Topic: Flaws in LN (Lightning Network). - page 4. (Read 2054 times)

You missed completely the point.

If there is no Byzantine General's problem for N=2 Generals - there is no such a problem at all for any N.

Which is not true.

What the mistery entity the 'commitment state' is? Where is it kept? Who is responsible and guarantee for it's consistency and actual state?

I steel feel some smell of magic.

I'm not sure how the above relates to the Byzantine General's problem.

PoW-based-consus is not about "solving a single transaction between 2 participants". It's about deciding on the "correct" transaction if there are multiple conflicting ones, ie. solving the double-spend problem. Money as a social phenomenon has nothing to do with it.




What does treating counterparty-pairs like singular market participants have to do with how a pair of market participants negotiate a channelstate between themselves? We're still talking about solving a 1:1 game. The above sounds like breaking down the Byzantine General's problem into a bunch of Byzantine dudes with inner conflict caused by multiple personality disorder.




That's usually the part where you leave the second party standing because who the hell does business like that

Which is also how I'd expect LN clients to react when a counterparty breaks protocol (eg. during the handshake, as per your scenario) -- to abort the handshake and hit the blockchain for settlement.

This might be too simplistic an assumption though and I'd love to hear more about your point of view -- so how would an adversary take advantage of breaking protocol?

And what's the problem about LN deferring the Byzantine General's problem to the blockchain?

Not in the scenario you've described.  If B doesn't acknowledge A, the only consequence is that the commitment state is not updated.  There are no penalties involved.



I'm not talking about sending someone "binary data" like 1s and 0s.  I'm saying it's like a 'true or false' statement where there are only two possible outcomes.  

"A binary outcome is a general term that implies there are only two possible outcomes to a certain situation."

Either the commitment state is updated because both parties agree, or it isn't updated because one party doesn't agree.  One party can't just claim that it's updated and then ask for a judgement about it.  It doesn't work like that.  

You appear to be suggesting that A can send B a payment and then penalise B for not accepting it.  I'll repeat it again:  If B doesn't acknowledge A, the only consequence is that the commitment state is not updated.  There are no penalties involved.

---

I said "be specific".  Saying that person B can "instead do other things" is not specific.  What "things" can they do, franky1?

If this really was an attack vector, where can we download this supposed modified client?  Surely if there was a way to steal peoples' money, detractors of Lightning would be all over that action.  They'd have already proven by now that Lightning wasn't a viable concept.  Why aren't you bringing down LN one node at a time if it's so easy?

This is correct, the metaphor is that many generals surround a city and all have to agree when to attack. When there is no possible way to completely trust that the message you send or receive is correct. Bitcoin solves this by agreeing on a common ledger that is impossible to change. To adapt the metaphor for lightning. Lightning is two generals meeting privately and coming to an agreement, this agreement is then published to all generals and impossible to change.

Since we already have the Byzantine General's problem solved in bitcoin, this is also solved in lightning that is built on top of bitcoin.

That's exactly what am I talking about.


Not really.

The N>2 participants may always be considered as (N-1)! pairs. And a single one-to-many transaction could be split to many one-to-one. Thus, the Byzantine General's problem for N>2 can always be reduced to (N-1)! two-participant's solutions, if one ever existed.

you might want to use LN yourself first... but not with the utopian 'i shall follow the rules' and make one payment the way it was intended. but with a 'lets see if i can tinker' mindset.
it will shock you

did you even read the disclaimers LN dev keep highlighting.
LN nodes "should" "must".. if you knew the byzantine generals. you would realise those words do not mean nodes will.. it just means 'please try to'

But there still is a 'penalty'.
A 'penalty' without proper 'judgement'. Good idea for horror trash movie... ooh, seems I have already seen one, something like The Purge or so...

Some people use 'binary' (some other use 'cryptography') in sense of the ancient people used 'magic': an absolute power to do and to explain everything.

Whatever you call it: 'commitment', 'revocation', etc. - one has to send some binary data to another and then it has to be known (confirmed) somehow if this counterparty has surely received the same binary data.

In blockchain it is 'confirmed' (or 'sealed' once the target hash is 'solved') by PoW difficulty (so no need for confirming by recipient).

In two-party scheme you will need a confirmation from your counterparty. Who needs in turn a confirmation that his corfirmation reached the goal (and was taken into account). Et cetera.

doomad you got m wrong on so many levels

1. i've highlighed LN flaws for them to be fixed. my issue is not LN's existance. its the treating it like bitcoins sole solution for bitcoins future. just because i dont kiss devs asses when i highlight issues does not mean anything. i highlight flaws to highlight flaws.

2. people need to be aware that LN is not bitcoin so they are aware it is not the same security model, not the same 100% self control model. not the same push transaction model, not the same recipient gets paid even if offline model. not the same in many ways as what bitcoin network offers.

3. promoting LN is like promoting ripple. you lock your bitcoin up. you play with other tokens that represent it and then at the end you can with someone elses authority withdrawal real bitcoins by broadcasting a 8 decimal valued transaction back onto the bitcoin network.
(ln use 12 decimals so payments are not actual bitcoins, before you spout out that its a bitcoin token being used inside LN)

4. as for you main question. because there is no community consensus to reject/orphan off them 12 decimal tokens people play within within the channel. person B can edit a node to ignore bolts or pause bolts command list of what suppose to happen at any point. and instead do other things.
LN devs think they have helped reduce the risk by having certain penalties for not following bolts. but they havnt. penalties of X millisat for delay/no response from B are useless if B is just going to take the whole funds from A anyway
its like you can charge me $1 a day but if i then take $20 which includes all them $1 a day.. the issue aint solved

5. continuing on..  the not solving byzantine generals is indeed a risk because i can send a tx that has a slight different opcode. and when your node signs it. i can then manipulate things. the LN devs know this because when they see people using mobile wallets with just GUI's and no ability to go into it and see the raw tx data. and because these LN mobile apps are all autopilot they get signed unchcked.
other people in their channel that do tinker with the protocol. can tinker.. and guess what.. PEOPLE HAVE LOST FUNDS

.....
now getting back to the bitcoin network. segwit has not helped anything.. there are less transactions occuring. fee's are more then they were in 2015 and the tx/byte of real hard drive usage has shown segwit is worse than legacy. all segwit has done was fake the numbers with x4'ing legacy to fake how many bytes legacy actually uses/costs. and then cuts segit transactions apart to hide segwits actual byte usage/cost. like i said wishy washy hurpa durp code.

they admit they done the wishy washy hurpa durp code to get around needing to hard fork.. but in they end they done a hard fork anyway in august because not enough people voted for segwit. oh and before you reply with the script that bitcoin cash instigated a hard fork. sorry but check the blockchain. segwit first activated the ban node/reject non conforming blocks before.. cash didnt even come into existence until hours later.

you can try flip flopping the social finger point games all you like. but maybe read some code first. read some stats, read some blockdata. read the latest LN concepts and read that things are not as you seem

lastly you think that i am trying to coerse the network... um conversations are not code

i know you are desperate for me to release code. not to review it. not to see what mine does compared to others.. but just to join the troops that REKT anything that is not the reference client.
sorry im not playing your social drama games of 'REKT it cos it aint core'.

Precisely which "terms" are you able to "renegotiate" in Lightning with this supposed attack, then?  Please elaborate and be specific, because I'm sure we'd all love to hear some more totally made-up nonsense.  Don't just say "the second party can then renegotiate the terms" without explicitly describing what you mean, because otherwise you are clearly spouting FUD and not describing an actual attack that can be successfully performed in Lightning.

Even though I'm going to totally dismantle everything else you just said, I want an answer to this above all else.  



I understand you don't seem capable of comprehending the fact that no one is suggesting that Lightning is ready for mass adoption right now.  What we are "promoting" are the future benefits.  We all recognise it's not finished yet and there is still much work to do.  



In your bizarre-o-world where Bitcoin somehow isn't allowed to have Lightning _fascist, the thing that would actually shift innovation and utility away from the Bitcoin network is every other coin being interoperable and compatible with each other when they all implement LN and atomic swaps, while leaving Bitcoin totally isolated.  Great idea!  



You are in no position to judge what a "true bitcoiner should be like" because you openly advocate preventing people from developing the off-chain technologies they want to develop.  You only like developers that are making things you want them to make.  Which, as far as I can see, is precisely ZERO of them because your ideas aren't as good as you like to think they are.  



There is no "onchain stagnation" in Bitcoin.  That's just a lie you like to perpetuate.  



Says the person who doesn't want Bitcoin to be interoperable with other networks.  Almost as though you wanted to segregate them...  Keep those different networks apart.   

You're free to leave if you don't like it here.  You're also free to stay and continue to be ridiculed for spouting nonsense.  That's not apartheid.  If you think it is, that's yet another concept you don't understand.



Sounds great, I'm okay with that.  Freedom and choice for everyone is a good thing.

Why do you hate multi-nation islands?  Does it have something to do with your fascist tendencies?  



That has no correlation whatsoever with what we're talking about here.  If you think it does, start again because you don't understand Lightning.  "Vaults" work like this.  That is categorically not how Lightning works.  Thank you for once again proving beyond doubt that you are not in a position to comment on anything even remotely related to LN.



Definitely keeping this quote handy as further evidence that you are 100% misinformed.  If you ever manage to figure out why what you just said is totally wrong, let me know.

as for some thinking LN is only used for bitcoin and is a sole bitcoin feature.
you know those that hate it being called a second network

https://github.com/lightningnetwork/lightning-rfc/blob/master/02-peer-protocol.md#the-open_channel-message
"The chain_hash value denotes the exact blockchain that the opened channel will reside within. This is usually the genesis hash of the respective blockchain. "

LN can function without bitcoin because its not reliant of bitcoin. the chainhash can be for litecoin or other coins.
EG LN is an island but it can continue even without bitcoin inhabitants.
right now its mainly bitcoin inhabitants walking around it so its giving the island some bitcoin fame. but that does not make it a bitcoin island. its a multi-nation island

they are policies.. but LN has no enforcer. a rule is only a rule if its enforced and final

people can tinker with them. its actually happening every day. people are tweaking with the code and not needing soft/hard forks. BOLTS is just one concept and anyone can edit their node to stop the handshake/communication mid flow. nothing on this planet forces someones node to comply to all operations of bolt.

EG
imagine bolt was
1. male puts out hand
2. female puts out hand
3. hands shake

anyone can stop their code from doing 2. and then know they have seen the guys hand. and take advantage of it.
nothing forces 2 or 3 to occur.

you said it yourself
"Users are free to negotiate between themselves how they are going to settle transactions between themselves as long as their software is compatible."
me: i wont shake your hand unless..
you: my node cant do that.
me: "well change your node or close the channel using your old state. by the way i have the private key to that old state, so its less risky to comply to my code edit by editing your node to follow my new policy. than it is for you to close channel"

LN is not fixed in stone and never can be because its not a byzantine generals rule network.

What are BOLTs (Bases of Lightning Technology) for you then if not rules? Ease of adding new features should be considered as a huge advantage. Eltoo is an alternative to the current penalty system and it won't replace it completely. Users are free to negotiate between themselves how they are going to settle transactions between themselves as long as their software is compatible. I don't get the second part of this quote. Do you blame the Lightning Network for being too complex?

right now in LN there is no single rule. its a mish mash of different concepts. people can easily add eltoo. or other concepts. add litecoin add other coins add loads of features there is no only activate if everyone agrees

yes i know doomad will only se the utopia. but with a critical mind it just shows people can change/tweak their node to do hand shaking in a different order or request data that normally not requested in that order.
if funds are locked. the partner either has to obey to the request or close the channel.

