Thread

Monero should be L2.

Noncustodial wallets want a reliable UX which generally relies on the LSP being stable and reputable, which sadly means not Tor and generally requires them to be large for profit companies.

Tor latency is not ideal for order routing.

I think the problem is that large LSPs actually have some control over funds as they can close more channels on old states than can actually punish them for doing so (What's the term for this attack?). If there was no way of stealing users' money, reputation would be less of an issue and the stability over TOR ... I'm sure we can fix this. How about TOR nodes that take e-cash for routing? TOR only adds few hops to the route so it shouldn't make LN payments impossible unless the network is saturated which paying for the service should be able to solve.

Is that because of the inherently required extra hops on TOR or because of those TOR nodes being congested? If it's the latter, we could have TOR nodes that take e-cash payments to manage supply and demand.

Is it possible to have an LSP that is *only* accessible by TOR/onion address, and *not* available by clear net?

What if all routing was on TOR with no exit nodes or clear net required? Build it and they will come?

I had the same gut reaction. It may at least be possible, if extremely difficult, to get past the need for good repute ... LN penalty not ideal here, clearly.

The attack you describe was called "forced expiration spam" in the original LN paper. I usually call it an "expiration flood". Other people have other names for it. See

Bitcoin Optech

Expiration floods

Expiration floods occur when many timelock-contingent payments need to be settled onchain within a limited period of time. If not all of the settle...

I don't think LN-penalty is the main problem here, as the most powerful form of the attack starts by filling channels with as many expiring HTLCs as possible, which is a problem for any channel design. The only solutions I'm aware of are (1) temporary dynamic block size increases, which only increase the cost of the attack by a small multiple, (2) some form of time stop, although that increases the risk of capital losses from the time value of money, and (3) various bond designs, although they upfront accept losses to the time value of money. Of those options, I think bonds may be under explored but I also think that the main downsides of time stop may be almost entirely mitigated by John Law's hierarchical channel factories design, which would involve channels being opened by three parties, with two preferred partners being able to continue exchanging funds in the channel even if the third counterparty initiated a force close that was taking forever due to a time stop.

You are pointing to the LN penalty as a problem but isn't it exactly what makes it harder for LSPs to pull forced expiration spam attacks?

Yes, totally.

running a routing node as a Tor hidden service introduces 6 hops between the client and service. the increased latency, timeouts, and failure rates associated with just these 6 hops has been enough for routing nodes to forego allocating liquidity and serving clients over Tor if the average number of routing node hops per lightning payment is something like 3-6, and if all routing nodes in the chain were to run as a hidden service instead of clearnet (which i think Leo is proposing here), then all of a sudden that's 18-36 hops, which would dramatically increase latency, timeouts, and failed requests that said, just because there's an ungodly amount of hops doesn't mean it's not feasible. there's just no commercial incentive today since the market is so niche and operating an LSP - even over clearnet - hasn't been a particularly lucrative endeavor to date congestion among the Tor network is also a factor, but incentivizing folks to run more Tor nodes would introduce a new set of regulatory risks that doesn't exist today, and i'm dubious that there exists a strong enough commercial incentive in the near-term

I'm sorry, but the law (in particular the Bank Secrecy Act) that violates fundamental human rights is the problem.

I was afraid of that--thanks for clarifying 😞

Appeciate your reply but... I'm not a lawyer. And this is just my opinion 😉

Simply running software is a bit different from being an LSP that a mobile wallet will integrate by default and trust to be online and reliable for their users.

Blixt +

GitHub

GitHub - hsjoberg/dunder-lsp: Lightning Service Provider built in Node.JS

Lightning Service Provider built in Node.JS. Contribute to hsjoberg/dunder-lsp development by creating an account on GitHub.

No they don’t.

why not? cuz muh mining is centralized?

Yes, with mining incredibly centralized anything secured by hashpower is a joke and miners can always require unblinding of anything “blinded” before they mine it.

muh bitcoin joke...

Hashrate escrow does solve this. No corporation has to run an LSP or have massive liquidity to route payments. Instead, that liquidity can be used to buy L2 coins and onboard users directly without their own L1 txn. Some say it makes the miners a custodian, but that is not true. It would require thousands of hashers, collectively agreeing to continue stealing funds for 6 months- while everyone sees what they are doing every 10 minutes and they waste their Proof of Work. The only time drivechain funds will get "stolen" is when miners and economic nodes have agreed to kill a sidechain and hard fork to another. In this case, miners can offer atomic swap to the new chain before the old dies, and nobody loses money.

Unless there’s one pool with most of the hashpower, in which case they can just steal the money…oops

One pool cannot "just steal the money" and you know this. It takes six months with a constant 10 minute reminder that your pool is trying to steal the funds. Hashers have a ridiculous amount of time to switch, it is very easy to switch, and they are incentivized to switch because the pool is wasting their work. If a single mining pool has over 51% hashrate, then Bitcoin is in trouble anyway. BIP300 recognizes this and keeps the miners on a very short leash.

Well this is not true. Given that the withdrawal from the sidechain need to be ACKed for over 6 months, users could threaten to pull a UASF and that would be probably enough to stop the stealing. If not they can proceed so I will say again that Drivechain fixes this...