By Bitcoin Ajakiri - 6 kuud tagasi - lugemisaeg: 5 minutit
Makse jagamine ja vahetamine: privaatsuse ja makseedu samaaegne parandamine
One of the fundamental limitations of the Lightning protocol is how payment routing is handled and accomplished. It is entirely source routed, meaning that the sender of a payment is the one who constructs the entire route from themselves to the receiver in order to facilitate the payment. This presents an issue when it comes to the changing balances of channels over time as they are routing payments between numerous different users across the network, once a sender "locks in" and decides on a specific route, that route cannot be changed until a failure message makes it way back to the sender, allowing them to construct an entirely new route going around the point where the initial attempt failed.
Selleks on vaja tegeleda tülika ja tüütu kasutajakogemusega või kasutada maksete kontrollimist, tahtlikult koostades makseid, mille ebaõnnestumine ebaõnnestub, enne kui proovite uuesti tegelikku makset teha, et näha, kas marsruut, mida soovite kasutada, töötab. Esimene neist on lihtsalt halb kasutajakogemus ja mitte see, mida soovite, kui proovite luua midagi, mis oleks inimestele elujõuline makselahendus, ja teine paneb võrgule tervikuna liigse koormuse, kuna marsruutimissõlmed peavad võrguga tegelema. liiklus- ja likviidsusprobleemid, mis tulenevad pidevatest maksetest ilma kavatsuseta lõpule viia, vaid selleks, et testida marsruudi elujõulisust.
Nende probleemide lõplik põhjus on marsruudi suutmatus muuta keskmakset ilma saatja kaasamiseta. Kuna kogu makseteekond on sibula krüpteeritud, pole seda tegelikult võimalik teha. Iga hüpe on teadlik ainult hüppest enne seda ja hüpet pärast seda, nad ei tea lõppsihtkohta, mis võimaldaks neil luua alternatiivset marsruuti neist vastuvõtjani.
Now, while this does present a huge barrier to shifting away from source-based routing, it doesn't entirely prevent it. As an intermediary node, while you can't completely reconstruct a new route from you to the destination, you can reroute the payment from yourself to the next hop defined in the path picked by the sender. So if Bob receives a payment that he is supposed to route to Carol, and the channel he is supposed to route it through doesn't have the capacity needed to forward it, he can send what he can through that channel and route the rest of the payment amount through other routes he can find from himself to Carol.
Last month Gijs van Dam wrote a proof of concept plugin for CLN (saadaval siin) that does exactly that, building on multi-path payments that allow a payment to split up and take multiple routes to the receiver. If Bob and Carol are both running the plugin they can, in the appropriate situations, communicate to each other that a payment being forwarded along one channel is actually being partially rerouted so that Carol doesn't immediately drop it when she sees what she is being sent is less than what she is expected to forward. This way if alternate routes are available between Bob and Carol when the sender-decided route isn't viable, they can simply reroute the needed amount and the payment can succeed without having to completely fail, propagate back to the sender, and be rerouted by them.
If widely adopted as a standardized behavior on the network this could have a huge positive impact in the success rate of payments, drastically improving the UX of Lightning users looking for a simple payment mechanism that just works. It's an incredibly simple and logical behavior that could significantly improve a well known shortcoming. That's not all it can do though.
One of the big reasons that Gijs van Dam became interested in addressing this issue actually has nothing to do with simply improving the payment success rate and UX for users, it was actually because of a privacy shortcoming. One of the well known privacy issues that Lightning is vulnerable to is channel probing, this is the problem Gijs was concerned with.
Nagu ma eespool mainisin, kasutavad seda mõned rahakotid makse õnnestumise tagamiseks enne tegeliku makse sooritamist, kuid seda tehnikat saab kasutada ka selleks, et teha kindlaks raha jaotus kanali mõlemal küljel. Korduvalt ja hoolikalt valitud summade puhul võib iga uurimiskatse õnnestumisest ja ebaõnnestumisest järeldada, kuidas raha jaguneb kanali mõlemal küljel. Veelgi kaugemale võetuna ja süstemaatiliselt paljudes kanalites regulaarselt läbi viidud tehnika abil saab maksed isegi deanonüümseks muuta, jälgides tõhusalt reaalajas, kuidas saldod kanalite lõikes muutuvad.
Lightningit kujundatakse pidevalt tehingute jaoks mõeldud privaatsustööriistana, kuid tegelikkuses on antud tehnikad, nagu kanalite privaatsuse kontrollimine, paljudel juhtudel, ilma et kasutaja oleks võrguga suhtlemises kogenud. Makse jagamise ja vahetamise üks huvitavaid kõrvalmõjusid on see, et see õõnestab uurimisrünnakuid. Uurimisrünnak toimib seetõttu, et saate katsetamist jätkata erinevate summadega, kuni makse ebaõnnestub. Kui seda õigesti teha, annab see teile väga väikese vahemiku viimase eduka maksekatse ja ebaõnnestunud maksekatse vahel, mis on kanali saldo jaotus.
In a world where Lightning nodes can on the fly reroute parts payments that would otherwise fail so they succeed, it completely breaks the inherent assumption that channel balance probing relies on. That your payment attempt will fail when the specific channel you decided to route through doesn't have the liquidity to forward it. With payment splitting and switching that assumption is no longer true, and the more nodes on the network support switching the more error prone it makes that assumption (by up to 62% according to a simulation using real-world Lightning network data by Gijs).
So not only is this proposal relatively simple, not only does it provide a path to improving the success rate of payment attempts, it also helps address one of the largest privacy shortcomings of the Lightning Network. I think especially in the wake of the recent Lightning vulnerability, this proposal shows that while Lightning is not without its share of problems, they are not impossible to solve or mitigate. It will even be very common for solutions to one problem to help with another problem.
Rome wasn't built in a day, and solutions that actually preserve Bitcoin's core properties in a scalable and sustainable way won't be either.
Algne allikas: Bitcoin Ajakiri