By Bitcoin Revija - pred 6 meseci - Čas branja: 5 minute
Razdelitev in preklapljanje plačil: hkratno izboljšanje zasebnosti in uspešnosti plačil
One of the fundamental limitations of the Lightning protocol is how payment routing is handled and accomplished. It is entirely source routed, meaning that the sender of a payment is the one who constructs the entire route from themselves to the receiver in order to facilitate the payment. This presents an issue when it comes to the changing balances of channels over time as they are routing payments between numerous different users across the network, once a sender "locks in" and decides on a specific route, that route cannot be changed until a failure message makes it way back to the sender, allowing them to construct an entirely new route going around the point where the initial attempt failed.
To zahteva bodisi spopadanje z okorno in nadležno UX bodisi uporabo sondiranja plačil, namerno ustvarjanje plačil, ki vam ne bodo uspela, samo zato, da vidite, ali bo pot, ki jo želite uporabiti, delovala, preden znova poskusite z dejanskim plačilom. Prva je le slaba uporabniška izkušnja in ni tisto, kar želite, ko poskušate oblikovati nekaj, kar bo izvedljiva plačilna rešitev za ljudi v velikem obsegu, drugo pa neupravičeno obremenjuje celotno omrežje, saj se morajo usmerjevalna vozlišča ukvarjati z omrežjem prometni in likvidnostni zapleti zaradi nenehnih plačil brez namena dokončanja zgolj zaradi preizkusa izvedljivosti poti.
Končni vzrok teh težav je nezmožnost poti, da spremeni vmesno plačilo brez vpletenosti pošiljatelja. Ker je celotna plačilna pot čebulno šifrirana, tega pravzaprav ni mogoče storiti. Vsak skok se zaveda samo skoka pred njim in skoka za njim, nimajo znanja o končnem cilju, ki bi jim omogočil, da zgradijo alternativno pot od njih do sprejemnika.
Now, while this does present a huge barrier to shifting away from source-based routing, it doesn't entirely prevent it. As an intermediary node, while you can't completely reconstruct a new route from you to the destination, you can reroute the payment from yourself to the next hop defined in the path picked by the sender. So if Bob receives a payment that he is supposed to route to Carol, and the channel he is supposed to route it through doesn't have the capacity needed to forward it, he can send what he can through that channel and route the rest of the payment amount through other routes he can find from himself to Carol.
Last month Gijs van Dam wrote a proof of concept plugin for CLN (na voljo tukaj) that does exactly that, building on multi-path payments that allow a payment to split up and take multiple routes to the receiver. If Bob and Carol are both running the plugin they can, in the appropriate situations, communicate to each other that a payment being forwarded along one channel is actually being partially rerouted so that Carol doesn't immediately drop it when she sees what she is being sent is less than what she is expected to forward. This way if alternate routes are available between Bob and Carol when the sender-decided route isn't viable, they can simply reroute the needed amount and the payment can succeed without having to completely fail, propagate back to the sender, and be rerouted by them.
If widely adopted as a standardized behavior on the network this could have a huge positive impact in the success rate of payments, drastically improving the UX of Lightning users looking for a simple payment mechanism that just works. It's an incredibly simple and logical behavior that could significantly improve a well known shortcoming. That's not all it can do though.
One of the big reasons that Gijs van Dam became interested in addressing this issue actually has nothing to do with simply improving the payment success rate and UX for users, it was actually because of a privacy shortcoming. One of the well known privacy issues that Lightning is vulnerable to is channel probing, this is the problem Gijs was concerned with.
Kot sem omenil zgoraj, jo uporabljajo nekatere denarnice, da zagotovijo, da bo plačilo uspešno, preden dejansko poskusijo pravo plačilo, toda to tehniko je mogoče uporabiti tudi za ugotavljanje porazdelitve sredstev na obeh straneh kanala. Če se izvaja večkrat in s skrbno izbranimi zneski, lahko uspeh ali neuspeh vsakega poskusa sondiranja sklepa, kako so sredstva razdeljena na vsaki strani kanala. Ta tehnika lahko celo deanonimizira plačila z opazovanjem v realnem času, kako se stanja spreminjajo po kanalih, če gremo še dlje in se redno izvaja sistematično po številnih kanalih.
Lightning se nenehno predstavlja kot orodje za zasebnost za transakcijsko uporabo, vendar so tehnike, kot je preverjanje zasebnosti kanala, v mnogih primerih lahko v najboljšem primeru šibke, ne da bi bil uporabnik prefinjen pri interakciji z omrežjem. Eden od zanimivih stranskih učinkov delitve in zamenjave plačil je, da spodkopava poskusne napade. Razlog za delovanje poskusnega napada je v tem, da lahko še naprej preverjate z različnimi zneski, dokler plačilo ne uspe. Če je opravljeno pravilno, vam to daje zelo majhen razpon med zadnjim uspešnim poskusom plačila in neuspešnim, kar je porazdelitev stanja kanala.
In a world where Lightning nodes can on the fly reroute parts payments that would otherwise fail so they succeed, it completely breaks the inherent assumption that channel balance probing relies on. That your payment attempt will fail when the specific channel you decided to route through doesn't have the liquidity to forward it. With payment splitting and switching that assumption is no longer true, and the more nodes on the network support switching the more error prone it makes that assumption (by up to 62% according to a simulation using real-world Lightning network data by Gijs).
So not only is this proposal relatively simple, not only does it provide a path to improving the success rate of payment attempts, it also helps address one of the largest privacy shortcomings of the Lightning Network. I think especially in the wake of the recent Lightning vulnerability, this proposal shows that while Lightning is not without its share of problems, they are not impossible to solve or mitigate. It will even be very common for solutions to one problem to help with another problem.
Rome wasn't built in a day, and solutions that actually preserve Bitcoin's core properties in a scalable and sustainable way won't be either.
Izvorni vir: Bitcoin Revija