Good morning again list, particularly cdecker who is the "Decker" in 
Decker-Wattenhofer,

Below is some numbers for implementing a sidepool using Decker-Wattenhofer, in 
case `SIGHASH_NOINPUT` so we can do Decker-Russell-Osuntokun takes two more 
years.

First, I should note that ***if*** we deploy something like this using 
Decker-Wattenhofer decrementing-`nSequence` mechanisms, we need the following 
numbers:

    number_of_stages: The number of nested decrementing-nSequence stages
    steps_per_stage: The number of steps from the starting nSequence of one 
stage to the lowest nSequence=0, inclusive
    blocks_per_step: The number of blocks from one step to the next.

These numbers all kind-of suck in the following ways:

`number_of_stages` plus 1 is the number of transactions that need to be 
confirmed in case of a unilateral close.
The "plus 1" here is due to the "kickoff transaction" which initiates the 
unilateral close and start the relative `nSequence` timers, and cannot itself 
be one of the stages of the nested decrementing-`nSequence` mechanisms.

`steps_per_stage` raised to the `number_of_stages` is the maximum number of 
updates.
Once the mechanism saturates, we *need* to do an onchain operation.
This can just be a "no-op splice" where we just spend the current funding txout 
into a new funding txout with a refreshed mechanism starting from state 0.

`blocks_per_step` is the maximum amount of time that a participant can safely 
be offline during a unilateral close.
If a participant is offline for longer than this period, the other participants 
may present an older state where the offline participant has less money.

`number_of_stages` times (`steps_per_stage` minus 1) times `blocks_per_step` is 
the longest time that a unilateral close will take.

Due to the number of updates being `steps_per_stage` ***raised*** to 
`number_of_stages`, if we halve the number of stages (to reduce onchain 
footprint in the unilateral close case) we need to *square* `steps_per_stage`, 
which greatly increases the longest time the unilateral close will take.

For example, suppose we set:

    number_of_stages = 8
    steps_per_stage = 2
    blocks_per_step = 144 (1 day)

Then:

* The worst case is that a unilateral close will lock up funds for 8 days (8 * 
144 blocks).
  Unilateral closes *may* take shorter than that.
* A participant cannot be offline for longer than 144 blocks
* The mechanism can only support 256 (2 to the 8) updates.
  * Note that a swap requires two updates: one to offer the HTLC, the second to 
claim or reject it.
    However, a single update can service multiple swaps in parallel; they just 
have to all happen simultaneously.
  * The above implies that number of swaps is half of the number of updates.

Now, for the specific case of `steps_per_stage = 2`, if we halve the 
`number_of_stages` we need to square `steps_per_stage`, and squaring that is 
just `steps_per_stage = 4`.
Thus the halving of the `number_of_stages` is cancelled out by the squaring of 
`steps_per_stage`, implying that `steps_per_stage = 4` is optimal.
Beyond that, further halvings of the `number_of_stages` will cause squarings of 
the `steps_per_stage` to retain the small number of updates and greatly 
increase the worst-case lock-up time in a unilateral close.

--

The point of the sidepools mechanism is that it is another settlement layer on 
top of the blockchain layer, which we hope is cheaper than just using the 
blockchain.

Then we have direct-on-blockchain published channels, and if the channels 
become grossly imbalanced, participants can initiate a "swap party" on the 
sidepool.

In a "swap party" the participants then try to move their imbalanced channels 
back to balance by offering HTLCs on the sidepool.
All of the sidepool-offerred HTLCs are then bundled into a single update of the 
sidepool.
Then, the channels put a "reverse" HTLC in the opposite direction, and the 
preimages are sent in the channel.
Once the channel-side HTLCs are fulfilled or failed, the participants can then 
bundle all the claims and failures on the sidepool side in a second update.

(Each is basically a peerswap with your counterparties, except that the "other 
side" of the peerswap is inside the sidepool instead of in a blockchain layer.
This is also amenable to "forwardable peerswaps" as well, and should be 
designed as such)

Then, the sidepool enters a "moratorium" period during which another swap party 
cannot be initiated.

Alternatively, swap parties can be scheduled at fixed regular intervals, which 
might be easier for institutional nodes --- maintenance actions such as updates 
and regular shutdowns can be scheduled so that they do not coincide with swap 
parties.
For example, swap parties might be scheduled at 00:00 UTC every day.

If swap parties are done once per day, then a 256-update mechanism can last for 
128 days, which is just slightly more than 3 months.
Having to do one onchain tranaction per 3 months in order to "reset" the 
mechanism sounds like a reasonable deal to me; the alternative is to perform 
HTLCs about once a day on the blockchain layer for each channel you want to 
update at the same rate.

Regards,
ZmnSCPxj
_______________________________________________
Lightning-dev mailing list
Lightning-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev

Reply via email to