Good morning list, I'd like to discuss the channel reserve requirement, and argue that it should be fine to get rid of it for channels between mobile wallet users and their service provider. I know, I know, your first reaction will be "but this is a security parameter, I don't want to hear about it", but please bear with me (and I'll be happy to hear thoughts on why we should *not* get rid of this requirement if you still feel strongly about that after reading this post).
Let's start by explaining why we generally want a channel reserve. It ensures that both peers always have an output in the commit tx, which has two important consequences: - if a malicious node publishes a revoked commitment, they will always have some funds in it that the honest node can claim, so they risk losing money - nodes are disincentivized from force-closing channels, because they will need to pay on-chain fees to get their funds back (through a 2nd-stage transaction) I believe those are important properties for channels between normal routing nodes that don't provide paid services to each other. If we remove the channel reserve, and at one point in time, one of the nodes has nothing at stake in the channel, they will be incentivized to broadcast a revoked commit tx: if they get away with it, they win some money, and otherwise, they don't lose any (because they have nothing at stake in the latest channel state). This is particularly true for the non-initiator, who doesn't pay the on-chain fees for the commit tx, otherwise a malicious initiator would still lose on-chain fees. Now what are the drawbacks of having a channel reserve? The first one is capital efficiency, because this channel reserve is unused liquidity. If you are a routing node this is fine, because you actively manage your channels to only keep those that earn you enough routing fees. But if you are a wallet provider, this is a very different story: you need to keep at least one channel open with each of your users. For each of these channels, you must maintain a reserve of 1% of the channel capacity, even if all the funds are on their side. You thus have unused liquidity proportional to the number of users and the total amount of sats your users own. This doesn't scale very well. The second drawback is UX: users look at their channel state to figure out how much they can receive off-chain. It's really hard to explain why there is a large gap between what they think they should be able to receive and what they can actually receive. Now, why is it ok in this setting to remove the reserve on both sides? First of all, the service provider is the one paying the on-chain fees for the commit tx (at least that's what we do for Phoenix). That means that when publishing a revoked commit tx, even if the service provider doesn't have an output in the transaction, they still pay on-chain fees, so they lose *something*. For the wallet user, this is ok: they still get their funds back using penalty transactions, which doesn't cost them more than normal 2nd-stage transactions. The service provider cannot steal funds, it only lets them grief their users (at the cost of paying on-chain fees and missing out on future routing fees). Also, the wallet user can publicly show that the service provider published a revoked commitment, which is bad for their reputation. Removing the reserve on the wallet user's side is a risk that the wallet provider takes in order to guarantee a good UX. The user can grief the service provider, but the griefing amount is limited. Also, the user has paid fees to the wallet provider before that, because they must have used the wallet to get into that state. This makes it an acceptable trade-off for service providers. Lastly, we can also argue that LN-penalty without channel reserves is similar to LN-symmetry (Eltoo). In Eltoo, a cheating node can always publish a previous commitment: the honest node will simply be able to replay the latest state on top of that commitment, and the cheating node's only penalty is the on-chain fees they paid for that commit tx. Here this is the same when the service provider is trying to cheat, because they pay the on-chain fees for the commit tx. If this is ok for Eltoo, why wouldn't it be ok now? Cheers, Bastien
_______________________________________________ Lightning-dev mailing list Lightning-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/lightning-dev