By Bitcoin Žurnalas - prieš 6 mėnesius - Skaitymo laikas: 5 minutės
Mokėjimų padalijimas ir keitimas: privatumo ir mokėjimo sėkmės gerinimas vienu metu
One of the fundamental limitations of the Lightning protocol is how payment routing is handled and accomplished. It is entirely source routed, meaning that the sender of a payment is the one who constructs the entire route from themselves to the receiver in order to facilitate the payment. This presents an issue when it comes to the changing balances of channels over time as they are routing payments between numerous different users across the network, once a sender "locks in" and decides on a specific route, that route cannot be changed until a failure message makes it way back to the sender, allowing them to construct an entirely new route going around the point where the initial attempt failed.
Tam reikia susitvarkyti su sudėtingais ir erzinančiais UX, arba naudojant mokėjimo zondavimą, tyčia ruošti mokėjimus, kurių nepavyks tik norėdami pamatyti, ar maršrutas, kurį norite naudoti, veiks prieš bandydami dar kartą atlikdami tikrąjį mokėjimą. Pirmasis yra tik bloga vartotojo patirtis, o ne tai, ko norite, bandant sukurti tai, kad būtų perspektyvus mokėjimo sprendimas žmonėms, o antrasis uždeda nepagrįstą naštą visam tinklui, nes maršruto mazgai turi būti susiję su tinklu Nuolatinių mokėjimų srauto ir likvidumo komplikacijos, nesikreipiančios į baigimą, tik išbandyti maršruto gyvybingumą.
Pagrindinė šių problemų priežastis yra nesugebėjimas pakeisti vidutinio mokėjimo maršruto nedalyvaujant siuntėjui. Kadangi visas mokėjimo kelias yra užšifruotas, to padaryti tikrai neįmanoma. Kiekvienas šuolis žino tik šuolį prieš jį ir šuolį po jo, jie nežino galutinio tikslo, kad galėtų sukurti alternatyvų maršrutą nuo jų iki imtuvo.
Now, while this does present a huge barrier to shifting away from source-based routing, it doesn't entirely prevent it. As an intermediary node, while you can't completely reconstruct a new route from you to the destination, you can reroute the payment from yourself to the next hop defined in the path picked by the sender. So if Bob receives a payment that he is supposed to route to Carol, and the channel he is supposed to route it through doesn't have the capacity needed to forward it, he can send what he can through that channel and route the rest of the payment amount through other routes he can find from himself to Carol.
Last month Gijs van Dam wrote a proof of concept plugin for CLN (galima čia) that does exactly that, building on multi-path payments that allow a payment to split up and take multiple routes to the receiver. If Bob and Carol are both running the plugin they can, in the appropriate situations, communicate to each other that a payment being forwarded along one channel is actually being partially rerouted so that Carol doesn't immediately drop it when she sees what she is being sent is less than what she is expected to forward. This way if alternate routes are available between Bob and Carol when the sender-decided route isn't viable, they can simply reroute the needed amount and the payment can succeed without having to completely fail, propagate back to the sender, and be rerouted by them.
If widely adopted as a standardized behavior on the network this could have a huge positive impact in the success rate of payments, drastically improving the UX of Lightning users looking for a simple payment mechanism that just works. It's an incredibly simple and logical behavior that could significantly improve a well known shortcoming. That's not all it can do though.
One of the big reasons that Gijs van Dam became interested in addressing this issue actually has nothing to do with simply improving the payment success rate and UX for users, it was actually because of a privacy shortcoming. One of the well known privacy issues that Lightning is vulnerable to is channel probing, this is the problem Gijs was concerned with.
Kaip jau minėjau aukščiau, kai kurios piniginės jį naudoja siekdamos užtikrinti, kad mokėjimas būtų sėkmingas prieš iš tikrųjų bandant atlikti tikrąjį mokėjimą, tačiau šią techniką taip pat galima naudoti norint nustatyti lėšų paskirstymą abiejose kanalo pusėse. Atliekant pakartotinai ir kruopščiai parinktomis sumomis, kiekvieno tyrimo bandymo sėkmė ir nesėkmė gali nuspręsti, kaip lėšos paskirstomos abiejose kanalo pusėse. Pažengus dar toliau ir sistemingai naudojant daugybę kanalų, ši technika gali netgi deanonimizuoti mokėjimus, efektyviai stebint, kaip keičiasi likučiai kanaluose.
„Lightning“ nuolat kuriama kaip privatumo įrankis, skirtas naudoti sandoriuose, tačiau realybėje pateikiami tokie metodai, kaip kanalo privatumo tikrinimas, daugeliu atvejų geriausiu atveju gali būti silpnas, jei vartotojas nėra sudėtingas sąveikaujant su tinklu. Vienas iš įdomių mokėjimų padalijimo ir keitimo šalutinių poveikių yra tas, kad tai kenkia žvalgymo atakoms. Tyrimo ataka veikia todėl, kad galite tirti skirtingas sumas, kol nepavyks sumokėti. Jei tai daroma teisingai, tai suteikia labai mažą intervalą tarp paskutinio sėkmingo mokėjimo bandymo ir nesėkmingo, ty kanalo balanso pasiskirstymą.
In a world where Lightning nodes can on the fly reroute parts payments that would otherwise fail so they succeed, it completely breaks the inherent assumption that channel balance probing relies on. That your payment attempt will fail when the specific channel you decided to route through doesn't have the liquidity to forward it. With payment splitting and switching that assumption is no longer true, and the more nodes on the network support switching the more error prone it makes that assumption (by up to 62% according to a simulation using real-world Lightning network data by Gijs).
So not only is this proposal relatively simple, not only does it provide a path to improving the success rate of payment attempts, it also helps address one of the largest privacy shortcomings of the Lightning Network. I think especially in the wake of the recent Lightning vulnerability, this proposal shows that while Lightning is not without its share of problems, they are not impossible to solve or mitigate. It will even be very common for solutions to one problem to help with another problem.
Rome wasn't built in a day, and solutions that actually preserve Bitcoin's core properties in a scalable and sustainable way won't be either.
Originalus šaltinis: Bitcoin žurnalas