mirror of
https://github.com/lnbook/lnbook
synced 2024-11-18 21:28:03 +00:00
1086 lines
51 KiB
Plaintext
1086 lines
51 KiB
Plaintext
= Wire Protocol: Framing & Extensibility
|
|
|
|
== Intro
|
|
|
|
In this chapter, we'll dive into the wire protocol of the Lightning network,
|
|
and also cover all the various extensibility levers that have been built into
|
|
the protocol. By the end of this chapter, and aspiring reader should be able to
|
|
write their very own wire protocol parser for the Lighting Network. In addition
|
|
to being able to write a custom wire protocol parser, a reader of this chapter
|
|
will gain a deep understanding with respect of the various upgrade mechanisms
|
|
that have been built into the protocol.
|
|
|
|
== Wire Framing
|
|
|
|
First, we being by describing the high level structure of the wire _framing_
|
|
within the protocol. When we say framing, we mean the way that the bytes are
|
|
packed on the wire to _encode_ a particular protocol message. Without knowledge
|
|
of the framing system used in the protocol, a stirn go byters on the wirte would
|
|
resemble a series of random bytes as no structure has been imposed. By applying
|
|
proper framing to decode these bytes on the wire, we'll be able to extract
|
|
structure and finally parse this structure into protocol messages within our
|
|
higher-level language.
|
|
|
|
It's important to note that as the Lightning Network is an _end to end
|
|
encrypted_ protocol, the wire framing is itself encapsulated within an
|
|
_encrypted_ message transport layer. As we learned in chapter XXX, the Lighting
|
|
Network uses Brontide, a custom variant of the Noise protocol to handle
|
|
transport encryption. Within this chapter, whenever we give an example of wire
|
|
framing, we assume the encryption layer has already been stripped away (when
|
|
decoding), or that we haven't yet encrypted the set of bytes before we send
|
|
them on the wire (encoding).
|
|
|
|
=== High-Level Wire Framing
|
|
|
|
With that said, we're ready to being describe the high-level schema used to
|
|
encode messages on the wire:
|
|
|
|
* Messages on the wire begin with a _2 byte_ type field, followed by a
|
|
message payload.
|
|
* The message payload itself, can be up to 65 KB in size.
|
|
* All integers are encoded in big-endian (network order).
|
|
* Any bytes that follow after a defined message can be safely ignored.
|
|
|
|
Yep, that's it. As the protocol relies on an _encapsulating_ transport protocol
|
|
encryption layer, we don't need an explicit length for each message type. This
|
|
is due to the fact that transport encryption works at the _message_ level, so
|
|
by the time we're ready to decode the next message, we already know the total
|
|
number of bytes of the message itself. Using 2 bytes for the message type
|
|
(encoded in big-endian) means that the protocol can have up to `2^16 - 1` or
|
|
`65535` distinct messages. Continuing, as we know all messages _MUST_ be below
|
|
65KB, this simplifies our parsing as we can use a _fixed_ sized buffer, and
|
|
maintain strong bounds on the total amount of memory required to parse an
|
|
incoming wire message.
|
|
|
|
The final bullet point allows for a degree of _backwards_ compatibility, as new
|
|
nodes are able to provide information in the wire messages that older nodes
|
|
(which may not understand them can safely ignore). As we'll see below, this
|
|
feature combined with a very flexible wire message extensibility format also
|
|
allows the protocol to achieve _forwards_ compatibility as well.
|
|
|
|
=== Type Encoding
|
|
|
|
With this high level background provided, we'll now start at the most primitive
|
|
layer: parsing primitive types. In addition to encoding integers, the Lightning
|
|
Protocol also allows for encoding of a vast array of types including: variable
|
|
length byte slices, elliptic curve public keys, Bitcoin addresses, and
|
|
signatures. When we describe the _structure_ of wire messages later in this
|
|
chapter, we'll refer to the high-level type (the abstract type) rather than the
|
|
lower level representation of said type. In this section, we'll peel back this
|
|
abstraction layer to ensure our future wire parser is able to properly
|
|
encoding/decode any of the higher level types.
|
|
|
|
In the following table, we'll map the higher-level name of a given type to the
|
|
high-level routine used to encode/decode the type.
|
|
|
|
.High-level message types
|
|
[options="header"]
|
|
|================================================================================
|
|
| High Level Type | Framing | Comment
|
|
| `node_alias` | A 32-byte fixed-length byte slice. | When decoding, reject if contents are not a valid UTF-8 string.
|
|
| `channel_id` | A 32-byte fixed-length byte slice that maps an outpoint to a 32 byte value. | Given an outpoint, one can convert it to a `channel_id` by taking the txid of the outpoint and XOR'ing it with the index (interpreted as the lower 2 bytes).
|
|
| `short_chan_id` | An unsigned 64-bit integer (`uint64`) | Composed of the block height (24 bits), transaction index (24 bits), and output index (16 bits) packed into 8 bytes.
|
|
| `milli_satoshi` | An unsigned 64-bit integer (`uint64`) | Represents 1000th of a satoshi.
|
|
| `satoshi` | An unsigned 64-bit integer (`uint64`) | The based unit of bitcoin.
|
|
| `satoshi` | An unsigned 64-bit integer (`uint64`) | The based unit of bitcoin.
|
|
| `pubkey` | An secp256k1 public key encoded in _compressed_ format, occupying 33 bytes. | Occupies a fixed 33-byte length on the wire.
|
|
| `sig` | An ECDSA signature of the secp256k1 Elliptic Curve. | Encoded as a _fixed_ 64-byte byte slice, packed as `R \|\| S`
|
|
| `uint8` | An 8-bit integer. |
|
|
| `uint16` | A 16-bit integer. |
|
|
| `uint64` | A 64-bit integer. |
|
|
| `[]byte` | A variable length byte slice. | Prefixed with a 16-bit integer denoting the length of the bytes.
|
|
| `color_rgb` | RGB color encoding. | Encoded as a series if 8-bit integers.
|
|
| `net_addr` | The encoding of a network address. | Encoded with a 1 byte prefix that denotes the type of address, followed by the address body.
|
|
|================================================================================
|
|
|
|
In the next section, we'll describe the structure of each of the wire messages
|
|
including the prefix type of the message along with the contents of its message
|
|
body.
|
|
|
|
=== Type Length Value (TLV) Message Extensions
|
|
|
|
Earlier in this chapter we mentioned that messages can be up to 65 KB in size,
|
|
and if while parsing a messages, extra bytes are left over, then those bytes
|
|
are to be _ignored_. At an initial glance, this requirement may appear to be
|
|
somewhat arbitrary, however upon close inspection it's actually the case that
|
|
this requirement allows for de-coupled de-synchronized evolution of the Lighting
|
|
Protocol itself. We'll opine further upon this notion towards the end of the
|
|
chapter. First, we'll turn our attention to exactly what those "extra bytes" at
|
|
the end of a message can be used for.
|
|
|
|
==== The Protcol Buffer Message Format
|
|
|
|
The Protocol Buffer (protobuf) message serialization format started out as an
|
|
internal format used at Google, and has blossomed into one of the most popular
|
|
message serialization formats used by developers globally. The protobuf format
|
|
describes how a message (usually some sort of data structure related to an API)
|
|
is to be encoded on the wire and decoded on the other end. Several "protobuf
|
|
compilers" exists in dozens of languages which act as a bridge that allows any
|
|
language to encode a protobuf that will be able to decode by a compliant decode
|
|
in another language. Such cross language data structure compatibility allows
|
|
for a wide range of innovation it's possible to transmit structure and even
|
|
typed data structures across language and abstraction boundaries.
|
|
|
|
Protobufs are also known for their _flexibility_ with respect to how they
|
|
handle changes in the underlying messages structure. As long as the field
|
|
numbering schema is adhered to, then it's possible for a _newer_ write of
|
|
protobufs to include information within a protobuf that may be unknown to any
|
|
older readers. When the old reader encounters the new serialized format, if
|
|
there're types/fields that it doesn't understand, then it simply _ignores_
|
|
them. This allows old clients and new clients to _co-exist_, as all clients can
|
|
parse _some_ portion of the newer message format.
|
|
|
|
==== Forwards & Backwards Compatibility
|
|
|
|
Protobufs are extremely popular amongst developers as they have built in
|
|
support for both _forwards_ and _backwards_ compatibility. Most developers are
|
|
likely familiar with the concept of backwards computability. In simple terms,
|
|
the principles states that any changes to a message format or API should be
|
|
done in a manner that doesn't _break_ support for older clients. Within our
|
|
protobuf extensibility examples above, backwards computability is achieved by
|
|
ensuring that new additions to the proto format don't break the known portions
|
|
of older readers. Forwards computability on the other hand is just as important
|
|
for de-synchronized updates however it's less commonly known. For a change to
|
|
be forwards compatible, then clients are to simply _ignore_ any information
|
|
they don't understand. The soft for mechanism of upgrading the Bitcoin
|
|
consensus system can be said to be both forwards and backwards compatible: any
|
|
clients that don't update can still use Bitcoin, and if they encounters any
|
|
transactions they don't understand, then they simply ignore them as their funds
|
|
aren't using those new features.
|
|
|
|
==== Lighting's Protobuf Inspired Message Extension Format: `TLV`
|
|
|
|
In order to be able to upgrade messages in both a forwards and backwards
|
|
compatible manner, in addition to feature bits (more on that later), the LN
|
|
utilizes a _Custom_ message serialization format plainly called: Type Length
|
|
Value, or TLV for short. The format was inspired by the widely used protobuf
|
|
format and borrows many concepts by significantly simplifying the
|
|
implementation as well as the software that interacts with message parsing. A
|
|
curious reader might ask "why not just use protobufs"? In response, the
|
|
Lighting developers would respond that we're able to have the best of the
|
|
extensibility of protobufs while also having the benefit of a smaller
|
|
implementation and thus attacks surface in the context of Lightning. As of
|
|
version v3.15.6, the protobuf compiler weighs in at over 656,671 lines of code.
|
|
In comparison lnd's implementation of the TLV message format weighs in at only
|
|
2.3k lines of code (including tests).
|
|
|
|
With the necessary background presented, we're now ready to describe the TLV
|
|
format in detail. A TLV message extension is said to be a _stream_ of
|
|
individual TLV records. A single TLV record has three components: the type of
|
|
the record, the length of the record, and finally the opaque value of the
|
|
record:
|
|
|
|
* `type`: An integer representing the name of the record being encoded.
|
|
* `length`: The length of the record.
|
|
* `value`: The opaque value of the record.
|
|
|
|
Both the `type` and `length` are encoded using a variable sized integer that's
|
|
inspired by the variable sized integer (varint) used in Bitcoin's p2p protocol,
|
|
this variant is called `BigSize` for short. In its fullest form, a `BigSize`
|
|
integer can represent value up to 64-bits. In contrast to Bitcoin's varint
|
|
format, the `BigSize format instead encodes integers using a _big endian_ byte
|
|
ordering.
|
|
|
|
The `BigSize` varint has the components: the discriminant and the body. In the
|
|
context of the `BigSize` integer, the discriminant communicates to the decoder
|
|
the _size_ of the variable size integer. Remember that the uniquer thign about
|
|
variable sized integers is that they allow a parser to use less bytes to encode
|
|
smaller integers than larger ones. This allows message formats to safe space, as
|
|
they're able to minimally encode numbers from 8 to 6-bits. Encoding a `BigSize`
|
|
integer can be defined using a piece-wise function that branches based on the
|
|
size of the integer to be encoded.
|
|
|
|
* If the value is _less than_ `0xfd` (`253`):
|
|
* Then the discriminant isn't really used, and the encoding is simply the
|
|
integer itself.
|
|
|
|
* This value allows us to encode very small integers with no additional
|
|
overhead
|
|
|
|
* If the value is _less than or equal to_ `0xffff` (`65535`):
|
|
* Then the discriminant is encoded as `0xfd`, which indicates that the body is
|
|
that follows is larger than `0xfd`, but smaller than `0xffff`).
|
|
|
|
* The body is then encoded as a _16-bit_ integer. Including the
|
|
discriminant, then we can encode a value that is greater than 253, but
|
|
less than 65535 using `3 bytes`.
|
|
|
|
* If the value is less than `0xffffffff` (`4294967295`):
|
|
* Then the discriminant is encoded as `0xfe`.
|
|
|
|
* The body is encoded using _32-bit_ integer, Including the discriminant,
|
|
then we can encode a value that's less than `4,294,967,295` using _5
|
|
bytes_.
|
|
|
|
* Otherwise, we'll just encode the value as a fully _64-bit_ integer.
|
|
|
|
|
|
Within the context of a TLV message,
|
|
values below `2^16` are said to be _reserved_ for future use. Values beyond this
|
|
range are to be used for "custom" message extensions used by higher-level
|
|
application protocols. The `value` is defined in terms of the `type`. In other
|
|
words, it can take any forma s parzers will attempt to coalsces it into a
|
|
higher-level types (such as a signatture) depending on the context of the type
|
|
itself.
|
|
|
|
One issue with the protobuf format is the encodes of the same message may
|
|
output an entirely different set of bytes when encoded by two different
|
|
versions of the compiler. Such instances of a non-cannonical encoding are not
|
|
acceptable within teh context of Lighting, was many messages contain a
|
|
signature of the message digest. If it's possible for a message to be encoded
|
|
in two different ways, then it would be possible to break the authentication of
|
|
a signature inadvertently by re-encoding a message using a slightly different
|
|
set of bytes on the wire.
|
|
|
|
In order to ensure that all encoded messages are canonical, the following
|
|
constraints are defined when encoding:
|
|
|
|
* All records within a TLV stream MUST be encoded in order of strictly
|
|
increasing type.
|
|
|
|
* All records must _minimally encode_ the `type` and `length` fields. In
|
|
orther woards, the smallest BigSIze representation for an integer MUST be
|
|
used at all times.
|
|
|
|
* Each `type` may only appear _once_ within a given TLV stream.
|
|
|
|
In addition to these writing requirements a series of higher-level
|
|
interpretation requirements are also defined based on the _arity_ of a given
|
|
`type` integer. We'll dive further into these details towards the end of the
|
|
chapter cone we talked about how the Lighting Protocol is upgraded in practice
|
|
and in theory.
|
|
|
|
|
|
=== Wire Messages
|
|
|
|
In this section, well outline the precise structure of each of the wire
|
|
messages within the protocol. We'll do so in two parts: first we'll enumerate
|
|
all the currently defined wire message types along with the message name
|
|
corresponding to that type, we',l then double back and define the structure of
|
|
each of the wire messages (partitioned into logical groupings).
|
|
|
|
First, we'll lead with an enumeration of all the currently defined types:
|
|
|
|
.Message Types
|
|
[options="header"]
|
|
|==============================================================================
|
|
| Type Integer | Message Name | Category
|
|
| 16 | `init` | Connection Establishment
|
|
| 17 | `error` | Error Communication
|
|
| 18 | `ping` | Connection Liveness
|
|
| 19 | `pong` | Connection Liveness
|
|
| 32 | `open_channel` | Channel Funding
|
|
| 33 | `accept_channel` | Channel Funding
|
|
| 34 | `funding_created` | Channel Funding
|
|
| 35 | `funding_signed` | Channel Funding
|
|
| 36 | `funding_locked` | Channel Funding + Channel Operation
|
|
| 38 | `shutdown` | Channel Closing
|
|
| 39 | `closing_signed` | Channel Closing
|
|
| 128 | `update_add_htlc` | Channel Operation
|
|
| 130 | `update_fulfill_hltc` | Channel Operation
|
|
| 131 | `update_fail_htlc` | Channel Operation
|
|
| 132 | `commit_sig` | Channel Operation
|
|
| 133 | `revoke_and_ack` | Channel Operation
|
|
| 134 | `update_fee` | Channel Operation
|
|
| 135 | `update_fail_malformed_htlc` | Channel Operation
|
|
| 136 | `channel_reestablish` | Channel Operation
|
|
| 256 | `channel_announcement` | Channel Announcement
|
|
| 257 | `node_announcement` | Channel Announcement
|
|
| 258 | `channel_update` | Channel Announcement
|
|
| 259 | `announce_signatures` | Channel Announcement
|
|
| 261 | `query_short_chan_ids` | Channel Graph Syncing
|
|
| 262 | `reply_short_chan_ids_end` | Channel Graph Syncing
|
|
| 263 | `query_channel_range` | Channel Graph Syncing
|
|
| 264 | `reply_channel_range` | Channel Graph Syncing
|
|
| 265 | `gossip_timestamp_range` | Channel Graph Syncing
|
|
|==============================================================================
|
|
|
|
In the above table, the `Category` field allows us to quickly categonize a
|
|
message based on its functionality within the protocol itself. At a high level,
|
|
we place a message into one of 8 (non exhaustive) buckets including:
|
|
|
|
* *Connection Establishment*: Sent when a peer to peer connection is first
|
|
established. Also used in order to negotiate the set of _feature_ supported
|
|
by a new connection.
|
|
|
|
* *Error Communication*: Used by peer to communicate the occurrence of
|
|
protocol level errors to each other.
|
|
|
|
* *Connection Liveness*: Used by peers to check that a given transport
|
|
connection is still live.
|
|
|
|
* *Channel Funding*: Used by peers to create a new payment channel. This
|
|
process is also known as the channel funding process.
|
|
|
|
* *Channel Operation*: The act of updating a given channel _off-chain_. This
|
|
includes sending and receiving payments, as well as forwarding payments
|
|
within the network.
|
|
|
|
* *Channel Announcement*: The process of announcing a new public channel to
|
|
the wider network so it can be used for routing purposes.
|
|
|
|
* *Channel Graph Syncing*: The process of downloading+verifying the channel
|
|
graph.
|
|
|
|
|
|
Notice how messages that belong to the same category typically share an
|
|
adjacent _message type_ as well. This is done on purpose in order to group
|
|
semantically similar messages together within the specification itself. With
|
|
this roadmap laid out, we'll now visit each message category in order to define
|
|
the precise structure and semantics of all defined messages within the LN
|
|
protocol.
|
|
|
|
==== Connection Establishment Messages
|
|
|
|
Messages in this category are the very first message sent between peers once
|
|
they establish a transport connection. At the time of writing of this chapter,
|
|
there exists only a single messages within this category, the `init` message.
|
|
The `init` message is sent by _both_ sides of the connection once it has been
|
|
first established. No other messages are to be sent before the `init` message
|
|
has been sent by both parties.
|
|
|
|
The structure of the `init` message is defined as follows:
|
|
|
|
`init` message:
|
|
|
|
* type: `16`
|
|
* fields:
|
|
* `uint16`: `global_features_len`
|
|
* `global_features_len*byte`: `global_features`
|
|
* `uint16`: `features_len`
|
|
* `features_len*byte`: `features`
|
|
* `tlv_stream_tlvs`
|
|
|
|
Structurally, the `init` message is composed of two variable size bytes slices
|
|
that each store a set of _feature bits_. As we'll see later, feature bits are a
|
|
primitive used within the protocol in order to advertise the set of protocol
|
|
features a node either understands (optional features), or demands (required
|
|
features).
|
|
|
|
Note that modern node implementations will only use the `features` field, with
|
|
items residing within the `global_features` vector for primarily _historical_
|
|
purposes (backwards compatibility).
|
|
|
|
What follows after the core message is a series of T.L.V, or Type Length Value
|
|
records which can be used to extend the message in a forwards+backwards
|
|
compatible manner in the future. We'll cover what TLV records are and how
|
|
they're used later in the chapter.
|
|
|
|
An `init` message is then examined by a peer in order to determine if the
|
|
connection is well defined based on the set of optional and required feature
|
|
bits advertised by both sides.
|
|
|
|
An optional feature means that a peer knows about a feature, but they don't
|
|
consider it critical to the operation of a new connection. An example of one
|
|
would be something like the ability to understand the semantics of a newly
|
|
added field to an existing message.
|
|
|
|
On the other hand, required feature indicate that if the other peer doesn't
|
|
know about the feature, then the connection isn't well defined. An example of
|
|
such a feature would be a theoretical new channel type within the protocol: if
|
|
your peer doesn't know of this feature, they you don't want to keep the
|
|
connection as they're unable to open your new preferred channel type.
|
|
|
|
==== Error Communication Messages
|
|
|
|
Messages in this category are used to send connection level errors between two
|
|
peers. As we'll see later, another type of error exists in the protocol: an
|
|
HTLC forwarding level error. Connection level errors may signal things like
|
|
feature bit incompatibility, or the intent to force close (unilaterally
|
|
broadcast the latest signed commitment)
|
|
|
|
The sole message in this category is the `error` message:
|
|
|
|
* type: `17`
|
|
* fields:
|
|
* `channel_id`: `chan_id`
|
|
* `uint16`: `data_len`
|
|
* `data_len*byte`: `data`
|
|
|
|
An `error` message can be sent within the scope of a particular channel by
|
|
setting the `channel_id`, to the `channel_id` of the channel under going this
|
|
new error state. Alternatively, if the error applies to the connection in
|
|
general, then the `channel_id` field should be set to all zeroes. This all zero
|
|
`channel_id` is also known as the connection level identifier for an error.
|
|
|
|
Depending on the nature of the error, sending an `error` message to a peer you
|
|
have a channel with may indicate that the channel cannot continue without
|
|
manual intervention, so the only option at that point is to force close the
|
|
channel by broadcasting the latest commitment state of the channel.
|
|
|
|
==== Connection Liveness
|
|
|
|
Messages in this section are used to probe to determine if a connection is
|
|
still live or not. As the LN protocol somewhat abstracts over the underlying
|
|
transport being used to transmit the messages, a set of protocol level `ping`
|
|
and `pong` messages are defined.
|
|
|
|
First, the `ping` message:
|
|
|
|
* type: `18`
|
|
* fields:
|
|
* `uint16`: `num_pong_bytes`
|
|
* `uint16`: `ping_body_len`
|
|
* `ping_body_len*bytes`: `ping_body`
|
|
|
|
Next it's companion, the `pong` message:
|
|
|
|
* type: `19`
|
|
* fields:
|
|
* `uint16`: `pong_body_len`
|
|
* `ping_body_len*bytes`: `pong_body`
|
|
|
|
A `ping` message can be sent by either party at any time.
|
|
|
|
The `ping` message includes a `num_pong_bytes` field that is used to instruct
|
|
the receiving node with respect to how large the payload it sends in its `pong`
|
|
message is. The `ping` message also includes a `ping_body` opaque set of bytes
|
|
which can be safely ignored. It only serves to allow a sender to pad out `ping`
|
|
messages they send, which can be useful in attempting to thwart certain
|
|
de-anonymization techniques based on packet sizes on the wire.
|
|
|
|
A `pong` message should be sent in response to a received `ping` message. The
|
|
receiver should read a set of `num_pong_bytes` random bytes to send back as the
|
|
`pong_body` field. Clever use of these fields/messages may allow a privacy
|
|
concious routing node to attempt to thwart certain classes of network
|
|
de-anonymization attempts, as they can create a "fake" transcript that
|
|
resembles other messages based on the packet sizes set across. Remember that by
|
|
default the LN uses an _encrypted_ transport, so a passive network monitor
|
|
cannot read the plaintext bytes, thus only has timing and packet sizes to go
|
|
off of.
|
|
|
|
==== Channel Funding
|
|
|
|
As we go on, we enter into the territory of the core messages that govern the
|
|
functionality and semantics of the Lightning Protocol. In this section, we'll
|
|
explore the messages sent during the process of creating a new channel. We'll
|
|
only describe the fields used as we'll leave a in in-depth analysis of the
|
|
funding process to chapter XXX.
|
|
|
|
Messages that are sent during the channel funding flow belong to the following
|
|
set of 5 messages: `open_channel`, `accept_channel`, `funding_created`,
|
|
`funding_signed`, `funding_locked`. We'll leave a description of the precise
|
|
protocol flow involving these messages for a chapter XXX. In this section,
|
|
we'll simply enumerate the set of fields and briefly describe each one.
|
|
|
|
The `open_channel` message:
|
|
|
|
* type: `32`
|
|
* fields:
|
|
* `chain_hash`:chain_hash
|
|
* `32*byte`: `temp_chan_id`
|
|
* `uint64`: `funding_satoshis`
|
|
* `uint64`: `push_msat`
|
|
* `uint64`: `dust_limit_satoshis`
|
|
* `uint64`: `max_htlc_value_in_flight_msat`
|
|
* `uint64`: `channel_reserve_satoshis`
|
|
* `uint64`: `htlc_minimum_msat`
|
|
* `uint32`: `feerate_per_kw`
|
|
* `uint16`: `to_self_delay`
|
|
* `uint16`: `max_accepted_htlcs`
|
|
* `pubkey`: `funding_pubkey`
|
|
* `pubkey`: `revocation_basepoint`
|
|
* `pubkey`: `payment_basepoint`
|
|
* `pubkey`: `delayed_payment_basepoint`
|
|
* `pubkey`: `htlc_basepoint`
|
|
* `pubkey`: `first_per_commitment_point`
|
|
* `byte`: `channel_flags`
|
|
* `tlv_stream`: `tlvs`
|
|
|
|
This is the first message sent when a node wishes to execute a new funding flow
|
|
with another node. This message contains all the necessary information required
|
|
for both peers to constructs both the funding transaction as well as the
|
|
commitment transaction.
|
|
|
|
At the time of writing of this chapter, a single TLV record is defined within
|
|
the set of optional TLV records that may be appended to the end of a defined
|
|
message:
|
|
|
|
* type: 0
|
|
* data: `upfront_shutdown_script`
|
|
|
|
The `upfront_shutdown_script` is a variable sized byte slice that MUST be a
|
|
valid public key script as accepted by the Bitcoin networks' consensus
|
|
algorithm. By providing such an address, the sending party is able to
|
|
effectively create a "closed loop" for their channel, as neither side will sign
|
|
off an cooperative closure transaction that pays to any other address. In
|
|
practice, this address is usually one derived from a cold storage wallet.
|
|
|
|
The `channel_flags` field is a bitfield of which at the time of writing, only
|
|
the _first_ bit has any sort of significance. If this bit is set, then this
|
|
denotes that this channel is to be advertised to the public network as a route
|
|
bal channel. Otherwise, the channel is considered to be unadvertised, also
|
|
commonly referred to as a "private" channel.
|
|
|
|
The `accept_channel` message is the response to the `open_channel` message:
|
|
|
|
* type: `33`
|
|
* fields:
|
|
* `32*byte`: `temp_chan_id`
|
|
* `uint64`: `dust_limit_satoshis`
|
|
* `uint64`: `max_htlc_value_in_flight_msat`
|
|
* `uint64`: `channel_reserve_satoshis`
|
|
* `uint64`: `htlc_minimum_msat`
|
|
* `uint32`: `minimum_depth`
|
|
* `uint16`: `to_self_delay`
|
|
* `uint16`: `max_accepted_htlcs`
|
|
* `pubkey`: `funding_pubkey`
|
|
* `pubkey`: `revocation_basepoint`
|
|
* `pubkey`: `payment_basepoint`
|
|
* `pubkey`: `delayed_payment_basepoint`
|
|
* `pubkey`: `htlc_basepoint`
|
|
* `pubkey`: `first_per_commitment_point`
|
|
* `tlv_stream`: `tlvs`
|
|
|
|
The `accept_channel` message is the second message sent during the funding flow
|
|
process. It serves to acknowledge an intent to open a channel with a new remote
|
|
peer. The message mostly echos the set of parameters that the responder wishes
|
|
to apply to their version of the commitment transaction. Later in Chapter XXX,
|
|
when we go into the funding process in details, we'll do a deep dive to explore
|
|
the implications of the various par maters that can be set when opening a new
|
|
channel.
|
|
|
|
In response, the initiator will send the `funding_created` message:
|
|
|
|
* type: `34`
|
|
* fields:
|
|
* `32*byte`: `temp_chan_id`
|
|
* `32*byte`: `funding_txid`
|
|
* `uint16`: `funding_output_index`
|
|
* `sig`: `commit_sig`
|
|
|
|
Once the initiator of a channel receives the `accept_channel` message from the
|
|
responder, they they have all the materials they need in order to construct the
|
|
commitment transaction, as well as the funding transaction. As channels by
|
|
default are single funder (only one side commits funds), only the initiator
|
|
needs to construct the funding transaction. As a result, in order to allow the
|
|
responder to sign a version of a commitment transaction for the initiator, the
|
|
initiator, only needs to send the funding outpoint of the channel.
|
|
|
|
To conclude the responder sends the `funding_signed` message:
|
|
|
|
* type: `34`
|
|
* fields:
|
|
* `channel_id`: `channel_id`
|
|
* `sig`: `signature`
|
|
|
|
To conclude after the responder receivers the `funding_created` message, they
|
|
now own a valid signature of the commitment transaction by the initiator. With
|
|
this signature they're able to exit the channel at any time by signing their
|
|
half of the multi-sig funding output, and broadcasting the transaction. This is
|
|
referred to as a force close. In order to give the initiator the ability to do
|
|
so was well, before the channel can be used, the responder then signs the
|
|
initiator's commitment transaction as well.
|
|
|
|
Once this message has been received by the initiator, it's safe for them to
|
|
broadcast the funding transaction, as they're now able to exit the channel
|
|
agreement unilaterally.
|
|
|
|
Once the funding transaction has received enough confirmations, the
|
|
`funding_locked` is sent:
|
|
|
|
* type: `36
|
|
* fields:
|
|
* `channel_id`: `channel_id`
|
|
* `pubkey`: `next_per_commitment_point`
|
|
|
|
Once the funding transaction obtains a `minimum_depth` number of confirmations,
|
|
then the `funding_locked` message is to be sent by both sides. Only after this
|
|
message has been received, and sent can the channel being to be used.
|
|
|
|
==== Channel Closing
|
|
|
|
* type: `38`
|
|
* fields:
|
|
[channel_id:channel_id]
|
|
[u16:len]
|
|
[len*byte:scriptpubkey]
|
|
|
|
* type: `39`
|
|
* fields:
|
|
[channel_id:channel_id]
|
|
[u64:fee_satoshis]
|
|
[signature:signature]
|
|
|
|
#### Channel Operation
|
|
|
|
In this section, we'll briefly describe the set of messages used to allow
|
|
anodes to operate a channel. By operation, we mean being able to send receive,
|
|
and forward payments for a given channel.
|
|
|
|
In order to send, receive or forward a payment over a channel, an HTLC must
|
|
first be added to both commitment transactions that comprise of a channel link.
|
|
|
|
* The `update_add_htlc` message allows either side to add a new HTLC to the
|
|
opposite commitment transaction:
|
|
|
|
* type: `128`
|
|
* fields:
|
|
* `channel_id`: `channel_id`
|
|
* `uint64`: `id`
|
|
* `uint64`: `amount_msat`
|
|
* `sha256`: `payment_hash`
|
|
* `uint32`:`cltv_expiry`
|
|
* `1366*byte:`onion_routing_packet`
|
|
|
|
Sending this message allows one party to initiate either sending a new payment,
|
|
or forwarding an existing payment that arrived via in incoming channel. The
|
|
message specifies the amount (`amount_msat`) along with the payment hash that
|
|
unlocks the payment itself. The set of forwarding instructions of the next hop
|
|
are onion encrypted within the `onion_routing_packet` field. In Chapter XXX on
|
|
multi-hop HTLC forwarding, we details the onion routing protocol used in the
|
|
Lighting Network in detail.
|
|
|
|
Note that each HTLC sent uses an auto incrementing ID which is used by any
|
|
message which modifies na HTLC (settle or cancel) to reference the HTLC in a
|
|
unique manner scoped to the channel.
|
|
|
|
The `update_fulfill_hltc` allow redemption (receipt) of an active HTLC:
|
|
|
|
* type: `130`
|
|
* fields:
|
|
* `channel_id`: `channel_id`
|
|
* `uint64`: `id`
|
|
* `32*byte`: `payment_preimage`
|
|
|
|
This message is sent by the HTLC receiver to the proposer in order to redeem an
|
|
active HTLC. The message references the `id` of the HTLC in question, and also
|
|
provides the pre-image (which unlocks the HLTC) as well.
|
|
|
|
The `update_fail_htlc` is sent to remove an HTLC from a commitment transaction:
|
|
|
|
* type: `131`
|
|
* fields:
|
|
* `channel_id`:channel_id`
|
|
* `uint64`: `id`
|
|
* `uint16`: `len`
|
|
* `len*byte`: `reason`
|
|
|
|
The `update_fail_htlc` is the opposite of the `update_fulfill_hltc` message as
|
|
it allows the receiver of an HTLC to remove the very same HTLC. This message is
|
|
typically sent when an HTLC cannot be properly routed upstream, and needs to be
|
|
sent back to the sender in order to unravel the HTLC chain. As we'll explore in
|
|
Chapter XX, the message contains an _encrypted_ failure reason (`reason`) which
|
|
may allow the sender to either adjust their payment route, or terminate if the
|
|
failure itself is a terminal one.
|
|
|
|
The `commit_sig` is used to stamp the creation of a new commitment transaction:
|
|
|
|
* type: `132`
|
|
* fields:
|
|
* `channel_id`: `channel_id`
|
|
* `sig`: `signature`
|
|
* `uint16` `num_htlcs`
|
|
* `num_htlcs*sig: `htlc_signature`
|
|
|
|
In addition to sending a signature for the next commitment transaction, the
|
|
sender of this message also needs to send a signature for each HTLC that's
|
|
present on the commitment transaction. This is due to the existence of the
|
|
|
|
|
|
The `revoke_and_ack` is sent to revoke a dated commitment:
|
|
* type: `133`
|
|
* fields:
|
|
* `channel_id`: `channel_id`
|
|
* `32*byte`: `per_commitment_secret`
|
|
* `pubkey`: `next_per_commitment_point`
|
|
|
|
As the Lightning Network uses a replace-by-revoke commitment transaction, after
|
|
receiving a new commitment transaction via the `commit_sig` message, a party
|
|
must revoke their past commitment before they're able to receive another one.
|
|
While revoking a commitment transaction, the revoker then also provides the
|
|
next commitment point that's required to allow the other party to send them a
|
|
new commitment state.
|
|
|
|
The `update_fee` is sent to update the fee on the current commitment
|
|
transactions:
|
|
|
|
* type: `134`
|
|
* fields
|
|
* `channel_id`: `channel_id`
|
|
* `uint32`: `feerate_per_kw`
|
|
|
|
This message can only be sent by the initiator of the channel they're the ones
|
|
that will pay for the commitment fee of the channel as along as it's open.
|
|
|
|
The `update_fail_malformed_htlc` is sent to remove a corrupted HTLC:
|
|
|
|
* type: `135`
|
|
* fields:
|
|
* `channel_id`: `channel_id`
|
|
* `uint64`: `id`
|
|
* `sha256`: `sha256_of_onion`
|
|
* `uint16`: `failure_code`
|
|
|
|
This message is similar to the `update_fail_htlc` but it's rarely used in
|
|
practice. As mentioned above, each HTLC carries an onion encrypted routing
|
|
packet that also covers the integrity of portions of the HTLC itself. If a
|
|
party receives an onion packet that has somehow been corrupted along the way,
|
|
then it won't be able to decrypt the packet. As a result it also can't properly
|
|
forward the HTLC, therefore it'll send this message to signify that the HTLC
|
|
has been corrupted somewhere along the route back to the sender.
|
|
|
|
==== Channel Announcement
|
|
|
|
Messages in this category are used to announce components of the Channel Graph
|
|
authenticated data structure to the wider network. The Channel Graph has a
|
|
series of unique properties due to the condition that all data added to the
|
|
channel graph MUST also be anchored in the base Bitcoin blockchain. As a
|
|
result, in order to add a new entry to the channel graph, an agent must be an
|
|
on chain transaction fee. This serves as a natural spam de tenace for the
|
|
Lightning Network.
|
|
|
|
The `channel_announcement` is used to announce a new channel to the wider
|
|
network:
|
|
|
|
* type: `256`
|
|
* fields:
|
|
* `sig`: `node_signature_1`
|
|
* `sig`: `node_signature_2`
|
|
* `sig`: `bitcoin_signature_1`
|
|
* `sig`: `bitcoin_signature_2`
|
|
* `uint16`: `len`
|
|
* `len*byte`: `features`
|
|
* `chain_hash`: `chain_hash`
|
|
* `short_channel_id`: `short_channel_id`
|
|
* `pubkey`: `node_id_1`
|
|
* `pubkey`: `node_id_2`
|
|
* `pubkey`: `bitcoin_key_1`
|
|
* `pubkey`: `bitcoin_key_2`
|
|
|
|
The series of signatures and public keys in the message serves to create a
|
|
_proof_ that the channel actually exists within the base Bitcoin blockchain. As
|
|
we'll detail in Chapter XXX, each channel is uniquely identified by a locator
|
|
that encodes it's _location_ within the blockchain. This locator is called this
|
|
`short_channel_id` and can fit into a 64-bit integer.
|
|
|
|
|
|
The `node_announcement` allows a node to announce/update it's vertex within the
|
|
greater Channel Graph:
|
|
|
|
* type: `257`
|
|
* fields:
|
|
* `sig`:`signature`
|
|
* `uint64`: `flen`
|
|
* `flen*byte`: `features`
|
|
* `uint32`: `timestamp`
|
|
* `pubkey`: `node_id`
|
|
* `3*byte`: `rgb_color`
|
|
* `32*byte`: `alias`
|
|
* `uint16`: `addrlen`
|
|
* `addrlen*byte`: `addresses`
|
|
|
|
Note that if a node doesn't have any advertised channel within the Channel
|
|
Graph, then this message is ignored in order to ensure that adding an item to
|
|
the Channel Graph bares an on-chain cost. In this case, the on-chain cost will
|
|
the cost of creating the channel which this node is connected to.
|
|
|
|
In addition to advertising its feature set, this message also allows a node to
|
|
announce/update the set of network `addresses` that it can be reached at.
|
|
|
|
The `channel_update` messages is sent to update the properties and policies of
|
|
an active channel edge within the Channel graph:
|
|
|
|
* type: `258:
|
|
* fields:
|
|
* `signature`: `signature`
|
|
* `chain_hash`: `chain_hash`
|
|
* `short_channel_id`: `short_channel_id`
|
|
* `uint32`: `timestamp`
|
|
* `byte`: `message_flags`
|
|
* `byte`: `channel_flags`
|
|
* `uint16`: `cltv_expiry_delta`
|
|
* `uint64`: `htlc_minimum_msat`
|
|
* `uint32`: `fee_base_msat`
|
|
* `uint32`: `fee_proportional_millionths`
|
|
* `uint16`: `htlc_maximum_msat`
|
|
|
|
In addition to being able to enable/disable a channel this message allows a
|
|
node to update it's routing fees as well as other fields that shape the type of
|
|
payment that is permitted to flow through this channel.
|
|
|
|
The `announce_signatures` message is exchange by channel peers in order to
|
|
assemble the set of signatures required to produce a `channel_announcement`
|
|
message:
|
|
|
|
* type: `259`
|
|
* fields:
|
|
* `channel_id`: `channel_id`
|
|
* `short_channel_id`: `short_channel_id`
|
|
* `sig`: `node_signature`
|
|
* `sig`: `bitcoin_signature`
|
|
|
|
After the `funding_locked` message has been sent, if both sides wish to
|
|
advertise their channel to the network, then they'll each send the
|
|
`announce_signatures` message which allows both sides to emplace the 4
|
|
signatures required to generate a `announce_signatures` message.
|
|
|
|
==== Channel Graph Syncing
|
|
|
|
The `query_short_chan_ids` allows a peer to obtain the channel information
|
|
related to a series of short channel IDs:
|
|
|
|
* type: `261:
|
|
* fields:
|
|
* `chain_hash`: `chain_hash`
|
|
* `u16`: `len`
|
|
* `len*byte`: `encoded_short_ids`
|
|
* `query_short_channel_ids_tlvs`: `tlvs`
|
|
|
|
As we'll learn in Chapter XXX, these channel IDs may be a series of channels
|
|
that were new to the sender, or were out of date which allows the sender to
|
|
obtain the latest set of information for a set of channels.
|
|
|
|
The `reply_short_chan_ids_end` message is sent after a peer finishes responding
|
|
to a prior `query_short_chan_ids` message:
|
|
|
|
* type; `262`
|
|
* fields:
|
|
* `chain_hash`: `chain_hash`
|
|
* `byte`: `full_information`
|
|
|
|
This message signals to the receiving party that if they wish to send another
|
|
query message, they can now do so.
|
|
|
|
The `query_channel_range` message allows a node to query for the set of channel
|
|
opened within a block range:
|
|
* type: `263:
|
|
* fields:
|
|
* `chain_hash`: `chain_hash`
|
|
* `u32`: `first_blocknum`
|
|
* `u32`: `number_of_blocks`
|
|
* `query_channel_range_tlvs`: `tlvs`
|
|
|
|
|
|
As channels are represented using a short channel ID that encodes the location
|
|
of a channel in the chain, a node on the network can use a block height as a
|
|
sort of _cursor_ to seek through the chain in order to discover a set of newly
|
|
opened channels. In Chapter XXX, we'll go through the protocol peers use to
|
|
sync the channel graph in more detail.
|
|
|
|
|
|
The `reply_channel_range` message is the response to `query_channel_range` and
|
|
includes the set of short channel IDs for known channels within that range:
|
|
* type: `264`
|
|
* fields:
|
|
* `chain_hash`: `chain_hash`
|
|
* `u32`: `first_blocknum`
|
|
* `u32`: `number_of_blocks`
|
|
* `byte`: `sync_complete`
|
|
* `u16`: `len`
|
|
* `len*byte`: `encoded_short_ids`
|
|
* `reply_channel_range_tlvs`: `tlvs`
|
|
|
|
As a response to `query_channel_range`, this message sends back the set of
|
|
channels that were opened within that range. This process can be repeated with
|
|
the requester advancing their cursor further down the chain in order to
|
|
continue syncing the Channel Graph.
|
|
|
|
The `gossip_timestamp_range` message allows a peer to start receiving new
|
|
incoming gossip messages on the network:
|
|
* type: `265:
|
|
* fields:
|
|
* `chain_hash`: `chain_hash`
|
|
* `u32`: `first_timestamp`
|
|
* `u32`: `timestamp_range`
|
|
|
|
Once a peer has synced the channel graph, they can send this message if they
|
|
wish to receive real-time updates on changes in the Channel Graph. They can
|
|
also set the `first_timestamp` and `timestamp_range` fields if they wish to
|
|
receive a backlog of updates they may have missed while they were down.
|
|
|
|
|
|
== Feature Bits & Protocol Extensibility
|
|
|
|
As the Lighting Network is a decentralized system, no one entity can enforce a
|
|
protocol change or modification upon all the users of the system. This
|
|
characteristic is also seen in other decentralized networks such as Bitcoin.
|
|
However, unlike Bitcoin overwhelming consensus *is not* require to change a
|
|
subset of the Lightning Network. Lighting is able to evolve at will without a
|
|
strong requirement of coordination, as unlike Bitcoin, there is no *global&
|
|
consensus required in the Lightning Network. Due to this fact and the several
|
|
upgrade mechanisms embedded in the Lighting Network, at most, only the
|
|
participants that wish to use these new Lighting Network feature need to
|
|
upgrade, and then they are able to interact w/ each other.
|
|
|
|
In this section, we'll explore the various ways that developers and users are
|
|
able to design, roll out, deploy new features to the Lightning Network. The
|
|
designers of the origin Lightning Network knew at the time of drafting the
|
|
initial specification, that there were many possible future directions the
|
|
network could evolves towards. As a results, they made sure to emplace several
|
|
extensibility mechanisms within the network which can be used to upgrade the
|
|
network partially or fully in a decoupled, desynchronized, decentralized
|
|
manner.
|
|
|
|
=== Feature Bits as an Upgrade Discoverability Mechanism
|
|
|
|
An astute reader may have noticed the various locations that "feature bits" are
|
|
included within the Lightning Protocol. A "feature bit" is a bitfield that can
|
|
be used to advertise understanding or adherence to a possible network protocol
|
|
update. Feature bits are commonly assigned in *pairs*, meaning that each
|
|
potential new feature/upgrade always defines *two* bits within the bitfield.
|
|
One bit signals that the advertised feature is _optional_, meaning that the
|
|
node knows a about the feature, and can use it if compelled, but doesn't
|
|
consider it required for normal operation. The other bit signals that the
|
|
feature is instead *required*, meaning that the node will not continue
|
|
operation if a prospective peer doesn't understand that feature.
|
|
|
|
Using these two bits optional and required, we can construct a simple
|
|
compatibility matrix that nodes/users can consult in order to determine if a
|
|
peer is compatible with a desired feature:
|
|
|
|
.Feature Bit Compatability Matrix
|
|
[options="header"]
|
|
|========================================================
|
|
|Bit Type|Remote Optional|Remote Required|Remote Unknown
|
|
|Local Optional|✅|✅|✅
|
|
|Local Required|✅|✅|❌
|
|
|Local Unknown|✅|❌|❌
|
|
|========================================================
|
|
|
|
From this simplified compatibility matrix, we can see that as long as the other
|
|
party *knows* about our feature bit, then can interact with them using the
|
|
protocol. If the party doesn't even know about what bit we're referring to
|
|
*and* they require the feature, then we are incompatible with them. Within the
|
|
network, optional features are signalled using an _odd bit number_ while
|
|
required feature are signalled using an _even bit number_. As an example, if a
|
|
peer signals that they known of a feature that uses bit _15_, then we know that
|
|
this is an _optional_ feature, and we can interact with them or respond to
|
|
their messages even if we don't know about the feature. On the other hand, if
|
|
they instead signalled the feature using bit _16_, then we know this is a
|
|
required feature, and we can't interact with them unless our node also
|
|
understands that feature.
|
|
|
|
The Lighting developers have come up with an easy to remember phrase that
|
|
encodes this matrix: "it's OK to be odd". This simple rule set allows for a
|
|
rich set of interactions within the protocol, as a simple bitmask operation
|
|
between two feature bit vectors allows peers to determine if certain
|
|
interactions are compatible with each other or not. In other words, feature
|
|
bits are used as an upgrade discoverability mechanism: they easily allow to
|
|
peers to understand if they are compatible or not based on the concepts of
|
|
optional, required, and unknown feature bits.
|
|
|
|
Feature bits are found in the: `node_announcement`, `channel_announcement`, and
|
|
`init` messages within the protocol. As a result, these three messages can be
|
|
used to *signal* the knowledge and/or understanding of in-flight protocol
|
|
updates within the network. The feature bits found in the `node_announcement`
|
|
message can allow a peer to determine if their _connections_ are compatible or
|
|
not. The feature bits within the `channel_announcement` messages allows a peer
|
|
to determine if a given payment ype or HTLC can transit through a given peer or
|
|
not. The feature bits within the `init` message all peers to understand kif
|
|
they can maintain a connection, and also which features are negotiated for the
|
|
lifetime of a given connection.
|
|
|
|
=== Utilizing TLV Records for Forwards+Backwards Compatibility
|
|
|
|
As we learned earlier in the chapter, Type Length Value, or TLV records can be
|
|
used to extend messages in a forwards and backwards compatible manner.
|
|
Overtime, these records have been used to _extend_ existing messages without
|
|
breaking the protocol by utilizing the "undefined" area within a message beyond
|
|
that set of known bytes.
|
|
|
|
As an example, the original Lighting Protocol didn't have a concept of the
|
|
_largest_ HTLC that could traverse through a channel as dictated by a routing
|
|
policy. Later on, the `max_htlc` field was added to the `channel_update`
|
|
message to phase in such a concept over time. Peers that held a
|
|
`channel_update` that set such a field but didn't even know the upgrade existed
|
|
where unaffected by the change, but may see their HTLCs rejected if they are
|
|
beyond the said limit. Newer peers on the other hand are able to parse, verify
|
|
and utilize the new field at will.
|
|
|
|
Those familiar with the concept of soft-forks in Bitcoin may now see some
|
|
similarities between the two mechanism. Unlike Bitcoin consensus-level
|
|
soft-forks, upgrades to the Lighting Network don't require overwhelming
|
|
consensus in order to adopt. Instead, at minimum, only two peers within the
|
|
network need to understand new upgrade in order to start utilizing it without
|
|
any permission. Commonly these tow peers may be the receiver and sender of a
|
|
payment, or it may the initiator and responder of a new payment channel.
|
|
|
|
=== A Taxonomy of Upgrade Mechanisms
|
|
|
|
Rather than there being a single widely utilized upgrade mechanism within the
|
|
network (such as soft forks for base layer Bitcoin), there exist a wide
|
|
gradient of possible upgrade mechanisms within the Lighting Network. In this
|
|
section, we'll enumerate the various upgrade mechanism within the network, and
|
|
provide a real-world example of their usage in the past.
|
|
|
|
==== Internal Network Upgrades
|
|
|
|
We'll start with the upgrade type that requires the most extra protocol-level
|
|
coordination: internal network upgrades. An internal network upgrade is
|
|
characterized by one that requires *every single node* within a prospective
|
|
payment path to understand the new feature. Such an upgrade is similar to any
|
|
upgrade within the known internet that requires hardware level upgrades within
|
|
the core relay portion of the upgrade. In the context of LN however, we deal
|
|
with pure software, so such upgrades are easier to deploy, yet they still
|
|
require much more coordination than any other upgrade type utilize within the
|
|
network.
|
|
|
|
One example of such an upgrade within the network was the move to using a TLV
|
|
encoding for the routing information encoded within the onion encrypted routing
|
|
packets utilized within the network. The prior format used a hand encoded
|
|
format to communicate information such as the next hop to send the payment to.
|
|
As this format was _fixed_ it meant that new protocol-level upgrades such as
|
|
extensions that allowed feature such as packet switching weren't possible
|
|
without. The move to encoding the information using the more flexible TLV
|
|
format meant that after the single upgrade, then any sort of feature that
|
|
modified the _type_ of information communicated at each hop could be rolled out
|
|
at will.
|
|
|
|
It's worth mentioning that the TLV onion upgrade was a sort of "soft" internal
|
|
network upgrade, in that if a payment wasn't using any _new_ feature beyond
|
|
that new routing information encoding, then a payment could be transmitted
|
|
using a _mixed_ set of nodes, as no new information would be transmitted that
|
|
are required to forward the payment. However, if a new upgrade type instead
|
|
changed the _HTLC_ format, then the entire path would need to be upgraded,
|
|
otherwise the payment wouldn't be able to be fulfilled.
|
|
|
|
==== End to End Upgrades
|
|
|
|
To contrast the internal network upgrade, in this section we'll describe the
|
|
_end to end_ network upgrade. This upgrade type differs from the internal
|
|
network upgrade in that it only requires the "ends" of the payment, the sender
|
|
and receiver to upgrade in order to be utilized. This type of upgrade allows
|
|
for a wide array of unrestricted innovation within the network, as due to the
|
|
onion encrypted nature of payments within the network, those forwarding HTLCs
|
|
within the center of the network may not even know that new feature are being
|
|
utilized.
|
|
|
|
One example of an end to end upgrade within the network was the roll out of
|
|
MPP, or multi-path payments. MPP is a protocol-level feature that enables a
|
|
single payment to be split into multiple parts or paths, to be assembled at the
|
|
receiver for settlement. The roll out our MPP was coupled with a new
|
|
`node_announcement` level feature bit that indicates that the receiver knows
|
|
how to handle partial payments. Assuming a sender and receiver know about each
|
|
other (possibly via a BOLT 11 invoice), then they're able to use the new
|
|
feature without any further negotiation.
|
|
|
|
Anothert example of an end to end upgrade are the various types of
|
|
_spontaneous_ payments deployed within the network. One early type of
|
|
spontaneous payments called "keysend" worked by simply placing the pre-image of
|
|
a payment within the encrypted onion packet that is only decrypted by the
|
|
destination o of the payment. Upon receipt, the destination would decrypt the
|
|
pre-image, then use that to settle the payment. As the entire packet is end to
|
|
end encrypted, this payment type was safe, since none of the intermediate nodes
|
|
are able to fully unwrap the onion to uncover the payment pre-image that
|
|
corresponded to that payment hash.
|
|
|
|
==== Channel Construction Level Updates
|
|
|
|
The final broad category of updates within the network are those that happen at
|
|
the channel construction level, but which don't modify the structure of the
|
|
HTLC used widely within the network. When we say channel construction, we mean
|
|
_how_ the channel is funded or created. As an example, the eltoo channel type
|
|
can be rolled out within the network using a new `node_announcement` level
|
|
feature bit as well as a `channel_announcement` level feature bit. Only the two
|
|
peers on the sides of the channels needs to understand and advertise these new
|
|
features. This channel pair can then be used to forward any payment type
|
|
granted the channel supports it.
|
|
|
|
The "anchor outputs" channel format which allows the commitment fee to be
|
|
bumped via CPFP, and second-level HTLCs aggregated amongst other transactions
|
|
was rolled out in such a manner. Using the implicit feature bit negotiation, if
|
|
both sides established a connection, and advertised knowledge of the new
|
|
channel type, then it would be used for any future channel funding attempts in
|
|
that channel.
|