lightning network – Why does every HTLC in a commitment transaction require its own signature?

Why isn’t the signature for the entire commitment transaction enough?

Because the htlc_signature field contains the signature for the HTLC transactions spending from the htlc output(s) (either received or offered) of the commitment transaction.

To expand a bit, some paths of the HTLCs scripts (timeout for an offered htlc output and success for a received HTLC output) pays to a 2of2, thus you need the right transaction which spends from this output to be signed before comiting to this (otherwise unspendable by using this script path) output.


EDIT: This question originates from this Github issue, to which Olaoluwa Osuntokun (@Roasbeef) gave today a detailed high-level explanation of why second-stage HTLCs are used in Lightning Network.

The following is the copy paste of his answer that might be of interest to anyone passing by.

Here’s my attempt at a high level explanation:

We use something called two-stage HTLCs in the system. This allows us to decouple the CLTV (absolute timelock for HTLCs) from the CSV (commitment delay to allow for breach retribution). To see why this is an issue, consider if we had both of these in the top-level HTLC script. From here, one can imagine a scenario where we have an HTLC that can be timed out (absolute block height passed), but we can’t spend it (timing it out) until our CSV period has also expired. Therefore, one needs to set their CSV values taking into account the absolute timelock (CLTV) value as well. Critically, before a user can cancel their incoming off-chain HTLC (timing out the outgoing on-chain), they need to wait for this CSV period. However, if the CSV is greater than the time lock delta (diff between incoming and outgoing HTLCs), they’ve created a race and could possibly lose money.

Without HTLCs, the dependency between the CLTV delta value and the CSV value means that if one wants to have a higher CSV value (more time to punish malicious channel peers), then they also need to have a longer CLTV delta value. As an example, a common set up with lnd is that for super higher value channels we have a CSV value of 2016 blocks (two weeks). Without second-level HTLCs, we would need to also make our CTLV delta value (40 blocks default atm), greater than 2016 blocks. This change would then propagate through the entire network, resulting in very long time lock values. The sender of an HTLC eats the full time lock delay, meaning that know their absolute worst case is much higher, trading off for better multi-hop HTLC security.

Thankfully, we figured out a solution to this: two-stage HTLCs. Note that the HTLC scripts I described above were never actually deployed. Two-stage HTLCs are actually used in the original LN white paper for a similar reason. The defective design described above was created when developers were trying to compress down the scripts and on-chain footprint a bit.

A two-stage HTLC decouples the CSV period from one’s CTLV time-lock delta. To do this, we now require the party that forced closed to spend their HTLC with a special transaction. This transaction spends a CLTV clause in the script, and itself includes a nLocktime value as well. The output of this special transaction then pays to the party timing our or redeeming the HTLC, but then enforces a CSV period. We call them two stage as we enforce two states in the claim: wait for absolute timeout value, then wait for CSV value. Note that once the absolute timeout value passes, the party can spend the original HTLC output, transitioning the HTLC claim state machine to the CSV waiting period. At this point, they can safely cancel back any off-chain HTLCs, as the other party isn’t able to settle it with a pre-image at this point.

The way we enforce this spend, is that we make any HTLC spends from one’s commitment transaction (which you broadcast during a force close) actually be a multi-sig output. We use this output to create what’s essentially an “off-chain multi-sig covenant”. Since they require our signature to spend this output, we force them into a particular type of spend using pre-signed transactions. As a result, each time we want to give them a new commitment, in addition to the commitment signature (multi-sig spending teh funding output), we also send a series of signatures, one for each HTLC, that blesses their spend of the HTLC output.

{Global Host IT Smart}Power Your Business With Lightning Fast Linux Hosting – Hosting, VPN, Proxies

Enhance the power of your Linux website with our customized Linux web hosting service from Host IT Smart. We are perfect for small, medium businesses looking for a dynamic hosting solution at affordable pricing. We have a starter as well as economy Linux hosting plans with cPanel to match your needs.

We don’t only believe in pricing but also the plans’ features, which are essential factors. We provide the best features in terms of security, resources, backup to make your website complete professional. We also offer a free SSL certificate with the plans.

Let’s get a look to our Linux hosting plans & Features:

Pricing of Linux web hosting:

Starter plan – @ $1.50/mo 

  • Unlimited Webspace
  • Unlimited Bandwidth
  • 1 website
  • SSL Certificate
  • Unlimited E-mail IDs
  • 1 subdomain
  • 2 MYSQL space

Performance plan -@ $2.50/mo

  • Unlimited webspace
  • Unlimited Bandwidth
  • 5 websites
  • SSL Certificate
  • Unlimited E-mail IDs
  • Unlimited subdomains
  • 10 MYSQL space

Business plan – @ $ 5.00/mo

  • Unlimited Webspace
  • Unlimited Bandwidth
  • Unlimited Websites
  • SSL Certificate
  • Unlimited E-mail IDs
  • Unlimited subdomains
  • Unlimited Dataspace

These 50% discounted prices, but you can avail more discounts with the plans.

If you purchase Linux hosting for more than 2 years, it avails you for an additional 30% discount, which totals 80% off!

By Applying code: HOSTITSMART30, You Get an Extra 30% Discount.

For More Details on Linux Hosting plans, Visit
https://www.hostitsmart.com/hosting/linux-hosting

Highlights to appreciate with Host IT Smart:

  • cPanel
  • Free SSL Certificate
  • Regular Malware Scanning
  • Unlimited Emails
  • 99.99% Uptime Guarantee
  • 24*7 Technical Assistance

Our Support Team is prepared to help you in any circumstance and anytime to tackle any issue in the best possible manner. We additionally furnish Instant Talk administration to interact with you, virtually.

For Immediate Assistance or information, contact us: info@hostitsmart.com or visit our website for live chat. 
 

dnd 5e – What action is used to throw a javelin of lightning?

The description of the javelin of lightning says (emphasis mine):

This javelin is a magic weapon. When you hurl it and speak its command word, it transforms into a bolt of lightning, forming a line 5 feet wide that extends out from you to a target within 120 feet. (…) The lightning bolt turns back into a javelin when it reaches the target. Make a ranged weapon attack against the target. On a hit, the target takes damage from the javelin plus 4d6 lightning damage.

The javelin’s property can’t be used again until the next dawn. In the meantime, the javelin can still be used as a magic weapon.

This seems a little ambiguous at first. The special ability of the javelin is essentially a way for it to do damage to the primary target and other creatures along the way, but it still involves a ranged weapon attack against that primary target – and the way you do that is to “hurl” the weapon (i.e. throw it). Thus, it seems reasonable to interpret it as a single weapon attack made as part of the Attack action, since nothing in the item’s description says otherwise – you’re simply attacking as normal, and saying a command word to activate its special ability when you do so.

Rules designer Jeremy Crawford unofficially confirms this interpretation on Twitter:

When using the special ability of Javelin of Lightning does the attack have disadvantage if target is outside normal range for a standard javelin rwa? Is this ability part of an Attack Action or some kind of magic item activation? RAI>RAW if they differ.

The attack portion of the javelin of lightning follows the normal rules for an attack with a javelin, and it can be done as part of the Attack action.

In short, it’s a single attack within the Attack action, and follows the corresponding rules. Essentially, you throw it as you would any javelin as part of an Attack action, you potentially speak its command word to transform it into a bolt of lightning as it flies through the air, and then it turns back into a javelin as it hits the target (doing extra damage if you activated its special ability).

This magic javelin’s description does note: “The javelin’s property can’t be used again until the next dawn.” So if you had multiple javelins of lightning somehow and you had the Extra Attack feature, you could theoretically throw multiple ones in a single turn, but you’d be using up both javelins’ ability to be used in this way for the day. (Not to mention that you’d have to have at least one of the javelins already drawn at the start of the turn, since you’d use your one free object interaction for the turn to draw a javelin.)

lightning network – Why does the funder send the signed settlement to the counter-party in eltoo?

Quoting from the Eltoo paper:

Before signing and broadcasting the funding transaction the funder requires the other endpoint to create an initial settlement transaction that
returns the funds back to the funder. The initial settlement transaction
spends the funding output, and creates a single output that returns all of
the funds to the funder. This settlement transaction is then signed using
the settlement key and returned to the funder. The funder verifies that the
settlement transaction matches its expectations, i.e., it returns its funds and
is signed by the other endpoint. Now the funder can broadcast the funding
transaction, and wait for it to be confirmed effectively starting the contract.
The funder also signs the initial settlement transaction, making it complete
and returns it to the other endpoint.

In the last sentence, the funder signs the initial settlement and sends it to the other endpoint. But why does the other endpoint need it? This settlement transaction returns all funds to the funder, so there is no benefit for the counter-party to ever publish this first settlement transaction. Couldn’t this step be skipped?

dnd 5e – Is a wand of lightning bolts made of metal?

It is up to the DM

Unless the material of a magic item is specified like it sometimes is in adventure modules and for some specific magic items:

Iron Flask


Wondrous Item, legendary

This iron bottle has a brass stopper…

In any other case, it is up to the DM what a specific magic item is made of.

Material Components

The material of the magic item need not be related to the material components of a spell that the magic item can create. From the Dungeon Master’s Guide:

The spell is cast at the lowest possible spell and caster level, doesn’t expend any of the user’s spell slots, and requires no components unless the item’s description says otherwise.

While a DM certainly could use the components as inspiration when deciding the material of the magic item, it is not a requirement that the magic item’s composition be parallel to the material components.

Would Heat Metal damage the wand?

Heat metal as a spell does not necessarily damage the object that it affects:

Choose a manufactured metal object, such as a metal weapon or a suit of heavy or medium metal armor, that you can see within range. You cause the object to glow red-hot.

If the spell was meant to damage the object, it would almost certainly say so. Not to mention, magic items are particularly resilient when compared to normal objects:

Most magic items, other than potions and scrolls, have resistance to all damage.

It also, almost certainly, would not cause the wand to discharge. There is nothing like this in the rules apart from spell scroll mishaps (which having nothing to do with breaking down the material of the magic item).

bitcoind – Risks of running lightning (LND) over a pruned node

Since i don’t believe this has been adequately discussed yet;
(see What are the issues of running lightning daemon with pruning node? & others)

What exactly are the risks of running LND over a pruned node of let’s say, 50 gb, which is roughly a year worth of data.

Can we:

  • A. Access channels that are older than a year (for routing purposes),
    and do so in a way that is trustless?
  • B. Accept HTLC’s that are routed through channels which are older
    than a year? It’s a bit of a rehash of #1, but what exactly would
    happen in this case? Would we simply not recognize the channel?
  • C. restore the seed and channel states with the same pruning
    settings, assuming that the recovery takes places in the same
    period..? (In other words, we don’t need to begin scanning @/from
    1716142, as that would be impossible? Or do we need to resync bitcoind while simultaneously syncing lnd?)
  • D. Let’s say we transacted with/through a channel Z of age 11 months, at some point along a route, for which we will lose its’ state in < a month… – Will we actually lose its’ state, did we ever have its’ state, and does this matter? If so, how does it matter? How is our node exposed?
  • E. Should we forcefully close channels of which we are about to prune the original funding transactions? I assume, yes? If so, why exactly? We don’t necessarily lose the latest signing commitments, do we?

Are there any other risks I’m not yet aware of?

I’m a bit of a newb, so if some of these questions are obvious, just a simple reference point would be much appreciated.

lightning network – How does circular rebalance on LN work?

How does circular rebalance on LN work? (note: circular rebalance is term used in RTL, I use lnd). Let me describe the situation that happened to me:

I have two channels, one with Alice, one with Bob.

The situation before circular rebalance from my point of view:

Me    (200) sats outbound -----(400)----- (200) sats inbound         Alice
Me    (200) sats outbound -----(200)----- (0)   sats inbound         Bob

Then I initiated a circular rebalance of 100 sats on the the second channel with Bob and I was asked to choose “receive from peer” where I chose Alice

The situation after the circular rebalance from my point of view (supposing no routing fees):

Me    (300) sats outbound -----(400)----- (100) sats inbound         Alice
Me    (200) sats outbound -----(300)----- (100) sats inbound         Bob

My overall outbound capacity increased by 100 sats while overall inbound capacity stayed at 200 sats. Did I just make 100 sats? Did I cheat Alice?

Solution (It was my misunderstanding, I’m answering here because Rene’s answer is really good and I want to keep it):

Basically, my outbound capacity decreased on the channel with Bob by the expected amount but the commit_fee on that channel rose by 100 and since I thought that my outbound capacity + commit fee are my disposable funds I thought of them as a overall outbound capacity which is not obviously the case.

What actually happened:
The situation before circular rebalance from my point of view:

Me    (200) sats outbound {100} commit fee -----(500)----- (200) sats inbound         Alice
Me    (400) sats outbound {100} commit fee -----(500)----- (0)   sats inbound         Bob

The situation after the circular rebalance from my point of view (supposing no routing fees):

Me    (300) sats outbound {100} commit fee-----(500)----- (100) sats inbound         Alice
Me    (300) sats outbound {200} commit fee-----(500)----- (100) sats inbound         Bob

lightning network – Autonomous Loop channel

Yes you can rebalance your channels by creating circular onions. That will also cost you routing fees which are currently low.

However in order to get onchain funds you would have to close a channel (or open a channel if you want more liquidity). This means you cannot really swap on chain with off chain funds to provide yourself with inbound liquidity – wich is what loop / submarine swaps are for.

If you use c Lightning you can use the rebalce plugin https://github.com/lightningd/plugins/tree/master/rebalance or the drain plugin: https://github.com/lightningd/plugins/tree/master/drain depending on what exactly you want to do you might have to fork these plugins

What are the different types of spam that the Lightning Network is subject to?

There are three types of spam problem in the Lightning Network. Let’s
call them “local”,”fast” and “slow”.

Local spam is someone sending or requesting too much data: that’s a simple batter of code with rate limiting etc.

Fast spam is sending many failed payments. You can’t tell what will succeed and you can’t blame the sending peer (they may not be the
source). This attack is free since we only pay on success. The answer
is to require an up-front payment but it has to be small (making sure
your incentive is to succeed) and it should not leak information on
where you are in the path. I’ve been unable to find a scheme I’m
happy with though, see my latest attempt here.

Slow spam is sending a long-lived payment. This consumes capacity > 1000x expected for a normal payment and is similarly free (if you fail). The only solution I like here is to penalize slow payments by
requiring proof-of-channel closure but you can’t always tell if
the payment was really in the channel and what if the close
transaction pays super-low fees / conflicts? You need a Merkle tree
of claimed HTLCs, plus onion unwrapping, agreement on valid closes,
handling of fake Merkle trees… all possible but real work.

Summary: We can mitigate some attacks but real fixes need spec
improvements and implementation. More attention from Smarter People
Than Me (hi!) will help us here.