Each active channel now gains its a dedicated htlcManager goroutine
which currently accepts to two golang channels, and a lightning
channel. The “downstream” channel will be used for dispatched multi-hop
payments sent from the htlcSwitch, while the “upstream” channel will be
used once the readHandler de-multiplexes hltc add/timeout/settle
messages.
Each time a new channel is fully created after N confirmations, the
peer’s channelManager registers the new link with the htlcSwitch. Once
the channel is closed either cooperatively or non-cooperatively, then
the link is unregistered.
This commit introduces the HtlcSwitch service into the daemon. The
purpose of the switch is to manage the message passing between the
goutiness within he peer managing each active channel. The switch
treats connected peers as interfaces, and their active channels as
links. All multi-hop, single-hop, and channel closure orchestration
will be managed by various goroutines within the HtlcSwitch.
The HtlcSwitch will also serve as the L2 contact point between the
yet-to-be-written LightningRouter and the switch, forwarding the new
htlc packet on the proper interface. Additionally, the switch will
handle dispatching htlc’s created locally via RPC, and multi-hop
forwarding initiated by peers.
This commit implements the “pendingchannels” RPC within the rpcserver.
This RPC allows callers to receive details concerning the current
pending channels associated with the daemon. Pending channels are those
waiting for additional confirmations before they can be considered
opened/closed.
At the time of this commit, only open channels are shown. A future
commit will also add the confirmation updates, along with information
for close channels.
This commit switches the implementation of the open/close channel RPC’s
from a fully blocking synchronous model to one that’s async by default,
allowing callers to add a sync wrapper.
The new proto specs also allow for “updates” for the pending channels
in the form of new confirmations which progress the pending status of
the channel. At this point, only the final open/close updates have been
implemented. Obtaining confirmation notifications requires a bit of
re-working within the current ChainNotifier interface, thus this has
been deferred to a later time.
This commit finishes the initial draft of the commitment state machine.
A full re-write of the prior protocol which combines aspects of the
former ‘lnstate’ package has replaced the prior un-finished
stop-and-wait protocol.
This new protocol is designed to operate in an asynchronous environment
and to facilitate non-blocking batched and pipelined updates to the
committed channel states. The protocol is also de-synchronized meaning
that either side can propose new commitment states independent of the
actions of the other party.
The state machine implemented is very similar to that of c-lightning,
however we allow multiple unrevoked commentates in order to minimize
blocking, and also to reduce latency across several hops in a
bi-directional setting.
The current implementation consists of 3 main data structures: a
commitment chain which consist of unrevoked commitment transactions
(one for each side), and a (mostly) append-only log of HTLC updates
shared between both sides. New commitments proposed index into the log
denoting which updates they include, this allows both parties to
progress chains independent of one another. Revoked commitments, reduce
the length of the chain by one, and free up space within the revocation
window.
At this point only basic tests are in place for the state machine,
however more extensive testing infrastructure along with formal proofs
using PlusCall are planned.
This commit changes prior behavior which stored a “hot” commitment
transaction, meaning one which all the sigScript fully assembled and
able to be broadcast.
Instead, we now store the current signature for our commitment
transaction as a separate field within the database and within memory.
As a result, this eliminates a class of bugs which would erroneously
broadcast a fully loaded commitment transaction, either leading to a
loss of funds, or suspending availability to funds for a period of
time.
We now also store their current revocation hash which is given to us
along with the revocation key once an initial HTLC is added to a
commitment transaction.
This update the wallet to implement the new single funder workflow
which uses revocation keys rather than revocation hashes for the
commitment transactions.
The derivation is current bed on an HKDF invocation using our private
key as the secret, and the node’s channel multi-sig key as the salt.
This scheme allows us to derive the key on the fly given data known to
only us and the remote node.
The current derivation is just a place-holder and will be re-visited at
a later time.
With this commit, the reservation workflow for the single funder use
case is now aware of the usage of revocation keys.
The changes are relatively minor:
* contributions now have RevocationKeys instead of RevocationHashes
* CompleteReservationSingle now takes the initiators revocation key
With this commit a revocation message now carries 3 items:
1. A pre-image revoking the lowest unrevoked commitment transaction
in the commitment chain.
2. A new key which extends the current revocation window by 1. This
key is to be used for new commitment transactions.
3. A new hash which also extends the current revocation window by 1.
This hash is to be used for new HTLC revocation hashes.
This commit updates the CommitSignature message to match the latest
version of the state-machine protocol. The log index specifies up to
which index in the receiver’s HTLC log the sender’s signature covers.
We now enforce that the site of all revocation pre-images+hashes (used
for HTLC’s) are now 32-bytes.
Additionally, all payment pre-images are now required to be 32-bytes
not he wire. There also exists a Script level enforcement of the
payment pre-image size at a lower level.
This commit serves to unify the sizes of all hashes/pre-images across
the codebase.
This commit updates the messages sent during a single funder workflow
to utilize revocation keys rather than revocation hashes. This now
matches the latest updates to the commitment transaction.
The changes to the workflow are as follows:
* the response message now carries the responder’s revocation key
* the complete message now carries the initiator’s revocation key
Once the initiator receives the response message, it can construct both
versions of the commitment transaction as it now knows the responder’s
commitment key. The initiator then sends their initial revocation key
over to the responder allowing it to construct the commitment
transactions and give the initiator a sig for their version.
This commit updates the stored on-disk channel state to store a current
revocation key rather than a revocation hash. This change coincides
with the new commitment transaction format which uses revocation keys
rather than hashes.
Additionally, this commit updates the decoding/encoding of local+remote
elkrem trees to the latest changes in the elkrem API.
As noted in the comment on the method, this serialization method isn’t
strictly necessary assuming the root is derived via a cryptographically
secure, yet deterministic procedure. The method is supplied only for
convenience.
The upstream cli repo has changed the signature for the ‘Action’ to
return an additional error. Thankfully this was done in a backwards
compatible manner.
This commit updates all the command action functions to adhere to the
new function signature.
In the future we’ll have proper dependency management so cases like
this will be avoided all together.
This commit removes the lnstate package. The package was originally
created by Joseph to draft some ideas he was developing w.r.t to the
Lightning Network link-layer protocol. However, we recently *completely
re-designed* the protocol after an involved white-board session.
Therefore, this package can now be removed as it’s obsolete.
A series of commits will be landing in the near future which implement,
test, and hookup this new and improved wire protocol.
This commit implements the “send coins” RPC request which was
introduced at both the lnrpc and command line level in a prior commit.
A small refactoring has taken place w.r.t to sendmany+sendcoins in
order to eliminate some code duplication.
This commit adds a new RPC to the RPC server: “sendcoins”. This RPC is
identical to “sendmany” with one small change: the level of send
parallelization is 1. This is useful when one wishes to simply send
coins to a friend and/or a payment.
This commit updates the previous HTLC and commitment scripts to their
current latest evolution.
The HTLC scripts have been optimized for space savings, the
functionality itself has remained relatively unchanged. A trade off was
made to add additional bytes into the sigScript in order to avoid
extraneous CHECKSIG’s. The rationale is that an extra 1-2 bytes in the
sigScript to guide execution, are worthwhile since they’re in the
witness, and witness data may be pruned in the near future.
The primary change is within the commitment transaction itself. Instead
of using revocation hashes, we now use signature based revocation. This
saves space in the Script, and optimizes away an extra hashing
operation. Elkrem/shachain is still used but, we now use the pre-images
to homomorphically derive a public key which the other party will be
able to sign with, once we disclose the pre-image itself.
Finally, we have switched to using SHA-256 everywhere uniformly for
both revocation hashes, and payment hashes. The rationale is that the
output of ripemd160 is too small for modern security margins, and that
other coins/chains are more likely to have SHA-256 implemented, than
ripemd160.
A set of tests has also been included which contain (mostly) exhaustive
tests of all possible redemption paths for both commitment and HTLC.
This unifies some inconstancies across the code-base with hashes being
32 vs 20 bytes. All hashes, whether payment or revocation are now
uniformly 32 bytes everywhere. As a result, only OP_SHA256 will be used
within commitment and HTLC scripts. The rationale for using sha256
instead of hash160 for the HTLC payment pre-image is that alternative
chains are more likely to have sha256 implemented, rather than
ripemd160.
A forthcoming commit will update the current commitment, and HTLC
scripts.
This commit fixes a bug which would potentially cause a panic if a
channel returned from FetchOpenChannels attempted to access the
internal pointer to the database.
To fix this bug, the pointer is now properly set once the channel has
been loaded from the database.