Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement "Simple Taproot Channels" BOLT proposal #2868

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Implement "Simple Taproot Channels" BOLT proposal #2868

wants to merge 3 commits into from
+2,918 −551

Conversation

sstone
Copy link
Member

@sstone sstone commented Jun 13, 2024
edited
Loading

This PR implements lightning/bolts#995 which introduces a new channel format where funding transactions send to an aggregated musig2 public key instead of a 2-of-2 multisig address:

  • funding and closing transactions become cheaper (by about 15%)
  • on-chain footprint becomes more private: funding and closing transactions are impossible to distinguish from other p2tr transactions

Basic interop testing (opening/closing channels, sending/receiving payments) pass with lnd v0.18

The trickiest part of this PR is the update to the splicing protocol: splicing means that there can be multiple commitment transactions that are active at the same time, and signatures must be exchanged for all of them. With the new musig2-based funding transaction scheme, this means generating and exchanging musig2 nonces in advance, which requires modifications to the interactive tx and splicing protocols that are not (yet) covered by the BOLT proposal.

This is still a WIP, we also need to add support for simple taproot channels to https://github.com/ACINQ/lightning-kmp.

Based on #2896

@sstone sstone force-pushed the simple-taproot-channels branch from 0082aea to 51ec562 Compare June 26, 2024 14:43
@codecov-commenter
Copy link

Codecov Report

Attention: Patch coverage is 95.17974% with 59 lines in your changes missing coverage. Please review.

Project coverage is 86.38%. Comparing base (40f13f4) to head (51ec562).
Report is 6 commits behind head on master.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2868      +/-   ##
==========================================
+ Coverage   85.92%   86.38%   +0.46%     
==========================================
  Files         219      220       +1     
  Lines       18488    19477     +989     
  Branches      794      814      +20     
==========================================
+ Hits        15886    16826     +940     
- Misses       2602     2651      +49
Files Coverage Δ
...core/src/main/scala/fr/acinq/eclair/Features.scala 100.00% <100.00%> (ø)
...r/acinq/eclair/blockchain/fee/OnChainFeeConf.scala 95.65% <100.00%> (ø)
...in/scala/fr/acinq/eclair/channel/ChannelData.scala 100.00% <ø> (ø)
...cala/fr/acinq/eclair/channel/ChannelFeatures.scala 100.00% <100.00%> (ø)
...inq/eclair/channel/fsm/ChannelOpenDualFunded.scala 87.52% <100.00%> (+0.52%) ⬆️
...inq/eclair/channel/fsm/CommonFundingHandlers.scala 92.00% <100.00%> (+0.88%) ⬆️
...q/eclair/channel/publish/ReplaceableTxFunder.scala 84.81% <100.00%> (-0.53%) ⬇️
...q/eclair/crypto/keymanager/ChannelKeyManager.scala 88.88% <100.00%> (+1.38%) ⬆️
...air/crypto/keymanager/LocalChannelKeyManager.scala 100.00% <100.00%> (ø)
...air/crypto/keymanager/LocalOnChainKeyManager.scala 87.50% <100.00%> (ø)
... and 21 more

... and 5 files with indirect coverage changes

@sstone sstone force-pushed the simple-taproot-channels branch from 51ec562 to cdefa9a Compare June 30, 2024 18:50
@sstone sstone mentioned this pull request Jul 4, 2024
Draft
@sstone sstone force-pushed the simple-taproot-channels branch 2 times, most recently from 786cfa1 to f9fe228 Compare July 22, 2024 12:41
@sstone sstone force-pushed the simple-taproot-channels branch from f9fe228 to 7480cee Compare August 8, 2024 19:08
@sstone sstone changed the base branch from master to store-partial-signatures August 8, 2024 19:09
@sstone sstone force-pushed the simple-taproot-channels branch from 37553dc to 1966835 Compare August 19, 2024 11:37
@sstone sstone force-pushed the store-partial-signatures branch from 46ef2b7 to 155b8dc Compare September 9, 2024 11:32
@sstone sstone force-pushed the simple-taproot-channels branch from 1966835 to 2015ced Compare September 9, 2024 11:33
@sstone sstone force-pushed the store-partial-signatures branch 2 times, most recently from 452c0e0 to 16e75b0 Compare September 10, 2024 17:59
@sstone sstone force-pushed the simple-taproot-channels branch from 2015ced to c259402 Compare September 10, 2024 18:31
@remyers remyers mentioned this pull request Sep 24, 2024
Open
@sstone sstone force-pushed the store-partial-signatures branch from 57310de to 0ac5a45 Compare September 26, 2024 19:55
@sstone sstone force-pushed the simple-taproot-channels branch from c259402 to 537d134 Compare September 26, 2024 19:55
@sstone sstone force-pushed the store-partial-signatures branch from 0ac5a45 to af1d5c7 Compare October 1, 2024 07:40
@sstone sstone force-pushed the simple-taproot-channels branch from 537d134 to 22e6a8e Compare October 1, 2024 07:40
remyers
remyers reviewed Oct 2, 2024
View reviewed changes
Copy link
Contributor

@remyers remyers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good so far. I focused this preliminary review on splicing to identifiy any potential nonce reuse issues early.

I found one potential issue if we allow tx_abort after we send commit_sig.

I also think RBF of splices will need to be done carefully to avoid nonce resuse. I think we will need to include the RBF attempt count when generating nonces. I'll review again once you've rebased on the latest splice branch that includes splice RBF.

eclair-core/src/main/scala/fr/acinq/eclair/channel/fund/InteractiveTxBuilder.scala Show resolved Hide resolved
@sstone sstone force-pushed the store-partial-signatures branch from af1d5c7 to 5e9706a Compare October 14, 2024 13:38
@sstone sstone force-pushed the simple-taproot-channels branch from cb1a0ff to dc59336 Compare October 14, 2024 13:39
@sstone sstone force-pushed the store-partial-signatures branch from 5e9706a to 1926d8a Compare October 15, 2024 13:26
@sstone sstone force-pushed the simple-taproot-channels branch from dc59336 to 799c1da Compare October 15, 2024 13:26
@sstone sstone force-pushed the store-partial-signatures branch from 1926d8a to f9fa5ba Compare October 21, 2024 14:38
@sstone sstone force-pushed the simple-taproot-channels branch 2 times, most recently from 1d85d22 to 258a479 Compare October 22, 2024 14:18
@sstone sstone force-pushed the simple-taproot-channels branch 2 times, most recently from 4e6a55e to 827bcd9 Compare November 12, 2024 12:51
@sstone sstone force-pushed the simple-taproot-channels branch from 827bcd9 to 6f023ff Compare November 20, 2024 16:44
@sstone sstone force-pushed the store-partial-signatures branch from f9fa5ba to ca706c7 Compare November 26, 2024 13:39
@sstone sstone force-pushed the simple-taproot-channels branch 2 times, most recently from 3dc1a34 to 6e1f9a9 Compare November 27, 2024 18:08
@sstone sstone force-pushed the store-partial-signatures branch from ca706c7 to 65e74f6 Compare December 9, 2024 14:23
@sstone sstone force-pushed the simple-taproot-channels branch from 6e1f9a9 to ddd0c13 Compare December 9, 2024 14:23
@sstone sstone force-pushed the store-partial-signatures branch from 65e74f6 to fe63e30 Compare January 6, 2025 16:42
@sstone sstone force-pushed the simple-taproot-channels branch 2 times, most recently from b7ff868 to 68aa9dc Compare January 6, 2025 17:59
@sstone sstone force-pushed the store-partial-signatures branch from fe63e30 to a77aa5f Compare January 9, 2025 19:23
@sstone sstone force-pushed the simple-taproot-channels branch 4 times, most recently from aae084e to 6afa679 Compare January 14, 2025 18:46
Base automatically changed from store-partial-signatures to master January 15, 2025 13:13
@sstone sstone force-pushed the simple-taproot-channels branch from 6afa679 to 7eff6e5 Compare January 15, 2025 16:48
@sstone sstone force-pushed the simple-taproot-channels branch 4 times, most recently from d503971 to e28b326 Compare January 29, 2025 11:05
sstone added 3 commits February 2, 2025 21:46
@sstone
Implement simple taproot channels
1432e5d 
This commit implements:
  - feature bits for simple taproot channels
  - TLV extensions for funding/closing wire messages
  - modifications to how we handle channel funding, splicing and mutual closing
  - changes to the commitment structures

Since the current "simple taproot channels" proposal is not compatible with splices, we extend it to include a list of musig2 nonces (one for each active commitment transaction).
Similar to how commitment points are handled, `firstRemoteNonce` and `secondRemoteNonce` fields have been added to `SpliceInit` and `SpliceAck`, encoded as a list of nonces (instead of 2 expicit nonces)
We also need a nonce for the new commit tx that is being built, here it has been added to `SpliceInit` and `SpliceAck`.

The closing workflow is similar to the standard "simple close" workflow:
- Alice and Bob exchange `shutdown`, which includes a "closing nonce" (no changes here compared to the "simple taproot channels" spec).
- Alice selects possible closing transaction (closer_output_only, closee_output_only, closer_and_closee_output) and for each of them creates
a partial_signature_with_nonce using a new random local nonce and Bob's closing nonce (which she received in Bob's `shutdown` message).
- Alice send a `closing_complete` message to Bob that include these partial_signature_with_nonce.
- Bob receive Alice's `closing_complete` message, selects one of Alice's partial_signature_with_nonce, creates partial_signature_with_nonce using.
his closing nonce and the nonce attached to the partial_signature_with_nonce and sends it to Alice in a `closing_sig` message.
- Alice receives Bob's `closing_sig` and creates a partial signature for her closing tx using her closing nonce and the nonce attached Bob's partial_signature_with_nonce.
- Alice combines this signature with Bob's and can broadcat her closing tx.
@sstone
Fix splicing issues
a2726ce 
Upon re-connection, when a splice has not been fully completed, nodes will re-send signatures for the previous remote commit tx. This signature will
be ignored by the receiving nodes if it has already received it before it was disconnected, simply by comparing them (signatures are deterministic).

With taproot channels, we also need to attach musig2 nonces for splices in progress to channel_reestablish, which are needed to re-generate the signature
for the old commit tx.
@sstone
Rework nonce generation
5f21e96
@sstone sstone force-pushed the simple-taproot-channels branch from e28b326 to 5f21e96 Compare February 2, 2025 21:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@remyers remyers remyers left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Optech Make Me Famous!
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sstone @codecov-commenter @remyers @t-bast