EG if you know the 2016 concept is that X hands over their private key first. and is expecting an automated reply from Y with Y's private key.
why can edit thir node to stop at th X hand key.. so that why gets it. but then does not hand Y key

its like any contract negotiation. whomever signs first is usualy the one worse off. because the second party can then renegotiate the terms before agreeing to sign

it why most contracts are not treated as valid until both parties sign. and its been notorised by witnesses

i understand doomad is an optomist and he likes to see the bright side of life. but promoting other networks that are not built yet to a reasonable level, and yet not care about how it is shifting utility and innovation away from the bitcoin network, and surprisingly being preferential that people should want to use LN instead of scaling bitcoin.. is not what a true bitcoiner should be like.
those wanting bitcoin to just be a currency that is used on different networks where it all gets locked up into addresses that need other peoples authorisation is not what bitcoin is meant to be.
even going to the extent that if someone doesnt like bitcoins onchain stagnation that the critics should just go make their own network.. is th mindset of those that think apartheid history was a good thing.

---

as for the "custodian" thing. .. im laughing
coinbase, offers its "vaults" bitgo offer their services that both the service and the user co-sign..
and thats where they are declared as custodians

if the service had 100% key privelidge they are not custodians. they are owners
"if you dont have keys to the funds, the funds aint yours"

funny part is. if having 100% control of a legacy address makes you a custodian (under doomads mindset) then we are all not owners of bitcoin we are all custodians and so we all need to KYC ourselves.. lol

custodians are key holders to others property.
is a school custodian(thefloor sweeper) a school owner. or does he just have keys to access the school and do things with the school and has some authority/ control over it. but not full control

Monetary system (issuance and transfer of cash) is a social problem with billions of participants involved.

When I pay you by a paper printed note, paper money, you check the authenticity of the bill you receive from me by examining its signature (put it this way) and we are done. But when there is no famous signature, (cryptocurrency problem domain) the whole society is involved and should confirm my balance and your ownership afterwards. There is just one monetary game playable by 2 participants: physical payment of cash over the counters, other scenarios fall in the most sophisticated and sensitive game played in the world ever: monetary systems.

Are we clear? The whole Bitcoin network is trying to solve a single transaction between 2 participants. It is because the 'thing' that is being transferred is a social phenomenon: part of a balance which is the result of a long history of other transactions.

I don't believe reduction would help, for instance, you can't solve Byzantine Generals problem by adopting something like LN and reducing the problem to finding a mechanism for 'pairs' of generals, suggesting that eventually all of them are covered in such a hub and spokes topology and so on. At least I have not seen a formal representation of such a solution yet.

Our programmers tell us that we are safe because of this or that consideration they have made but when there is no cost to attack, adversaries have a billion and one tricks to try, you need a more simple and abstract model before going to implementation details.

Even if we can establish how the Byzantine General's problem relates to LN, it still doesn't change the simple fact that LN is not custodial in the same way as an Exchange is.  It is unequivocally more empowering to users than leaving funds totally under the control of a third-party.  For all the people out there who have completely surrendered control of their funds to a webwallet or exchange, they have little-to-no recourse if those funds suddenly vanish.  People can make all the arguments they want about potential flaws with Lightning, but surely anything has to be better than a fully-custodial "service".  

Using webwallets and exchanges to store funds is the real "banking 2.0" and it's a problem that Lightning can help mitigate once it matures.  We're now open to a potential future where services won't have irresponsibly vast troves of BTC stored in a single hotwallet ready for hackers to steal;  A future where users don't automatically forfeit their money en-masse when such hacks occur.  This is what progress looks like and there's no denying it with manipulative wordplay about Bitcoin "trying to go full circle and back under a currency control where people need other people authorisation to make payments".  Even in completely unrelated topics, malicious actors are attempting to derail the progress that is being made with their FUD.  Don't let them.  

Being able to authorise your own payments is undeniably better than a service (or an attacker of that service) making the sole decision over what happens to your money.    

This still doesn't explain how the Byzantine General's problem relates to LN.

Untrustworthy participants alone do not constitute the Byzantine General's problem. That's just one of the premises of game theory in general.

To my understanding the Byzantine General's problem only applies to n > 2 participants (ie. the minimum requirement for majority consensus in case of a participant defecting) while each LN payment channel is series of 2 player games (in the game theoretical sense) with each transition between channel states representing a singular game.

In other words, with the problem of consensus between n > 2 participants solved (ie. a PoW-consensus-based blockchain), layers on top of the settlement layer -- LN or otherwise -- can move onto a different problem space to solve. In the case of LN that's 2 player games. Which is different from the Byzantine General's problem.

So while one may debate whether LN's channel state games will work out as intended, I'm rather confused what our Byzantine friends have to do with it. Hence my question.

I agree but it does not make a big difference. Bitcoin is provably secure in a trustless, permissionless and decentralized multiparty network, because of its consensus algorithm. I don't expect developers to start from game theory or any mathematical model but it is where they should eventually end.

Actually it is the problem at hand.

Issuing and transferring money is not a trivial problem and participants are worse than Byzantine generals. They are greedy and selfish and more than enough untrustworthy. We have just one provably fair solution to regulate interaction between players of monetary game as of now: PoW.

It is what I have pointed out earlier about LN: It is a competitive alternative to bitcoin rather than a complementary add-on, at least the way its enthusiast present it: an ultimate scaling solution. According to what they are championing for, bitcoin is supposed to maintain a reserve currency while LN is used as the actual consumer grade cash transfer system.

AFAIK Bitcoin's consensus built on a lot of prior approaches, most of which were based on cryptography and mathematics, none of which went very deep into economics and game theory. Most papers regarding the game theoretic implications of PoW as used by Bitcoin seem to have come after the fact, although I'd love to be introduced into directly related preliminary work, if there was some.

That being said, I'm still not quite sure where the issue lies. One may argue that the Byzantine General's problem is better understood than a direct interaction between two untrusted counterparties (if that is indeed the case, seeing how it took until just a decade ago to solve part of the puzzle with PoW I'm not sure whether even the Byzantine General's problem is all that well understood) -- but how is that relevant if it's not the problem at hand?

Maybe it is the problem at hand -- hence my question -- but as of know it seems to me that the problem that LN is trying to solve is a different one from what is described in the Byzantine General's problem?

Obviously PoW based consensus models are more secure and reliable than what LN is offering -- otherwise we wouldn't need an underlying blockchain to begin with. What I'm trying to understand is the aforementioned part of franky1's argument.

And this is the problem! Without a (PoW based) consensus protocol, we have no established game-theoretic fundamental support for what is rational and what is irrational behavior of adversaries, hence we are left with programmers (I'm a programmer myself, for the record) and what they think is enough for our security.  

I'm not saying it is insecure or what, I'm just feeling bad about the lack of the scientific model and reliance on software. Software is not a self-descriptive science, it is a reflection of science, you can not build a computerized monetary system with software and just with software. You need conceptual and descriptive models backed by mathematics and socio-economics.

Comparatively, consider, Butterin's stupid 'Slasher' proposal for mitigating N@S attack in PoS. It seems to be practical: if a player simultaneously played in two forks, punish him by seizing his deposit. We have coins that have implemented such a tactic, ... still, there is a theoretical hole and nobody dares to claim such a trick as the ultimate solution for N@S range of attacks to PoS and if he does, he is not a serious advocate and theorecian, because you can't fill a socio-economic hole simply by putting an if clause (if he_is_generating_blocks_elseWhere then punish_him(); ) in your code because it ends to a series of new problems and you should add more ifs and so on. Buterin proposed it in 2014 and an army of programmers are busy implementing it with no working binaries. Compare it with bitcoin, the whole system (and not only the consensus part) implemented in like 6 months by a single person(I believe).

For off-chain second layer solutions, we will have a same hole no matter how many hashed time lock contracts are involved and how sophisticated you design your protocol, they remain vulnerable to more sophisticated adversarial behaviors, unlike bitcoin that is mathematically provable to be secure, by the virtue of Byzantine General's Problem.

That being said, unlike @franky1, I don't think LN is totally useless or a stupid piece of software. I just don't believe in it as a serious scaling solution for bitcoin, hence I think we have a lot of work ahead.