Topic: The Lightning Network FAQ - page 9. (Read 32058 times)
~
Thanks for the thorough explanation! I think I got it now.I tried to visualize my understanding below. I'm still unsure why the force close outputs need to be spent (quickly), though.
Code:
┌────────────────────────────────────────────────────────────────┐
│ Address (Multisig) Channel open (single-funded) │
│ │
│ bc1q8lyz0239h864putwe9ue9zug75tmvg5mx8ug7uctxkyfe4jv2fgskrflw8 │
└─────────────────────────────┬──────────────────────────────────┘
│
│
─┬────────────────┴─────────────────┬─
│ Transaction (Force Close) │
│ │
│ 137c7c044bd4027cde671187a1f38821 │
│ a4509250b35693f3e3faa965253eb30f │
─┴─────────────┬─────┬──────────────┴─
│ │
┌────────────┘ └────────────┐
▼ ▼
┌──────────────────────────────────────────┐ ┌──────────────────────────────────────────────────────────────┐
│Address (single-sig, node 1) │ │Address (single-sig, node 2) │
│bc1qk82d4lc0fq8sy30804gwzx7qc8njydthcqp535│ │bc1qz9354tux3tzllhr2r3phktp65ghugl3sh09wjvtdl882rdf346gsgnfjxv│
└──────────────────────┬───────────────────┘ │ │
│ │Time locked 1day │
│ └─────────┬────────────────────────────────────────────────────┘
│ │
▼ ▼
Can spend immediately using pk Spent to own address ASAP
from guesstoremote
│ Address (Multisig) Channel open (single-funded) │
│ │
│ bc1q8lyz0239h864putwe9ue9zug75tmvg5mx8ug7uctxkyfe4jv2fgskrflw8 │
└─────────────────────────────┬──────────────────────────────────┘
│
│
─┬────────────────┴─────────────────┬─
│ Transaction (Force Close) │
│ │
│ 137c7c044bd4027cde671187a1f38821 │
│ a4509250b35693f3e3faa965253eb30f │
─┴─────────────┬─────┬──────────────┴─
│ │
┌────────────┘ └────────────┐
▼ ▼
┌──────────────────────────────────────────┐ ┌──────────────────────────────────────────────────────────────┐
│Address (single-sig, node 1) │ │Address (single-sig, node 2) │
│bc1qk82d4lc0fq8sy30804gwzx7qc8njydthcqp535│ │bc1qz9354tux3tzllhr2r3phktp65ghugl3sh09wjvtdl882rdf346gsgnfjxv│
└──────────────────────┬───────────────────┘ │ │
│ │Time locked 1day │
│ └─────────┬────────────────────────────────────────────────────┘
│ │
▼ ▼
Can spend immediately using pk Spent to own address ASAP
from guesstoremote
Thanks for the detailed response.
Let me brief the docs. I need to run "guesstoremote p2wpkh node_id max_channel_dbid hsm_secret", where p2wpkh I enter my non-accessible address (that is, bc1qk82d4lc0fq8sy30804gwzx7qc8njydthcqp535), where node_id the public key of the node that closed the channel non-cooperatively, where max_channel_dbid my max guess of opened channels (I'll say about 15, so 15), and where hsm_secret the location of my hsm_secret. Is that correct?
Yep, it is!
9,001 sats to both of you via keysend.
Let me brief the docs. I need to run "guesstoremote p2wpkh node_id max_channel_dbid hsm_secret", where p2wpkh I enter my non-accessible address (that is, bc1qk82d4lc0fq8sy30804gwzx7qc8njydthcqp535), where node_id the public key of the node that closed the channel non-cooperatively, where max_channel_dbid my max guess of opened channels (I'll say about 15, so 15), and where hsm_secret the location of my hsm_secret. Is that correct?
Yep, it is!
9,001 sats to both of you via keysend.
I can give you a more detailed explanation on why that's necessary once you confirm that it has worked.
So, what's about that max_channel_dbid? 
I would have expxected a 'Lightning Force Close' transaction to have 1 (Multisig) input and 2 outputs.
While you and I both know how a force close works in theory, I haven't found an actual flow graph or similar, that would definitely help explain the current situation (only one of the 2 nodes got the 'Lightning Force Close' transaction, basically).
While you and I both know how a force close works in theory, I haven't found an actual flow graph or similar, that would definitely help explain the current situation (only one of the 2 nodes got the 'Lightning Force Close' transaction, basically).
I made a post explaining the uncooperative channel close some time ago.
First of all, the timelock is decided before the channel is established. By default, most nodes force the other peer to wait 144 blocks (~1 day). The maximum acceptable value by default is 2016 blocks (~2 weeks). I configured my node to create channels with their_to_self_delay = 432 blocks (~3 days), so if someone decides to close the channel opened to my node uncooperatively, they will have to wait 432 blocks (after the commitment transaction has been included in a block) before they can spend the output belonging to them. Those timelocks are relative which means that you do not have to sign a new commitment transaction whenever a new block is mined. New commitment transactions are signed periodically because their fees need to match the current state of the mempool. There is no point in paying 60 sat/vbyte when 1 sat/vbyte transactions are getting confirmed in just a few minutes. It also applies the other way around.
The first transaction is the commitment transaction. Let's say there's node A(lice) and node B(ob), and node A broadcasts the commitment transaction. That commitment transaction includes two outputs:
- output #0: 3 BTC (spendable by node B's private key) - reflecting node B balance
- output #1: 6 BTC (RSMC) - reflecting node A balance
There is one more important detail before we go any further. Whenever a new commitment transaction is signed, both parties exchange revocation keys for the previous commitment transaction so that they can both be sure that the other party is very unlikely to broadcast an old state of the channel.
RSMC is short for Revocable Sequence Maturing Contract. Such an output contains a relative timelock. This means that you can't spend this output until a certain amount of blocks have been mined since the transaction which includes that output was mined.
Let's say node B didn't change the default value of 144 blocks and the commitment transaction has been confirmed. There are two possible scenarios.
1) Node A attempts to cheat and broadcast an old commitment transaction. Node B has 144 blocks to spend the RSMC output using his and node A's revocation key which he got while they were working on a new commitment transaction.
2) Node A broadcasts the latest commitment transaction. In such a case, node B never got node A's revocation key for that commitment transaction, so he cannot spend that RSMC. Node A can broadcast another transaction spending that output after 144 blocks have been mined.
The first transaction is the commitment transaction. Let's say there's node A(lice) and node B(ob), and node A broadcasts the commitment transaction. That commitment transaction includes two outputs:
- output #0: 3 BTC (spendable by node B's private key) - reflecting node B balance
- output #1: 6 BTC (RSMC) - reflecting node A balance
There is one more important detail before we go any further. Whenever a new commitment transaction is signed, both parties exchange revocation keys for the previous commitment transaction so that they can both be sure that the other party is very unlikely to broadcast an old state of the channel.
RSMC is short for Revocable Sequence Maturing Contract. Such an output contains a relative timelock. This means that you can't spend this output until a certain amount of blocks have been mined since the transaction which includes that output was mined.
Let's say node B didn't change the default value of 144 blocks and the commitment transaction has been confirmed. There are two possible scenarios.
1) Node A attempts to cheat and broadcast an old commitment transaction. Node B has 144 blocks to spend the RSMC output using his and node A's revocation key which he got while they were working on a new commitment transaction.
2) Node A broadcasts the latest commitment transaction. In such a case, node B never got node A's revocation key for that commitment transaction, so he cannot spend that RSMC. Node A can broadcast another transaction spending that output after 144 blocks have been mined.
In this case, node 2 broadcast a commitment transaction with the following outputs:
1) RSMC (P2WSH)- this output can be spent by node 2 after 144 blocks. Node 2 should move those coins to its own address as soon as possible in case node 1 somehow got their hands on the revocation key.
2) Standard output (P2WPKH) - this output can be immediately spent by node 1
So, what can you do to recover your coins? Well, use lightning-hsmtool guesstoremote just like @n0nce has already suggested. As for max_channel_dbid....
max_channel_dbid is your own guess on what the channel_dbid was, or at least the maximum possible value, and is usually no greater than the number of channels that the node has ever had.
You have to count all channels - even closed ones. So, if your node has had a total of 3 channels, you should set that parameter to 3.
I can give you a more detailed explanation on why that's necessary once you confirm that it has worked.
Makes sense. 
Have you tried setting up a new node (maybe on testnet) and doing a backup creation / restore? If that works you may feel safer in the future.
Yes, I tried it with a new testnet node. Backup recovery worked. Have you tried setting up a new node (maybe on testnet) and doing a backup creation / restore? If that works you may feel safer in the future.What's odd to me is that mempool.space labels your actual force close transaction (if I understand correctly) just as a 'Multisig 2 of 2'
I think that's what it should show. The multi-sig sent 150,000 sats to bc1qz9 and another 149,695 to bc1qk8. Once the bc1qz9 spent that UTXO, mempool.space labeled it as "Lightning Force Close". The bc1qk8 has not spent anything and that's probably why it doesn't show anything either. But, I just noticed something. The initial multi-sig address (bc1q8lyz0239h864putwe9ue9zug75tmvg5mx8ug7uctxkyfe4jv2fgskrflw8), once the channel was closed non-cooperatively, sent money to another multi-sig (which was used by my properly working node later) and the rest to a single-sig address (which are currently inaccessible). Once my properly working node received the money, it spend them 1 day and 2 minutes later to one of its on-chain addresses (as far as I can see here). Therefore, the single-sig funds have to be recovered from this hsm_secret I have, as it was created 10 days before this non-cooperative closing.
I just discovered the guesstoremote method in lightning-hsmtool
I don't understand why max_channel_dbid is necessary, and I don't have it either. (Regarding my 150,000 lost sats)
Does an hsm_secret recover non-cooperatively closed channel's funds?
As far as I understand, hsm_secret is some sort of seed for the internal on-chain wallet.
That's my understanding, too, so my answer would be yes.Does an hsm_secret recover non-cooperatively closed channel's funds?
As far as I understand, hsm_secret is some sort of seed for the internal on-chain wallet.
However, I don't know if it can be used to recover funds with this sort of events:
Yes, exactly. But there are other risks when Node_1 goes offline, due to which the funds may be lost / stolen.- Node_1 opened a 300,000 worth of sats channel with Node_2.
- Node_1 sent 150,000 sats to Node_2.
- Node_1 goes offline.
- Node_2 cancels the channel non-cooperatively.
- Can Node_1 recover the bitcoin with hsm_secret?
Node_2 could publish an older commitment, for example (not the case here, I know).
It's not the $30, but the fact that I lost bitcoin while I'm acting very cautiously drives me crazy.
Makes sense. Have you tried setting up a new node (maybe on testnet) and doing a backup creation / restore? If that works you may feel safer in the future.Other things to try...
Have you tried to generate seed words from hsm_secret and restore those in Electrum?
What's odd to me is that mempool.space labels your actual force close transaction (if I understand correctly) just as a 'Multisig 2 of 2':
https://mempool.space/tx/137c7c044bd4027cde671187a1f38821a4509250b35693f3e3faa965253eb30f
Meanwhile, the address of Node_2 also got a second transaction labeled as 'Lightning Force Close' (1 input, 1 output) and Node_1's address still sits there with all its funds, so it lacks a similar transaction.
https://mempool.space/address/bc1qz9354tux3tzllhr2r3phktp65ghugl3sh09wjvtdl882rdf346gsgnfjxv
https://mempool.space/address/bc1qk82d4lc0fq8sy30804gwzx7qc8njydthcqp535
I would have expxected a 'Lightning Force Close' transaction to have 1 (Multisig) input and 2 outputs.
While you and I both know how a force close works in theory, I haven't found an actual flow graph or similar, that would definitely help explain the current situation (only one of the 2 nodes got the 'Lightning Force Close' transaction, basically).
I just discovered the guesstoremote method in lightning-hsmtool. Not sure why it's even required to brute force anything, but worth a try, I guess.
dumponchaindescriptors should also give you a bunch of addresses derived from your hsm_secret, so you could match and see if https://mempool.space/address/bc1qk82d4lc0fq8sy30804gwzx7qc8njydthcqp535 is one of them.
(Regarding my 150,000 lost sats)
Does an hsm_secret recover non-cooperatively closed channel's funds? As far as I understand, hsm_secret is some sort of seed for the internal on-chain wallet. However, I don't know if it can be used to recover funds with this sort of events:
It's not the $30, but the fact that I lost bitcoin while I'm acting very cautiously drives me crazy.
Does an hsm_secret recover non-cooperatively closed channel's funds? As far as I understand, hsm_secret is some sort of seed for the internal on-chain wallet. However, I don't know if it can be used to recover funds with this sort of events:
- Node_1 opened a 300,000 worth of sats channel with Node_2.
- Node_1 sent 150,000 sats to Node_2.
- Node_1 goes offline.
- Node_2 cancels the channel non-cooperatively.
- Can Node_1 recover the bitcoin with hsm_secret?
It's not the $30, but the fact that I lost bitcoin while I'm acting very cautiously drives me crazy.
Ugh. Come on. Who's responsible for the SEO? That thing should be on top for "lightning network visualization".
They don't want to be found and used that easily. You should run your own instance... a wild guess.
Yes. Yes, about that. 
Ugh. Come on. Who's responsible for the SEO? That thing should be on top for "lightning network visualization".
Ugh. Come on. Who's responsible for the SEO? That thing should be on top for "lightning network visualization".
...
How about https://github.com/MaxKotlan/LN-Visualizer and working website to test it at lnvisualizer.com?
Haven't seen the new mempool.space Lightning software. Smooth! I was thinking of something more user-friendly, less-buggy, not that slow, with no world map, with Tor nodes included, and in 3D. Nodes can be represented as spheres, their sphere size accordingly to their capacity, and user can search the network in a player versus player camera style.
All that's needed is a good parse of lightning-cli listchannels.
Interesting! I've never seen something like that myself in general (not for internet servers, either). But it sounds cool. I'm not skilled in web development myself, but would love playing around with such a webpage if it ever comes into existence.All that's needed is a good parse of lightning-cli listchannels.
Hey - to all the bored web devs - here's a free $1M idea for you!
Haven't seen the new mempool.space Lightning software. Smooth! I was thinking of something more user-friendly, less-buggy, not that slow, with no world map, with Tor nodes included, and in 3D. Nodes can be represented as spheres, their sphere size accordingly to their capacity, and user can search the network in a player versus player camera style.
All that's needed is a good parse of lightning-cli listchannels.
All that's needed is a good parse of lightning-cli listchannels.
Hey guys, I thought of an idea, and I just want you to tell me your opinions: Lightning Network 3D overview (similar to internet-map, but in 3D). As far as I've searched, I haven't found anything other than this: https://explorer.acinq.co/, but that's not smoothly running enough.
Kind of something like this?Quote from: http://mempoolhqx4isw62xs7abwphsq7ldayuidyx2v2oethdhhj6mlo2r6ad.onion/graphs/lightning/nodes-channels-map
That doesn't apply to the average user, who's totally fine with keeping their funds on an exchange.
I wouldn't name such person "the average user". More like "newbie" or "in just for the money". A bitcoin user does self-custody; I hope we can all agree to this. Therefore, a person who's registered at an exchange that owns bitcoin for him, isn't a bitcoin user, but an exchange user. Hey guys, I thought of an idea, and I just want you to tell me your opinions: Lightning Network 3D overview (similar to internet-map, but in 3D). As far as I've searched, I haven't found anything other than this: https://explorer.acinq.co/, but that's not smoothly running enough.
Moving back to running nodes at home, through your own local ISP, isn't ideal either.
Isn't ideal, in which manner?Most consumers on the other hand won't use cloud servers, but most consumers also don't keep their computers on 24/7.
Quote
Money and private stuff, which is how I'd characterize my Lightning transactions.
That doesn't apply to the average user, who's totally fine with keeping their funds on an exchange. Moving back to running nodes at home, through your own local ISP, isn't ideal either.
Isn't ideal, in which manner? Sure, anything you do in the cloud is run much faster than in a Raspberry Pi at home, but the home device grants you privacy. I would never host sensitive content on a cloud service, regardless of which company hosted it; and when I say sensitive I mean two things: Money and private stuff, which is how I'd characterize my Lightning transactions. 
There isn't really an alternative, right? Almost everything is "in the cloud" nowadays, and a few large companies rule the cloud market. Moving back to running nodes at home, through your own local ISP, isn't ideal either.
But you certainly have much more control than using computer from someone else.I can understand some people are using cloud services for all kind of data that is not sensitive, but if you use it for private confidential stuff you can end up like Hunter Biden...with all your dirty stuff going online.
If we want something to be decentralized we can't expect big brother to do a good job hosting our nodes, and in few months they will probably start to have problems with electricity.
Truth be told: the internet is getting much more centralized and controlled, and less free, as time goes by.
There are discussions on Bitcointalk [1] and elsewhere about ideas how to create a new network, independent from the internet.
Internet was always centralized, but there was much more freedom than now.There are discussions on Bitcointalk [1] and elsewhere about ideas how to create a new network, independent from the internet.
Things are getting worse for sure, and I am expecting to see Ministry of Truth coming soon with digital identity, so I am not sure if we are going to be able to talk like this in next few years, without some special permission.
Moving back to running nodes at home, through your own local ISP, isn't ideal either.
Isn't ideal, in which manner?Depending on where you live or which ISP do you use, you could face one of these.
1. Expensive pricing due to lack of competition on your area.
2. Ridiculous FUP/Fair Usage Limit. Few years ago, my ISP imposed limit less than 200GB/month before the connection slowed down.
3. Unstable/slow connection either because your ISP still use old DSL or copper cable.
Tor is a solution, but ISPs can also censor Tor traffic in general (and there are precedents for that).
I have never witnessed a case wherein somebody was prohibited to using Tor from his ISP provider. Maybe it can happen on a place like North Korea, but not in the EU or the USA.Also happened in Russia[1] and still happening in China. Although an NGO managed to reverse the ban on Russia[2].
[1] https://blog.torproject.org/tor-censorship-in-russia/
[2] https://roskomsvoboda.org/post/google-v-dele-tor/
The next logical step would be prohibiting the network's use altogether, although I'm not sure about precedents, either.
The only way to forbid the network's use altogether that comes to mind is to re-shape the entire TCP/IP. Simple solution: Block all IP addresses except x, y, z etc. Have they ever done this before? If no, it's possible to use Tor with bridges as you said. What I know is true is that you might have to take permission from your ISP provider to run an exit node:
1. Inform your potential ISP(s)
In general, running an exit node from your home Internet connection is not recommended, unless you are prepared for increased attention to your home. In the USA, there have been no equipment seizures due to Tor exits, but there have been phone calls and visits. In other countries, people have had all their home computing equipment seized for running an exit from their home internet connection. So you will need to find a good colo and save your home connection for bridge or middle node use.
In general, running an exit node from your home Internet connection is not recommended, unless you are prepared for increased attention to your home. In the USA, there have been no equipment seizures due to Tor exits, but there have been phone calls and visits. In other countries, people have had all their home computing equipment seized for running an exit from their home internet connection. So you will need to find a good colo and save your home connection for bridge or middle node use.
Jump to: