
* On the fence about the proxy object design, will re-visit once we
start to implement the p2p code.
* As a result in order to not over-shadow the Start/Stop methods of
btcwallet.Wallet, the Start/Stop methods on LightningWallet have been
renamed to Startup/Shutdown.
* Initial draft of brain dump of chandler. Nothing yet set in stone.
* Will most likely move the storage of all structs to a more “column”
oriented approach. Such that, small updates like incrementing the total
satoshi sent don’t result in the entire struct being serialized and
written.
* Some skeleton structs for other possible data we might want to store
are also included.
* Seem valuable to record as much data as possible for record keeping,
visualization, debugging, etc. Will need to set up a time+space+dirty
cache to ensure performance isn’t impacted too much.
* Contribution from remote host necessary to construct the initial
commitment transaction is now also expected
* All message structs and handlers updated accordingly
* AddContribution now also generates both commitment tnxs, and
generates a signature for their version of the commitment transaction
* Future commit will ditch all the thread-safe “getter” like methods.
We’re all adults just make sure to grab the lock.
* All wallet mutation funcs will also document which fields are set
after completion of the request
* Set shaChain, delivery address, commitment key
