Thanks for sharing your thoughts ZmnSCPxj. I think I can summarize your concern as: A node without direct internet connectivity can not rely on an opportunistically incentivized local network peer for blockchain information because the off-grid node's direct LN peers could collude to not forward the payment.
On Mon, May 11, 2020 at 7:44 AM ZmnSCPxj <zmnsc...@protonmail.com> wrote: > > 2) a light client can query an ISP connected full node on the same > unmetered local WiFi network and exchange differences in block headers > opportunistically or pay for large missing ranges of headers, filters or > full blocks using a payment channel. Cost is reduced and privacy is > enhanced for the light client by not using a centralized ISP. Bandwidth for > running the full node can be amortized and subsidized by payments from > light clients who they resell data to. > > A relatively pointless observation, but it seems to me that: > > * The light client is requesting for validation information, because... > * ...its direct peers might be defrauding it, leading to... > * ...the money it *thinks* it has in its channels being valueless. > > Thus, if the light client opportunistically pays for validation > information (whether full blocks, headers, or filters), the direct peers it > has could just as easily not forward any payments, thus preventing the > light client from paying for the validation information. > > Indeed, if the direct peer *is* defrauding the light client, the direct > peer has no real incentive to actually forward *any* payments --- to do so > would be to reduce the possible earnings it gets from defrauding the light > client. > ("Simulating" the payments so that the light client will not suspect > anything runs the risk that the light client will be able to forward all > its money out of the channel, and the cheating peer is still potentially > liable for any funds it originally had in the channel if it gets caught.) > One question I had is: how can a malicious direct payment peer "simulate" a successful payment made by an off-grid victim peer to an information source? The censoring peer wouldn't be able to return the preimage for a payment they failed to forward. Also, since the information provider and off-grid node can presumably communicate via their local network connection, it would be obvious if all of the victims LN peers were failing to forward payments (whether maliciously or due to routing failures) to an information provider they could otherwise communicate with. Any LN payments not monitored by a watchtower that are received by the eclipsed off-grid victim node would be at risk in this attack scenario. Likewise any layer 1 payments they received should be buried under sufficient valid block headers before being relied on. I don't see how a LN node one-step removed from a direct internet connection is at more risk than an internet connected node eclipsed by their ISP, for example. In both cases, failure to get timely blockchain info should trigger warnings to stop accepting payments. > What would work would be to use a system similar to watchtowers, wherein > the validation-information-provider is prepaid and issues tokens that can > be redeemed later. > But this is not suitable for opportunistic on-same-WiFi where, say, a > laptop is running a validation-information-provider-for-payment program on > the same WiFi as a light-client mobile phone, if we consider that the > laptop and mobile may have never met before and may never meet again. > It would work if the laptop altruistically serves the blocks, but not if > it were for (on-Lightning) payment. > There's another problem if we can't rely on a recurring relationship with an information provider besides not being able to prepay for validation information doesn't make sense. We don't want an information provider to collect payments for serving invalid information. Maybe for very small payments this isn't a problem, but ideally validity could be coded into the HTLC. For example, an alternative HTLC construct that only paid for valid 81 B headers that hash to 32 B values with a number of leading zeros committed to by the HTLC. It would make more economic sense for an internet gateway node to serve valid mined header to nodes on their local WiFi network than to create bogus ones with the same (high) amount of work. > So it seems to me that this kind of service is best ridden on top of > watchtower service providers. > Public watchtowers or some sort of HTTP proxy data cache similar to a watchtower makes the most sense to me because they would be expected to be economically motivated and LN payment aware. Full nodes could potentially be incentivized to exchange new data with other nodes in a tit-for-tat way, but I don't expect them to be incentivized by light clients using LN micropayments in a server-client arrangement. Network agents that monetize full node information services beyond channel monitoring would be more than just a "Watchtower" for light clients. Would they be more like incentivized Electrum servers? Are there still privacy concerns when they serve generic/un-personalized headers/filters/blocks to light clients? A personal, altruistic or friends and family watchtower is also possible, but I'm thinking about how light clients without this possibility can be served. Happy new epoch, -- Richard -- Richard Myers Decentralized Applications Engineer, goTenna gotenna.com @gotenna
_______________________________________________ bitcoin-dev mailing list firstname.lastname@example.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev