-
Notifications
You must be signed in to change notification settings - Fork 912
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Building a TLV extension app - a field report #3407
Comments
Thanks for the very detailed feedback @jarret, I'll try to address things
Thanks, I'm really glad that the onion RPC was useful for you. Onion.studio is
I finally sat down myself and published my code (#3423) for manipulating I also think that examples are a good showcase on how things can be used, so
I'm still trying to reproduce #3370, which seems to get stuck when the next As you note the maximum payload is dependent on the route length and the type
I don't quite follow why a circular route was needed to do this? A one-shot FWIW I have a
Interesting thought. I don't quite follow how you'd add the response of the
Definitely agree with this one, I think we can build some very idiomatic
I think this use-case would have been better served using the
I think we have a couple of people asking for more fine-grained HTLC
This should already be possible with the current protocol, just encrypt a
I have been talking with some other plugin devs about creating a Payment class
I think AMP is likely not what you want here, since you want pixels and |
I'll leave this issue open for a couple of days until we've addressed all the details and/or spun them out into their own issues. Does that sound ok to you @jarret ? |
Yep, sounds good. Thanks for the detailed set of thoughts. I am still processing and might need a few days to organize some thoughts back. |
Thanks! Just from discussing and spitballing some ideas in various channels over the last few days, it is great to see that the ideas are starting to flow out there. I am feeling that the new-style tightly-coupled "payment + instruction" mode of interaction with a remote node kind of throws a wrench into some of the initial wave of thought for how LN UIs might turn out:
I read through the code for I would love to continue work on collaborating on infrastructure and the larger LN and C-Lightning project in particular, but unfortunately, I can't commit to being responsive and reliable and don't want to slow anyone down. The progress and speed of this project is amazing and I simply don't have the spare cycles to keep pace in the way that I would want to. I am subscribed and reading most of what goes by here, and am glad to chip in as I can, though.
All makes sense. One additional thought from some of the other loose discussions around programming more complicated operations - There might be the need for programming a 'compound' route. Where Alice sends an onion to Bob, gives Bob a piece of data that instructs Bob to create an onion to Carol for Carol to likewise create an onion to Alice. Alice might release a preimage that triggers the set of pending payments in one of several pre-programmed ways that she decided in a late-binding way (perhaps contingent on what she hears back from Carol). In a scheme like that, Alice would have to estimate 3 different routes with different data requirements before deciding to send. Thinking along those lines, my suggestions for something 'nice' to provide in a route creator/estimator might still be premature. It might be better to understand more concrete examples of cool ideas first.
I'll be perfectly honest, I didn't connect that LND's KeySend was possible in the current C-Lightning release via response to the In my local Bitcoin meetup group, I have been doing my share of discussing and teaching people on the concepts of Tor and onion routing in general with the notions of a) circular routing and b) overpaying hops. These have value in creating an aonyminity set of several potential nodes that could be the 'real' destination in order to confuse any potential packet snoop attack. Also, the idea of disguising an important message/payment in an early hop as a more trivial-looking payment that manifests in the final hop. Examining the new I guess I am still in the anti-pragmatic mode of playing about trying to understand the larger set of potentials. At least for now, circular payments have a bit more to talk about. Also, I can report that as a result of whiteboarding the explanation circular payments for Onion Studio, I have also caused a few "ahah" moments for people understanding channel rebalances and how the
Yes, I am not so sure myself. A second operation with some sort of cryptographic relationship might be necessary. I also wonder if it is possible to design for a sender, Alice, to inform recipient, Bob, that there is some space in the onion that Bob is free to stomp on with new data addressed to Carol of Bob's choosing. That would scramble any checksumming and perhaps leak metadata if someone observes the 'before' and 'after' packet, so it might not be kosher for Sphinx (I can't clam to understand the exact Sphinx packet details in depth).
Sounds good. Figuring out the recipe for a circular route - which I ended up taking logic from
I am inclined to agree. It's not a huge deal for the Onion Studio tech demo, however a real economic transaction might benefit from some sort of proof-of-payment from getting an invoice including a
Cool. Thanks for filing the issue. My first thought is that the non-routing TLVs found in the payload could be decoded and passed in a JSON form to the plugin - perhaps mirroring the JSON form being passed in to an improved onion/payload creator. The advantage might be to avoid needing the BOLT 1 encoding/decoding logic plugin-side and duplicated across all plugin languages. On the other hand, on passing the whole 2.6 kB of hex - Might it be desirable to allow a clever scheme to hide data in the 'spare' sections of an onion that is only revealed by the knowledge of a preimage or something else entirely? Might be an argument to pass the whole thing to allow such experiments.
Gotcha. Thanks. I had the brief thought of wanting to protocol-ize it perhaps provide the decryption automatically via the HTLC lifecycle notifications to avoid the plugin needing to do its own encrypt/decrypt operations. However, this is probably overthinking it, lacking a concrete use case, so I don't feel strongly about that right now.
Sounds like a good abstraction to me. The basic 'pull pixels from queue' loop I have implemented in my code here I think if there were this
Could be a reach on my part, but what I am ultimately desiring is a way to deliver the mentioned 160 data payloads and associated payments atomically. The obvious downside is that it would consume a lot of network resources to have lots of little pending operations open at the same time. The one-at-a-time retry loop is the way around that problem at the expense of taking a long time to send all the pixels. Down the road, perhaps a scheme could be designed where there is some smaller payments to 'rent' the middle-node resources for attempting a larger operations which might or might not close atomically. Probably requires a bunch of thought and design, but I figure is is worth bringing up since the problem is observable in Onion Studio. ~ happy to close this issue if it is quiet for a few days. |
I believe not, but only because of the need to preserve the same ephemeral key throughout the onion. If we could switch ephemeral keys, this might work, but I am uncertain about the security of that; I think @cdecker considered this before and concluded it was insecure for reasons beyond my ken.
It seems to me that factoring out a
With payment points+scalar this becomes possible to embed in a non-final onion hop, because homomorphisms. |
Agreed, my hope is that it can eventually be like this:
Don't worry, every bit counts. No matter whether it's the sporadic
I can probably provide you with a formula to estimate the available space, let
Payload in this case refers to whatever you add to the call to
No problem, we haven't publicized it widely just yet :-)
I guess imitation is the sincerest form of flattery :-)
Absolutely, I had not considered the "hide a message in a longer route"
Not with the onion construction we have today, since the entirety of the onion
The issue is that it'd be an incomplete solution at best, since
Not really possible, since the entirety of the onion is deterministically
I was thinking about implementing the
Why not deliver pixels with their associated pixels, so if you have 1000px, This is basically emulating MPP, but you could do partial draws if the full
I still am considering this, but it doesn't allow modification of the existing
@renepickhardt has recently opened a pull-request on the plugins |
As a challenge, I (with some help from others) built https://onion.studio to explore how the
createonion
,sendonion
and generally the TLV stuff can be used for building apps. Also, maybe help spread awareness of the associated concepts out there. The full code is all at: https://github.com/jarret/onionstudioFirst, thanks to all of you in the C-Lightning project for building this stuff, exposing it to be used from the outside and performing the handful of public talks to explain it. Very cool stuff that I am excited to follow the future of.
Here are some of my thoughts and feedback about some of the bumpy parts I encountered in my arc of building. A lot of it is along the lines of "other app developers will likely have need for the same stuff I wrote, so shared plugin/platform code that makes these operations easier would be a benefit". This type of thing also might be premature to action on without additional feedback from others trying to build apps.
I hope this account is useful info to help refine going forward. I apologize in advance for verbosity:
The documentation for
createonion
refers to BOLT 4 for how to encode a payload. That was a rabbit hole for me to go down and I ended up having to implement the stuff in BOLT 1 in Python in order to build the TLV payloads myself.This library is somewhat generalized such that it could be used by a different Python app and has four main modules -
bigsize.py
,tlv.py
,namespace.py
andhop_payload.py
which build on each other (in that order).For my app-specific extension TLVs, I extend a generated hop payload with my extension module.
When writing this, I was thinking about how C-Lightning has the
invoice
anddecodepay
commands which, in a way, go together as a pair for creating and decoding a BOLT 11.invoice
also is able to prevent the creation of an incorrect BOLT 11 with the benefit of context. The net effect is that the application developer doesn't have to think much about the details of BOLT 11 encodings, so maybe that is similarly achievable for the BOLT 4 payload encodings.SUGGESTION 1:
It might be good to provide an 'on rails' payload creator that can to all the TLV encoding/decoding according to spec with the main codebase such that encoders/decoders don't have to be written in N different languages. Also, it is imaginably straightforward to include optional parameters for extension TLVs to be appended after.
Since a) there is the hard cap of 1300 bytes for the payload + HMAC data in the onion packet and b) the data is all variably-length encoded for compactness and c) The quantity of hops to get to the destination (and back) can also be fluid, it makes it difficult to determine how much data is ultimately available in the packet for application extension data.
My solution for Onion Studio is a fudgy estimate starting point and a couple iteration of finding hops and attempting an encoding, and reducing the amount of payload pixels I encode until it fits under the 1300 byte limit.
Also, when playing with this stuff I hit the two crashing bugs: #3377 #3370 which were additional pain for trying to use the
createonion
command before I had a proper clue about what I was doing.Overall, this was kind of gnarly to get done, but I now have some solution logic written that might be helpful to others.
SUGGESTION 2a:
Aside from fixing the crashes and giving nice error messages when you give wrong input, it might be good to provide a fuller-featured onion packet creator functionality that is more aware of the content and give you less rope to hang yourself with. Application-side fudgy estimates like mine are doomed to be less accurate and maintained than the internal code for creating onions doing validation, so it seems to make sense to provide a better service.
SUGGESTION 2b:
Perhaps in conjunction with SUGGESTION 1, the workflow for such an onion creator tool might have two phases. First, a phase for creating the routing instructions as desired since that is the most important thing. Second, the first phase might tell you how many 'spare' bytes are left for non-routing/extension concerns and then lets you fill them in.
Onion Studio's client sends the pixel data via a circular route and pays for the pixels by 'overpaying' the routing fee at that hop. The route creation uses
getroute
with afuzzpercent
setting of0.0
. It uses thefromid
to compute the reverse route in the same way, which is can be identical to the outgoing route. It has to be deterministic simply because the algorithm need to hold the route relatively constant as it iterates on the onion construction to fit the pixel payload and appropriate payment using the rest of the space (and changing the payment amount also can influence the chosen route, changing the available space, changing the number of pixels in the payload, changing the payment, etc.).This implementation trickiness resulted in me abandoning the desire to construct a 'good' circular route that would prefer the outgoing and returning route to be fuzzy and avoid node overlaps. The result is an implementation that is perhaps sub-par for the purpose of passing a maximally-discreet message.
The chosen circular scheme is also convenient for sending data without some out-of-band negotiation between the source in the destination. An alternative for a similar app might be the "Key Send" scheme to make it a unidirectional send of a payment + extension data. However, choosing between the two schemes for a particular style of app is a complex discussion that I don't have a clear formed opinion on.
However, I observe that the circular scheme might be useful for obscuring the real destination of a 'TLV RPC call' among the set of participants in the circular route.
Also, I observe that if there are schemes designed (I expect this to be inevitable, if not already happened) for 'TLV RPC calls' where there is a call out with a payload to a node, and a call back with a payload to the source, this might look exactly like a circular operation, even though it might be two different unidirectional sub-operations in implementation. Having both schemes around and supported might be a good platform for privacy for the variety of possible operations.
SUGGESTION 3:
A "get circular route" operation might be a good plugin/command to provide as a common utility. Also, given that the 'real' payment might be in the form of a forwarding fee somewhere along the route, it would be a nice feature if that amount could be optionally be selected as a criteria.
A noted fact of the extension TLVs is that they are delivered to their intended recipient before the preimage is revealed to trigger the associated payment. Onion Studio's design is such that the pixels don't draw until the payment is received.
On the application side, it has to catch the 'payload' field upon a call from the
htlc_accepted
hook notification and hold on to the data it until getting aforward_event
notification. Also, the application needs to have a scheduled 'pruning' step to cull the stored payload data from forwarding HTLCs that never get paid.SUGGESTION 4a:
Possibly consider a design for notifications to the plugin to give notification of the extension TLVs specifically along their lifecycle such that the application can get a notification upon 1) HTLC accepted 2) HTLC fulfilled or 3) HTLC expired. This way the extension TLV might not need to be held separately by the application
SUGGESTION 4b:
One (perhaps half-baked) thought is that there might be value in the protocol supporting encrypted extended TLVs that can only be decrypted with knowledge of the preimage. This would be such that the recipient doesn't know what the requested extension operation is until the payment is received. This would give sender the option to avoid revealing the content of request until the sender has definitively decided to go ahead with the payment/operation.
With Onion Studio, typically only ~250 encoded pixels fit in the onion packet. Unless they are tiny
.png
images, they have to be split up into many separate payments. For example, a 200x200 pixel image will require approximately 160 payments of 250 satoshis each totalling 40,000 satoshis to transmit all the pixels.There is a challenge in estimating channel capacity for this kind of payment because it isn't quite "I wish to route 40k sats to the destination", it is "I wish to route many small payments totaling 40k sats to the destination which can go via different routes". Ideally, we would want to determine for the user whether it looks like that can realistically be done to completion before deciding to proceed. Right now, the approach of Onion Studio is to allow failure if there is a capacity exhaustion event midway, but gives the user the option to manually resume the transmission from the point it left off later. However, this might be frustrating user experience to have to babysit the operation and restart.
I imagine this is a similar problem for other data-publishing apps where it doesn't really deliver full value to only get a partial set of payments through to their destination.
SUGGESTION 5:
This probably needs a chunk of science done to figure out good algorithms for this, but I can perhaps spot a similarity between this and the routing considerations needed for AMP. In this specific concern, we want the full message transmission to be the concern for atomicity. It might make sense to include this problem for consideration in that discussion.
~
FIN
The text was updated successfully, but these errors were encountered: