Oddbean new post about login | logout Let’s be clear, if no one steps up and decides to run LSPs because everyone is worried about regulatory concerns, every bitcoin L2 system is toast - every one that has a reasonable security model relies on some kind of centralized or federated party that has similar concerns, even if they can’t seize funds. Without any L2 systems everyone using bitcoin will simply use custodial platforms because that’s the only way to get reasonable fees and payment latency. And don’t go yelling at ACINQ for deciding not to operate Phoenix in the US, the software required to run an LSP is open source, with only relatively minimal liquidity allocation logic required to get started. We need new entrants, and that means new companies who think the risk is manageable (I’m confident it is, but I can’t fault anyone for not wanting to take that risk). If you see someone suggesting ACINQ should just keep running, the correct response is “well why aren’t you running an LSP”.
It's possible that LSPs might be unviable during the transition to a transnational currency system.
Maybe not onshore US. We are going to have to decentralize even more, come up with regional and local solutions that increase the cost of attack on our superior technology. That's the name of the game, decentralize and increase the cost of attack.
So Americans just can’t use noncustodial/no-KYC bitcoin…. Ugh
Not what I'm saying. The draconian nature of our governments monopoly on the global reserve currency is going to force Bitcoiners onshore to increase the cost of attack. Freedom, liberty and property rights are engrained in the US culture unlike anywhere else. It only seems like a rational thing to me that US Bitcoiners step up to the plate and deliver the solutions that our draconian government can't stop.
Sounds good, definitely better if US companies/citizens stepped up. Especially as when/if the US gov drags anyone to court,they might argue that none of those protections apply to non US citizens, pretty sure they already do that in the case of surveillance.
Fwiw, lighting capacity didn’t change https://m.primal.net/IBMc.jpg
Are you running an LSP?
I would if I had the technical know how.
hi dion, check out ben from @BTCsessions you tube. he has some great instructional stuff there on multiple systems. good luck
Is it feasible to run LSPs on TOR anonymously?
Noncustodial wallets want a reliable UX which generally relies on the LSP being stable and reputable, which sadly means not Tor and generally requires them to be large for profit companies.
I think the problem is that large LSPs actually have some control over funds as they can close more channels on old states than can actually punish them for doing so (What's the term for this attack?). If there was no way of stealing users' money, reputation would be less of an issue and the stability over TOR ... I'm sure we can fix this. How about TOR nodes that take e-cash for routing? TOR only adds few hops to the route so it shouldn't make LN payments impossible unless the network is saturated which paying for the service should be able to solve.
I had the same gut reaction. It may at least be possible, if extremely difficult, to get past the need for good repute ... LN penalty not ideal here, clearly.
I don't think LN-penalty is the main problem here, as the most powerful form of the attack starts by filling channels with as many expiring HTLCs as possible, which is a problem for any channel design. The only solutions I'm aware of are (1) temporary dynamic block size increases, which only increase the cost of the attack by a small multiple, (2) some form of time stop, although that increases the risk of capital losses from the time value of money, and (3) various bond designs, although they upfront accept losses to the time value of money. Of those options, I think bonds may be under explored but I also think that the main downsides of time stop may be almost entirely mitigated by John Law's hierarchical channel factories design, which would involve channels being opened by three parties, with two preferred partners being able to continue exchanging funds in the channel even if the third counterparty initiated a force close that was taking forever due to a time stop.
You are pointing to the LN penalty as a problem but isn't it exactly what makes it harder for LSPs to pull forced expiration spam attacks?
The attack you describe was called "forced expiration spam" in the original LN paper. I usually call it an "expiration flood". Other people have other names for it. See https://bitcoinops.org/en/topics/expiration-floods/
Tor latency is not ideal for order routing.
Is that because of the inherently required extra hops on TOR or because of those TOR nodes being congested? If it's the latter, we could have TOR nodes that take e-cash payments to manage supply and demand.
running a routing node as a Tor hidden service introduces 6 hops between the client and service. the increased latency, timeouts, and failure rates associated with just these 6 hops has been enough for routing nodes to forego allocating liquidity and serving clients over Tor if the average number of routing node hops per lightning payment is something like 3-6, and if all routing nodes in the chain were to run as a hidden service instead of clearnet (which i think Leo is proposing here), then all of a sudden that's 18-36 hops, which would dramatically increase latency, timeouts, and failed requests that said, just because there's an ungodly amount of hops doesn't mean it's not feasible. there's just no commercial incentive today since the market is so niche and operating an LSP - even over clearnet - hasn't been a particularly lucrative endeavor to date congestion among the Tor network is also a factor, but incentivizing folks to run more Tor nodes would introduce a new set of regulatory risks that doesn't exist today, and i'm dubious that there exists a strong enough commercial incentive in the near-term
Is it possible to have an LSP that is *only* accessible by TOR/onion address, and *not* available by clear net?
Yes, totally.
So (forgive my ignorance) is this issue charging sats while running an LSP? Or is it something else? (i.e. could you run altruistically without charging any fees and be adhering to the law?)
I'm sorry, but the law (in particular the Bank Secrecy Act) that violates fundamental human rights is the problem.
What is the computing resource need to run LSP? Higher than a Lightning routing node I presume, but less than a Nostr node?
Great points raised here. It's crucial for the growth and decentralization of Bitcoin's L2 systems that new entrants step up despite regulatory concerns. So, who's ready to take on the challenge and run an LSP? Let's keep pushing for innovation and progress in the space! #Bitcoin #L2systems #innovation
Uh, If Phoenix open sources their node ACINQ software I would run that LSP in a heartbeat, but they haven't done that. Instead I run 'LSP's like LNbits and LNDhub because they are ACTUALLY readily available software on consumer facing nodes.
Hashrate Escrows and Blind Merged Mining fixes this...
No they don’t.
why not? cuz muh mining is centralized?
Yes, with mining incredibly centralized anything secured by hashpower is a joke and miners can always require unblinding of anything “blinded” before they mine it.
Hashrate escrow does solve this. No corporation has to run an LSP or have massive liquidity to route payments. Instead, that liquidity can be used to buy L2 coins and onboard users directly without their own L1 txn. Some say it makes the miners a custodian, but that is not true. It would require thousands of hashers, collectively agreeing to continue stealing funds for 6 months- while everyone sees what they are doing every 10 minutes and they waste their Proof of Work. The only time drivechain funds will get "stolen" is when miners and economic nodes have agreed to kill a sidechain and hard fork to another. In this case, miners can offer atomic swap to the new chain before the old dies, and nobody loses money.
Unless there’s one pool with most of the hashpower, in which case they can just steal the money…oops
One pool cannot "just steal the money" and you know this. It takes six months with a constant 10 minute reminder that your pool is trying to steal the funds. Hashers have a ridiculous amount of time to switch, it is very easy to switch, and they are incentivized to switch because the pool is wasting their work. If a single mining pool has over 51% hashrate, then Bitcoin is in trouble anyway. BIP300 recognizes this and keeps the miners on a very short leash.
Well this is not true. Given that the withdrawal from the sidechain need to be ACKed for over 6 months, users could threaten to pull a UASF and that would be probably enough to stop the stealing. If not they can proceed so I will say again that Drivechain fixes this...
So, why aren't you running LSP?
I don’t think I claimed it was “easy” so much as very doable technically and the issues people face are more regulatory concern than technical. I know y’all have had to invest a lot of technical work to get the LSP up and stable but I think the open source LSP market is about to improve very substantially very quickly.
