Skip to content

Commit

Permalink
Merge pull request #910 from rustyrussell/zeroconf-as-alias
Browse files Browse the repository at this point in the history
Explicitly allow funding_locked early, and support alias scids (feat 46/47/50/51)
  • Loading branch information
TheBlueMatt authored May 30, 2022
2 parents c74a3bb + 34e9cd9 commit bc86304
Show file tree
Hide file tree
Showing 4 changed files with 105 additions and 34 deletions.
115 changes: 86 additions & 29 deletions 02-peer-protocol.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ operation, and closing.
* [The `accept_channel` Message](#the-accept_channel-message)
* [The `funding_created` Message](#the-funding_created-message)
* [The `funding_signed` Message](#the-funding_signed-message)
* [The `funding_locked` Message](#the-funding_locked-message)
* [The `channel_ready` Message](#the-channel_ready-message)
* [Channel Close](#channel-close)
* [Closing Initiation: `shutdown`](#closing-initiation-shutdown)
* [Closing Negotiation: `closing_signed`](#closing-negotiation-closing_signed)
Expand Down Expand Up @@ -70,8 +70,8 @@ must broadcast the funding transaction to the Bitcoin network. After
the `funding_signed` message is sent/received, both sides should wait
for the funding transaction to enter the blockchain and reach the
specified depth (number of confirmations). After both sides have sent
the `funding_locked` message, the channel is established and can begin
normal operation. The `funding_locked` message includes information
the `channel_ready` message, the channel is established and can begin
normal operation. The `channel_ready` message includes information
that will be used to construct channel authentication proofs.


Expand All @@ -82,8 +82,8 @@ that will be used to construct channel authentication proofs.
| A |--(3)-- funding_created --->| B |
| |<-(4)-- funding_signed -----| |
| | | |
| |--(5)--- funding_locked ---->| |
| |<-(6)--- funding_locked -----| |
| |--(5)--- channel_ready ---->| |
| |<-(6)--- channel_ready -----| |
+-------+ +-------+

- where node A is 'funder' and node B is 'fundee'
Expand Down Expand Up @@ -207,12 +207,16 @@ definitions they reuse even feature bits, but they are not an
arbitrary combination (they represent the persistent features which
affect the channel operation).

The currently defined types are:
The currently defined basic types are:
- no features (no bits set)
- `option_static_remotekey` (bit 12)
- `option_anchor_outputs` and `option_static_remotekey` (bits 20 and 12)
- `option_anchors_zero_fee_htlc_tx` and `option_static_remotekey` (bits 22 and 12)

Each basic type has the following variations allowed:
- `option_scid_alias` (bit 46)
- `option_zeroconf` (bit 50)

#### Requirements

The sending node:
Expand All @@ -239,6 +243,8 @@ The sending node:
- MUST set it to a defined type representing the type it wants.
- MUST use the smallest bitmap possible to represent the channel type.
- SHOULD NOT set it to a type containing a feature which was not negotiated.
- if `announce_channel` is `true` (not `0`):
- MUST NOT send `channel_type` with the `option_scid_alias` bit set.

The sending node SHOULD:
- set `to_self_delay` sufficient to ensure the sender can irreversibly spend a commitment transaction output, in case of misbehavior by the receiver.
Expand Down Expand Up @@ -276,7 +282,9 @@ are not valid secp256k1 pubkeys in compressed format.
- the funder's amount for the initial commitment transaction is not sufficient for full [fee payment](03-transactions.md#fee-payment).
- both `to_local` and `to_remote` amounts for the initial commitment transaction are less than or equal to `channel_reserve_satoshis` (see [BOLT 3](03-transactions.md#commitment-transaction-outputs)).
- `funding_satoshis` is greater than or equal to 2^24 and the receiver does not support `option_support_large_channel`.
- It supports `channel_type`, `channel_type` was set, and the `type` is not suitable.
- It supports `channel_type` and `channel_type` was set:
- if `type` is not suitable.
- if `type` includes `option_zeroconf` and it does not trust the sender to open an unconfirmed channel.

The receiving node MUST NOT:
- consider funds received, using `push_msat`, to be received until the funding transaction has reached sufficient depth.
Expand Down Expand Up @@ -344,8 +352,10 @@ The `temporary_channel_id` MUST be the same as the `temporary_channel_id` in
the `open_channel` message.

The sender:
- SHOULD set `minimum_depth` to a number of blocks it considers reasonable to
avoid double-spending of the funding transaction.
- if `channel_type` includes `option_zeroconf`:
- MUST set `minimum_depth` to zero.
- otherwise:
- SHOULD set `minimum_depth` to a number of blocks it considers reasonable to avoid double-spending of the funding transaction.
- MUST set `channel_reserve_satoshis` greater than or equal to `dust_limit_satoshis` from the `open_channel` message.
- MUST set `dust_limit_satoshis` less than or equal to `channel_reserve_satoshis` from the `open_channel` message.
- if `option_channel_type` was negotiated:
Expand Down Expand Up @@ -463,31 +473,67 @@ use `option_static_remotekey`, `option_anchor_outputs` or
`option_static_remotekey`, and the superior one is favored if more than one
is negotiated.

### The `funding_locked` Message
### The `channel_ready` Message

This message (which used to be called `funding_locked`) indicates that the funding transaction has sufficient confirms for channel use. Once both nodes have sent this, the channel enters normal operating mode.

This message indicates that the funding transaction has reached the `minimum_depth` asked for in `accept_channel`. Once both nodes have sent this, the channel enters normal operating mode.
Note that the opener is free to send this message at any time (since it presumably trusts itself), but the
accepter would usually wait until the funding has reached the `minimum_depth` asked for in `accept_channel`.

1. type: 36 (`funding_locked`)
1. type: 36 (`channel_ready`)
2. data:
* [`channel_id`:`channel_id`]
* [`point`:`next_per_commitment_point`]
* [`point`:`second_per_commitment_point`]
* [`channel_ready_tlvs`:`tlvs`]

1. `tlv_stream`: `channel_ready_tlvs`
2. types:
1. type: 1 (`short_channel_id`)
2. data:
* [`short_channel_id`:`alias`]

#### Requirements

The sender MUST:
- NOT send `funding_locked` unless outpoint of given by `funding_txid` and
The sender:
- MUST NOT send `channel_ready` unless outpoint of given by `funding_txid` and
`funding_output_index` in the `funding_created` message pays exactly `funding_satoshis` to the scriptpubkey specified in [BOLT #3](03-transactions.md#funding-transaction-output).
- wait until the funding transaction has reached `minimum_depth` before
sending this message.
- set `next_per_commitment_point` to the per-commitment point to be used
for the following commitment transaction, derived as specified in
- if it is not the node opening the channel:
- SHOULD wait until the funding transaction has reached `minimum_depth` before
sending this message.
- MUST set `second_per_commitment_point` to the per-commitment point to be used
for commitment transaction #1, derived as specified in
[BOLT #3](03-transactions.md#per-commitment-secret-requirements).
- if `option_scid_alias` was negotiated:
- MUST set `short_channel_id` `alias`.
- otherwise:
- MAY set `short_channel_id` `alias`.
- if it sets `alias`:
- if the `announce_channel` bit was set in `open_channel`:
- SHOULD initially set `alias` to value not related to the real `short_channel_id`.
- otherwise:
- MUST set `alias` to a value not related to the real `short_channel_id`.
- MUST NOT send the same `alias` for multiple peers or use an alias which
collides with a `short_channel_id` of a channel on the same node.
- MUST always recognize the `alias` as a `short_channel_id` for incoming HTLCs to this channel.
- if `channel_type` has `option_scid_alias` set:
- MUST NOT allow incoming HTLCs to this channel using the real `short_channel_id`
- MAY send multiple `channel_ready` messages to the same peer with different `alias` values.
- otherwise:
- MUST wait until the funding transaction has reached `minimum_depth` before sending this message.


The sender:

A non-funding node (fundee):
- SHOULD forget the channel if it does not see the correct funding
transaction after a timeout of 2016 blocks.
transaction after a timeout of 2016 blocks.

From the point of waiting for `funding_locked` onward, either node MAY
The receiver:
- MAY use any of the `alias` it received, in BOLT 11 `r` fields.
- if `channel_type` has `option_scid_alias` set:
- MUST NOT use the real `short_channel_id` in BOLT 11 `r` fields.

From the point of waiting for `channel_ready` onward, either node MAY
send an `error` and fail the channel if it does not receive a required response from the
other node after a reasonable timeout.

Expand All @@ -503,6 +549,16 @@ to broadcast the commitment transaction to get his funds back and open a new
channel. To avoid this, the funder should ensure the funding transaction
confirms in the next 2016 blocks.

The `alias` here is both required for routing (since there real
short_channel_id is unknown until confirmation), and useful to provide
one or more aliases, even once there is a real `short_channel_id` for
a public channel.

While a node can send multiple `alias`, it must remember all of the
ones it has sent so it can use them should they be requested by
incoming HTLCs. The recipient only need remember one, for use in
`r` route hints in BOLT 11 invoices.

## Channel Close

Nodes can negotiate a mutual close of the connection, which unlike a
Expand Down Expand Up @@ -543,7 +599,7 @@ along with the `scriptpubkey` it wants to be paid to.
A sending node:
- if it hasn't sent a `funding_created` (if it is a funder) or a `funding_signed` (if it is a fundee):
- MUST NOT send a `shutdown`
- MAY send a `shutdown` before a `funding_locked`, i.e. before the funding transaction has reached `minimum_depth`.
- MAY send a `shutdown` before a `channel_ready`, i.e. before the funding transaction has reached `minimum_depth`.
- if there are updates pending on the receiving node's commitment transaction:
- MUST NOT send a `shutdown`.
- MUST NOT send multiple `shutdown` messages.
Expand All @@ -566,7 +622,7 @@ A receiving node:
- SHOULD send an `error` and fail the channel.
- if the `scriptpubkey` is not in one of the above forms:
- SHOULD send a `warning`.
- if it hasn't sent a `funding_locked` yet:
- if it hasn't sent a `channel_ready` yet:
- MAY reply to a `shutdown` message with a `shutdown`
- once there are no outstanding updates on the peer, UNLESS it has already sent a `shutdown`:
- MUST reply to a `shutdown` message with a `shutdown`
Expand Down Expand Up @@ -716,7 +772,7 @@ the closing transaction will likely never reach miners.

## Normal Operation

Once both nodes have exchanged `funding_locked` (and optionally [`announcement_signatures`](07-routing-gossip.md#the-announcement_signatures-message)), the channel can be used to make payments via Hashed Time Locked Contracts.
Once both nodes have exchanged `channel_ready` (and optionally [`announcement_signatures`](07-routing-gossip.md#the-announcement_signatures-message)), the channel can be used to make payments via Hashed Time Locked Contracts.

Changes are sent in batches: one or more `update_` messages are sent before a
`commitment_signed` message, as in the following diagram:
Expand Down Expand Up @@ -1370,11 +1426,12 @@ The sending node:
A node:
- if `next_commitment_number` is 1 in both the `channel_reestablish` it
sent and received:
- MUST retransmit `funding_locked`.
- MUST retransmit `channel_ready`.
- otherwise:
- MUST NOT retransmit `funding_locked`.
- MUST NOT retransmit `channel_ready`, but MAY send `channel_ready` with
a different `short_channel_id` `alias` field.
- upon reconnection:
- MUST ignore any redundant `funding_locked` it receives.
- MUST ignore any redundant `channel_ready` it receives.
- if `next_commitment_number` is equal to the commitment number of
the last `commitment_signed` message the receiving node has sent:
- MUST reuse the same commitment number for its next `commitment_signed`.
Expand Down Expand Up @@ -1442,7 +1499,7 @@ atomic: if it doesn't complete, it starts again. The only exception
is if the `funding_signed` message is sent but not received. In
this case, the funder will forget the channel, and presumably open
a new one upon reconnection; meanwhile, the other node will eventually forget
the original channel, due to never receiving `funding_locked` or seeing
the original channel, due to never receiving `channel_ready` or seeing
the funding transaction on-chain.

There's no acknowledgment for `error`, so if a reconnect occurs it's
Expand Down Expand Up @@ -1478,7 +1535,7 @@ commitment number 0 is created during opening.
`commitment_signed` for commitment number 1 is send and then
the revocation for commitment number 0 is received.

`funding_locked` is implicitly acknowledged by the start of normal
`channel_ready` is implicitly acknowledged by the start of normal
operation, which is known to have begun after a `commitment_signed` has been
received — hence, the test for a `next_commitment_number` greater
than 1.
Expand Down
9 changes: 9 additions & 0 deletions 04-onion-routing.md
Original file line number Diff line number Diff line change
Expand Up @@ -1118,6 +1118,15 @@ An _intermediate hop_ MUST NOT, but the _final node_:
- if the `amt_to_forward` does NOT correspond with the `incoming_htlc_amt` from the
final node's HTLC:
- MUST return a `final_incorrect_htlc_amount` error.
- if it returns a `channel_update`:
- MUST set `short_channel_id` to the `short_channel_id` used by the incoming onion.

### Rationale

In the case of multiple short_channel_id aliases, the `channel_update`
`short_channel_id` should refer to the one the original sender is
expecting, to both avoid confusion and to avoid leaking information
about other aliases (or the real location of the channel UTXO).

## Receiving Failure Codes

Expand Down
12 changes: 7 additions & 5 deletions 07-routing-gossip.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ The `announcement_signatures` message is created by constructing a `channel_anno
A node:
- if the `open_channel` message has the `announce_channel` bit set AND a `shutdown` message has not been sent:
- MUST send the `announcement_signatures` message.
- MUST NOT send `announcement_signatures` messages until `funding_locked`
- MUST NOT send `announcement_signatures` messages until `channel_ready`
has been sent and received AND the funding transaction has at least six confirmations.
- otherwise:
- MUST NOT send the `announcement_signatures` message.
Expand All @@ -104,8 +104,8 @@ A recipient node:
`error` and fail the channel.
- if it has sent AND received a valid `announcement_signatures` message:
- SHOULD queue the `channel_announcement` message for its peers.
- if it has not sent funding_locked:
- MAY defer handling the announcement_signatures until after it has sent funding_locked
- if it has not sent `channel_ready`:
- MAY defer handling the announcement_signatures until after it has sent `channel_ready`
- otherwise:
- MUST ignore it.

Expand Down Expand Up @@ -167,7 +167,7 @@ The origin node:
- for the _Bitcoin blockchain_:
- MUST set `chain_hash` value (encoded in hex) equal to `6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000`.
- MUST set `short_channel_id` to refer to the confirmed funding transaction,
as specified in [BOLT #2](02-peer-protocol.md#the-funding_locked-message).
as specified in [BOLT #2](02-peer-protocol.md#the-channel_ready-message).
- Note: the corresponding output MUST be a P2WSH, as described in [BOLT #3](03-transactions.md#funding-transaction-output).
- MUST set `node_id_1` and `node_id_2` to the public keys of the two nodes
operating the channel, such that `node_id_1` is the lexicographically-lesser of the
Expand Down Expand Up @@ -445,10 +445,12 @@ or `node_id_2` otherwise.
### Requirements

The origin node:
- MUST NOT send a created `channel_update` before `funding_locked` has been received.
- MUST NOT send a created `channel_update` before `channel_ready` has been received.
- MAY create a `channel_update` to communicate the channel parameters to the
channel peer, even though the channel has not yet been announced (i.e. the
`announce_channel` bit was not set).
- MUST set the `short_channel_id` to either an `alias` it has
received from the peer, or the real channel `short_channel_id`.
- MUST NOT forward such a `channel_update` to other peers, for privacy
reasons.
- Note: such a `channel_update`, one not preceded by a
Expand Down
3 changes: 3 additions & 0 deletions 09-features.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,9 @@ The Context column decodes as follows:
| 22/23 | `option_anchors_zero_fee_htlc_tx` | Anchor commitment type with zero fee HTLC transactions | IN | `option_static_remotekey` | [BOLT #3][bolt03-htlc-tx], [lightning-dev][ml-sighash-single-harmful]|
| 26/27 | `option_shutdown_anysegwit` | Future segwit versions allowed in `shutdown` | IN | | [BOLT #2][bolt02-shutdown] |
| 44/45 | `option_channel_type` | Node supports the `channel_type` field in open/accept | IN | | [BOLT #2](02-peer-protocol.md#the-open_channel-message) |
| 46/47 | `option_scid_alias` | Supply channel aliases for routing | IN | | [BOLT #2][bolt02-channel-ready] |
| 48/49 | `option_payment_metadata` | Payment metadata in tlv record | 9 | | [BOLT #11](11-payment-encoding.md#tagged-fields)
| 50/51 | `option_zeroconf` | Understands zeroconf channel types | IN | `option_scid_alias` | [BOLT #2][bolt02-channel-ready] |

## Definitions

Expand Down Expand Up @@ -90,6 +92,7 @@ This work is licensed under a [Creative Commons Attribution 4.0 International Li
[bolt02-open]: 02-peer-protocol.md#the-open_channel-message
[bolt03-htlc-tx]: 03-transactions.md#htlc-timeout-and-htlc-success-transactions
[bolt02-shutdown]: 02-peer-protocol.md#closing-initiation-shutdown
[bolt02-channel-ready]: 02-peer-protocol.md#the-channel_ready-message
[bolt04]: 04-onion-routing.md
[bolt07-sync]: 07-routing-gossip.md#initial-sync
[bolt07-query]: 07-routing-gossip.md#query-messages
Expand Down

0 comments on commit bc86304

Please sign in to comment.