1646 sats \ 7 replies \ @petertodd 17 Jan \ on: So...How are We Activating Eltoo (LNSymmetry)? bitcoin
The problem with Eltoo is that removing punishment has serious risks in untrusted environments. Your counterparty can steal a lot of money if they manage to get a revoked state mined, up to almost the entire balance of the channel.
With Eltoo, the only disincentive to attempting a theft is transaction fees. Which, if you want to close a channel anyway, isn't necessarily much of a disincentive. The attempt might not succeed. But even a 5% chance of stealing a lot of money can make it worth it if there is no downside to trying.
Eltoo is probably ok for more trusted environments, eg between parties that know each other, where an attempt at theft can be discouraged with out of band punishment. But the fact that it has this massive potential problem in the quite common case of untrusted channels has discouraged interest into it.
Incidentally, there are other use-cases for APO too. I personally have proposed them for HTLC transactions to make RBF work better: https://petertodd.org/2023/v3-transactions-review#htlcs-and-replace-by-fee
But not a lot of work has been done examining those use cases in detail.
Even if the penalty is reduced for broadcasting an old state, it shouldn't matter if both parties have a watchtower. In the case of a broken/non-functional watchtower the loss of a lot of money would happen in both lightning and eltoo.
I agree that the decreased risk would probably result in more old states being broadcast, but maybe it's a good thing for a watchtower to be tested more frequently. It should also be easier to manage watchtower software in eltoo since only the latest state is needed so I wouldn't be surprised if lighter weight supplemental watch tower services started to rise up.
reply
So this is the first time I've ever seen anyone have a concern with LNSymmetry so this is exciting lol.
After I read your comment, I had this thought that I was kinda holding back, but I'll go ahead and put it out there now.
The idea behind using LNSymmetry is to then have multi-party channels. So, broadcasting an old state doesn't screw over 1 person, but rather maybe 10 or more people and those other people have a vested interest to also ensure that the newest state is the one that gets mined so even if 1 person is having some node trouble or temporary internet connectivity issues, those other people can jump in and save them not out of altruism, but to save themselves.
Now of course a multi-party channel of 10 people could contain only 2 unique individuals, and maybe that gives rise to LN node IDs being used as pseudonyms, and that does introduce a degree of trust into the system.
So I don't have much else to say other than "huh, that's interesting".
reply
The idea behind using LNSymmetry is to then have multi-party channels.
Yes, that's a more advanced version of the idea. But multi-party channels have their own problems, in particular, coordination. It's very difficult to get more than a few parties coordinated.
Which again, has limited enthusiasm for Eltoo.
reply
The first thought that would come to mind is like a mempool for multi-party channels.
So for example we have this transaction batching service
https://peachbitcoin.com/blog/group-hug/
So you would just modify that to return a multi-party channel rather than outputs to all these different addresses.
Now that doesn't work if the architecture incentivizes using nodeIDs as pseudonyms. So in that case they might coordinate on amboss.space or maybe they would coordinate over here; https://lightningnetwork.plus/ because these style of channel opens already look very similar to the coordination you need for channel factories.
Maybe channel factories work a bit like a video game guild where you send a message requesting to join and the participants of the channel factory do something similar to a channel splice to get you added in
Still though, I'm gonna go reread some whitepapers specifically how they handle the uncoorperative close mechanism.
reply
I really like https://lightningnetwork.plus/ and have used it to bootstrap liquidity for one of my nodes. Folks should take a look if they have not seen it.
I look forward to when we can use such a pseudo social-network for channel factories and multi-party channel coordination.
reply
This game theory sounds reasonable enough. @theinstagibbs will point out that in reality, an attacker can still attempt to cheat without much at stake on ln-penalty by draining their balance in advance. There's basically the same downside for a motivated attacker in either case, but at least under ln-symmetry the node runner who lost state isn't unnecessarily punished, which currently seems to occur far more often.
I'm sympathetic to your argument of "messing with the game theory may increase the likelihood of cheating attempts," but I think the rebuttal is quite reasonable too.
reply
@theinstagibbs will point out that in reality, an attacker can still attempt to cheat without much at stake on ln-penalty by draining their balance in advance.
That's why Lightning channels have a channel reserve. You can't drain your entire balance.
reply