Tadge Dryja — Research — MIT Digital Currency Initiative

Bitcoin (BTC)A Peer-to-Peer Electronic Cash System.

Bitcoin (BTC)A Peer-to-Peer Electronic Cash System.
  • Bitcoin (BTC) is a peer-to-peer cryptocurrency that aims to function as a means of exchange that is independent of any central authority. BTC can be transferred electronically in a secure, verifiable, and immutable way.
  • Launched in 2009, BTC is the first virtual currency to solve the double-spending issue by timestamping transactions before broadcasting them to all of the nodes in the Bitcoin network. The Bitcoin Protocol offered a solution to the Byzantine Generals’ Problem with a blockchain network structure, a notion first created by Stuart Haber and W. Scott Stornetta in 1991.
  • Bitcoin’s whitepaper was published pseudonymously in 2008 by an individual, or a group, with the pseudonym “Satoshi Nakamoto”, whose underlying identity has still not been verified.
  • The Bitcoin protocol uses an SHA-256d-based Proof-of-Work (PoW) algorithm to reach network consensus. Its network has a target block time of 10 minutes and a maximum supply of 21 million tokens, with a decaying token emission rate. To prevent fluctuation of the block time, the network’s block difficulty is re-adjusted through an algorithm based on the past 2016 block times.
  • With a block size limit capped at 1 megabyte, the Bitcoin Protocol has supported both the Lightning Network, a second-layer infrastructure for payment channels, and Segregated Witness, a soft-fork to increase the number of transactions on a block, as solutions to network scalability.

https://preview.redd.it/s2gmpmeze3151.png?width=256&format=png&auto=webp&s=9759910dd3c4a15b83f55b827d1899fb2fdd3de1

1. What is Bitcoin (BTC)?

  • Bitcoin is a peer-to-peer cryptocurrency that aims to function as a means of exchange and is independent of any central authority. Bitcoins are transferred electronically in a secure, verifiable, and immutable way.
  • Network validators, whom are often referred to as miners, participate in the SHA-256d-based Proof-of-Work consensus mechanism to determine the next global state of the blockchain.
  • The Bitcoin protocol has a target block time of 10 minutes, and a maximum supply of 21 million tokens. The only way new bitcoins can be produced is when a block producer generates a new valid block.
  • The protocol has a token emission rate that halves every 210,000 blocks, or approximately every 4 years.
  • Unlike public blockchain infrastructures supporting the development of decentralized applications (Ethereum), the Bitcoin protocol is primarily used only for payments, and has only very limited support for smart contract-like functionalities (Bitcoin “Script” is mostly used to create certain conditions before bitcoins are used to be spent).

2. Bitcoin’s core features

For a more beginner’s introduction to Bitcoin, please visit Binance Academy’s guide to Bitcoin.

Unspent Transaction Output (UTXO) model

A UTXO transaction works like cash payment between two parties: Alice gives money to Bob and receives change (i.e., unspent amount). In comparison, blockchains like Ethereum rely on the account model.
https://preview.redd.it/t1j6anf8f3151.png?width=1601&format=png&auto=webp&s=33bd141d8f2136a6f32739c8cdc7aae2e04cbc47

Nakamoto consensus

In the Bitcoin network, anyone can join the network and become a bookkeeping service provider i.e., a validator. All validators are allowed in the race to become the block producer for the next block, yet only the first to complete a computationally heavy task will win. This feature is called Proof of Work (PoW).
The probability of any single validator to finish the task first is equal to the percentage of the total network computation power, or hash power, the validator has. For instance, a validator with 5% of the total network computation power will have a 5% chance of completing the task first, and therefore becoming the next block producer.
Since anyone can join the race, competition is prone to increase. In the early days, Bitcoin mining was mostly done by personal computer CPUs.
As of today, Bitcoin validators, or miners, have opted for dedicated and more powerful devices such as machines based on Application-Specific Integrated Circuit (“ASIC”).
Proof of Work secures the network as block producers must have spent resources external to the network (i.e., money to pay electricity), and can provide proof to other participants that they did so.
With various miners competing for block rewards, it becomes difficult for one single malicious party to gain network majority (defined as more than 51% of the network’s hash power in the Nakamoto consensus mechanism). The ability to rearrange transactions via 51% attacks indicates another feature of the Nakamoto consensus: the finality of transactions is only probabilistic.
Once a block is produced, it is then propagated by the block producer to all other validators to check on the validity of all transactions in that block. The block producer will receive rewards in the network’s native currency (i.e., bitcoin) as all validators approve the block and update their ledgers.

The blockchain

Block production

The Bitcoin protocol utilizes the Merkle tree data structure in order to organize hashes of numerous individual transactions into each block. This concept is named after Ralph Merkle, who patented it in 1979.
With the use of a Merkle tree, though each block might contain thousands of transactions, it will have the ability to combine all of their hashes and condense them into one, allowing efficient and secure verification of this group of transactions. This single hash called is a Merkle root, which is stored in the Block Header of a block. The Block Header also stores other meta information of a block, such as a hash of the previous Block Header, which enables blocks to be associated in a chain-like structure (hence the name “blockchain”).
An illustration of block production in the Bitcoin Protocol is demonstrated below.

https://preview.redd.it/m6texxicf3151.png?width=1591&format=png&auto=webp&s=f4253304912ed8370948b9c524e08fef28f1c78d

Block time and mining difficulty

Block time is the period required to create the next block in a network. As mentioned above, the node who solves the computationally intensive task will be allowed to produce the next block. Therefore, block time is directly correlated to the amount of time it takes for a node to find a solution to the task. The Bitcoin protocol sets a target block time of 10 minutes, and attempts to achieve this by introducing a variable named mining difficulty.
Mining difficulty refers to how difficult it is for the node to solve the computationally intensive task. If the network sets a high difficulty for the task, while miners have low computational power, which is often referred to as “hashrate”, it would statistically take longer for the nodes to get an answer for the task. If the difficulty is low, but miners have rather strong computational power, statistically, some nodes will be able to solve the task quickly.
Therefore, the 10 minute target block time is achieved by constantly and automatically adjusting the mining difficulty according to how much computational power there is amongst the nodes. The average block time of the network is evaluated after a certain number of blocks, and if it is greater than the expected block time, the difficulty level will decrease; if it is less than the expected block time, the difficulty level will increase.

What are orphan blocks?

In a PoW blockchain network, if the block time is too low, it would increase the likelihood of nodes producingorphan blocks, for which they would receive no reward. Orphan blocks are produced by nodes who solved the task but did not broadcast their results to the whole network the quickest due to network latency.
It takes time for a message to travel through a network, and it is entirely possible for 2 nodes to complete the task and start to broadcast their results to the network at roughly the same time, while one’s messages are received by all other nodes earlier as the node has low latency.
Imagine there is a network latency of 1 minute and a target block time of 2 minutes. A node could solve the task in around 1 minute but his message would take 1 minute to reach the rest of the nodes that are still working on the solution. While his message travels through the network, all the work done by all other nodes during that 1 minute, even if these nodes also complete the task, would go to waste. In this case, 50% of the computational power contributed to the network is wasted.
The percentage of wasted computational power would proportionally decrease if the mining difficulty were higher, as it would statistically take longer for miners to complete the task. In other words, if the mining difficulty, and therefore targeted block time is low, miners with powerful and often centralized mining facilities would get a higher chance of becoming the block producer, while the participation of weaker miners would become in vain. This introduces possible centralization and weakens the overall security of the network.
However, given a limited amount of transactions that can be stored in a block, making the block time too longwould decrease the number of transactions the network can process per second, negatively affecting network scalability.

3. Bitcoin’s additional features

Segregated Witness (SegWit)

Segregated Witness, often abbreviated as SegWit, is a protocol upgrade proposal that went live in August 2017.
SegWit separates witness signatures from transaction-related data. Witness signatures in legacy Bitcoin blocks often take more than 50% of the block size. By removing witness signatures from the transaction block, this protocol upgrade effectively increases the number of transactions that can be stored in a single block, enabling the network to handle more transactions per second. As a result, SegWit increases the scalability of Nakamoto consensus-based blockchain networks like Bitcoin and Litecoin.
SegWit also makes transactions cheaper. Since transaction fees are derived from how much data is being processed by the block producer, the more transactions that can be stored in a 1MB block, the cheaper individual transactions become.
https://preview.redd.it/depya70mf3151.png?width=1601&format=png&auto=webp&s=a6499aa2131fbf347f8ffd812930b2f7d66be48e
The legacy Bitcoin block has a block size limit of 1 megabyte, and any change on the block size would require a network hard-fork. On August 1st 2017, the first hard-fork occurred, leading to the creation of Bitcoin Cash (“BCH”), which introduced an 8 megabyte block size limit.
Conversely, Segregated Witness was a soft-fork: it never changed the transaction block size limit of the network. Instead, it added an extended block with an upper limit of 3 megabytes, which contains solely witness signatures, to the 1 megabyte block that contains only transaction data. This new block type can be processed even by nodes that have not completed the SegWit protocol upgrade.
Furthermore, the separation of witness signatures from transaction data solves the malleability issue with the original Bitcoin protocol. Without Segregated Witness, these signatures could be altered before the block is validated by miners. Indeed, alterations can be done in such a way that if the system does a mathematical check, the signature would still be valid. However, since the values in the signature are changed, the two signatures would create vastly different hash values.
For instance, if a witness signature states “6,” it has a mathematical value of 6, and would create a hash value of 12345. However, if the witness signature were changed to “06”, it would maintain a mathematical value of 6 while creating a (faulty) hash value of 67890.
Since the mathematical values are the same, the altered signature remains a valid signature. This would create a bookkeeping issue, as transactions in Nakamoto consensus-based blockchain networks are documented with these hash values, or transaction IDs. Effectively, one can alter a transaction ID to a new one, and the new ID can still be valid.
This can create many issues, as illustrated in the below example:
  1. Alice sends Bob 1 BTC, and Bob sends Merchant Carol this 1 BTC for some goods.
  2. Bob sends Carols this 1 BTC, while the transaction from Alice to Bob is not yet validated. Carol sees this incoming transaction of 1 BTC to him, and immediately ships goods to B.
  3. At the moment, the transaction from Alice to Bob is still not confirmed by the network, and Bob can change the witness signature, therefore changing this transaction ID from 12345 to 67890.
  4. Now Carol will not receive his 1 BTC, as the network looks for transaction 12345 to ensure that Bob’s wallet balance is valid.
  5. As this particular transaction ID changed from 12345 to 67890, the transaction from Bob to Carol will fail, and Bob will get his goods while still holding his BTC.
With the Segregated Witness upgrade, such instances can not happen again. This is because the witness signatures are moved outside of the transaction block into an extended block, and altering the witness signature won’t affect the transaction ID.
Since the transaction malleability issue is fixed, Segregated Witness also enables the proper functioning of second-layer scalability solutions on the Bitcoin protocol, such as the Lightning Network.

Lightning Network

Lightning Network is a second-layer micropayment solution for scalability.
Specifically, Lightning Network aims to enable near-instant and low-cost payments between merchants and customers that wish to use bitcoins.
Lightning Network was conceptualized in a whitepaper by Joseph Poon and Thaddeus Dryja in 2015. Since then, it has been implemented by multiple companies. The most prominent of them include Blockstream, Lightning Labs, and ACINQ.
A list of curated resources relevant to Lightning Network can be found here.
In the Lightning Network, if a customer wishes to transact with a merchant, both of them need to open a payment channel, which operates off the Bitcoin blockchain (i.e., off-chain vs. on-chain). None of the transaction details from this payment channel are recorded on the blockchain, and only when the channel is closed will the end result of both party’s wallet balances be updated to the blockchain. The blockchain only serves as a settlement layer for Lightning transactions.
Since all transactions done via the payment channel are conducted independently of the Nakamoto consensus, both parties involved in transactions do not need to wait for network confirmation on transactions. Instead, transacting parties would pay transaction fees to Bitcoin miners only when they decide to close the channel.
https://preview.redd.it/cy56icarf3151.png?width=1601&format=png&auto=webp&s=b239a63c6a87ec6cc1b18ce2cbd0355f8831c3a8
One limitation to the Lightning Network is that it requires a person to be online to receive transactions attributing towards him. Another limitation in user experience could be that one needs to lock up some funds every time he wishes to open a payment channel, and is only able to use that fund within the channel.
However, this does not mean he needs to create new channels every time he wishes to transact with a different person on the Lightning Network. If Alice wants to send money to Carol, but they do not have a payment channel open, they can ask Bob, who has payment channels open to both Alice and Carol, to help make that transaction. Alice will be able to send funds to Bob, and Bob to Carol. Hence, the number of “payment hubs” (i.e., Bob in the previous example) correlates with both the convenience and the usability of the Lightning Network for real-world applications.

Schnorr Signature upgrade proposal

Elliptic Curve Digital Signature Algorithm (“ECDSA”) signatures are used to sign transactions on the Bitcoin blockchain.
https://preview.redd.it/hjeqe4l7g3151.png?width=1601&format=png&auto=webp&s=8014fb08fe62ac4d91645499bc0c7e1c04c5d7c4
However, many developers now advocate for replacing ECDSA with Schnorr Signature. Once Schnorr Signatures are implemented, multiple parties can collaborate in producing a signature that is valid for the sum of their public keys.
This would primarily be beneficial for network scalability. When multiple addresses were to conduct transactions to a single address, each transaction would require their own signature. With Schnorr Signature, all these signatures would be combined into one. As a result, the network would be able to store more transactions in a single block.
https://preview.redd.it/axg3wayag3151.png?width=1601&format=png&auto=webp&s=93d958fa6b0e623caa82ca71fe457b4daa88c71e
The reduced size in signatures implies a reduced cost on transaction fees. The group of senders can split the transaction fees for that one group signature, instead of paying for one personal signature individually.
Schnorr Signature also improves network privacy and token fungibility. A third-party observer will not be able to detect if a user is sending a multi-signature transaction, since the signature will be in the same format as a single-signature transaction.

4. Economics and supply distribution

The Bitcoin protocol utilizes the Nakamoto consensus, and nodes validate blocks via Proof-of-Work mining. The bitcoin token was not pre-mined, and has a maximum supply of 21 million. The initial reward for a block was 50 BTC per block. Block mining rewards halve every 210,000 blocks. Since the average time for block production on the blockchain is 10 minutes, it implies that the block reward halving events will approximately take place every 4 years.
As of May 12th 2020, the block mining rewards are 6.25 BTC per block. Transaction fees also represent a minor revenue stream for miners.
submitted by D-platform to u/D-platform [link] [comments]

⚡ Lightning Network Megathread ⚡

Last updated 2018-01-29
This post is a collaboration with the Bitcoin community to create a one-stop source for Lightning Network information.
There are still questions in the FAQ that are unanswered, if you know the answer and can provide a source please do so!

⚡What is the Lightning Network? ⚡

Explanations:

Image Explanations:

Specifications / White Papers

Videos

Lightning Network Experts on Reddit

  • starkbot - (Elizabeth Stark - Lightning Labs)
  • roasbeef - (Olaoluwa Osuntokun - Lightning Labs)
  • stile65 - (Alex Akselrod - Lightning Labs)
  • cfromknecht - (Conner Fromknecht - Lightning Labs)
  • RustyReddit - (Rusty Russell - Blockstream)
  • cdecker - (Christian Decker - Blockstream)
  • Dryja - (Tadge Dryja - Digital Currency Initiative)
  • josephpoon - (Joseph Poon)
  • fdrn - (Fabrice Drouin - ACINQ )
  • pmpadiou - (Pierre-Marie Padiou - ACINQ)

Lightning Network Experts on Twitter

  • @starkness - (Elizabeth Stark - Lightning Labs)
  • @roasbeef - (Olaoluwa Osuntokun - Lightning Labs)
  • @stile65 - (Alex Akselrod - Lightning Labs)
  • @bitconner - (Conner Fromknecht - Lightning Labs)
  • @johanth - (Johan Halseth - Lightning Labs)
  • @bvu - (Bryan Vu - Lightning Labs)
  • @rusty_twit - (Rusty Russell - Blockstream)
  • @snyke - (Christian Decker - Blockstream)
  • @JackMallers - (Jack Mallers - Zap)
  • @tdryja - (Tadge Dryja - Digital Currency Initiative)
  • @jcp - (Joseph Poon)
  • @alexbosworth - (Alex Bosworth - yalls.org)

Medium Posts

Learning Resources

Books

Desktop Interfaces

Web Interfaces

Tutorials and resources

Lightning on Testnet

Lightning Wallets

Place a testnet transaction

Altcoin Trading using Lightning

  • ZigZag - Disclaimer You must trust ZigZag to send to Target Address

Lightning on Mainnet

Warning - Testing should be done on Testnet

Atomic Swaps

Developer Documentation and Resources

Lightning implementations

  • LND - Lightning Network Daemon (Golang)
  • eclair - A Scala implementation of the Lightning Network (Scala)
  • c-lightning - A Lightning Network implementation in C
  • lit - Lightning Network node software (Golang)
  • lightning-onion - Onion Routed Micropayments for the Lightning Network (Golang)
  • lightning-integration - Lightning Integration Testing Framework
  • ptarmigan - C++ BOLT-Compliant Lightning Network Implementation [Incomplete]

Libraries

Lightning Network Visualizers/Explorers

Testnet

Mainnet

Payment Processors

  • BTCPay - Next stable version will include Lightning Network

Community

Slack

IRC

Slack Channel

Discord Channel

Miscellaneous

⚡ Lightning FAQs ⚡

If you can answer please PM me and include source if possible. Feel free to help keep these answers up to date and as brief but correct as possible
Is Lightning Bitcoin?
Yes. You pick a peer and after some setup, create a bitcoin transaction to fund the lightning channel; it’ll then take another transaction to close it and release your funds. You and your peer always hold a bitcoin transaction to get your funds whenever you want: just broadcast to the blockchain like normal. In other words, you and your peer create a shared account, and then use Lightning to securely negotiate who gets how much from that shared account, without waiting for the bitcoin blockchain.
Is the Lightning Network open source?
Yes, Lightning is open source. Anyone can review the code (in the same way as the bitcoin code)
Who owns and controls the Lightning Network?
Similar to the bitcoin network, no one will ever own or control the Lightning Network. The code is open source and free for anyone to download and review. Anyone can run a node and be part of the network.
I’ve heard that Lightning transactions are happening “off-chain”…Does that mean that my bitcoin will be removed from the blockchain?
No, your bitcoin will never leave the blockchain. Instead your bitcoin will be held in a multi-signature address as long as your channel stays open. When the channel is closed; the final transaction will be added to the blockchain. “Off-chain” is not a perfect term, but it is used due to the fact that the transfer of ownership is no longer reflected on the blockchain until the channel is closed.
Do I need a constant connection to run a lightning node?
Not necessarily,
Example: A and B have a channel. 1 BTC each. A sends B 0.5 BTC. B sends back 0.25 BTC. Balance should be A = 0.75, B = 1.25. If A gets disconnected, B can publish the first Tx where the balance was A = 0.5 and B = 1.5. If the node B does in fact attempt to cheat by publishing an old state (such as the A=0.5 and B=1.5 state), this cheat can then be detected on-chain and used to steal the cheaters funds, i.e., A can see the closing transaction, notice it's an old one and grab all funds in the channel (A=2, B=0). The time that A has in order to react to the cheating counterparty is given by the CheckLockTimeVerify (CLTV) in the cheating transaction, which is adjustable. So if A foresees that it'll be able to check in about once every 24 hours it'll require that the CLTV is at least that large, if it's once a week then that's fine too. You definitely do not need to be online and watching the chain 24/7, just make sure to check in once in a while before the CLTV expires. Alternatively you can outsource the watch duties, in order to keep the CLTV timeouts low. This can be achieved both with trusted third parties or untrusted ones (watchtowers). In the case of a unilateral close, e.g., you just go offline and never come back, the other endpoint will have to wait for that timeout to expire to get its funds back. So peers might not accept channels with extremely high CLTV timeouts. -- Source
What Are Lightning’s Advantages?
Tiny payments are possible: since fees are proportional to the payment amount, you can pay a fraction of a cent; accounting is even done in thousandths of a satoshi. Payments are settled instantly: the money is sent in the time it takes to cross the network to your destination and back, typically a fraction of a second.
Does Lightning require Segregated Witness?
Yes, but not in theory. You could make a poorer lightning network without it, which has higher risks when establishing channels (you might have to wait a month if things go wrong!), has limited channel lifetime, longer minimum payment expiry times on each hop, is less efficient and has less robust outsourcing. The entire spec as written today assumes segregated witness, as it solves all these problems.
Can I Send Funds From Lightning to a Normal Bitcoin Address?
No, for now. For the first version of the protocol, if you wanted to send a normal bitcoin transaction using your channel, you have to close it, send the funds, then reopen the channel (3 transactions). In future versions, you and your peer would agree to spend out of your lightning channel funds just like a normal bitcoin payment, allowing you to use your lightning wallet like a normal bitcoin wallet.
Can I Make Money Running a Lightning Node?
Not really. Anyone can set up a node, and so it’s a race to the bottom on fees. In practice, we may see the network use a nominal fee and not change very much, which only provides an incremental incentive to route on a node you’re going to use yourself, and not enough to run one merely for fees. Having clients use criteria other than fees (e.g. randomness, diversity) in route selection will also help this.
What is the release date for Lightning on Mainnet?
Lightning is already being tested on the Mainnet Twitter Link but as for a specific date, Jameson Lopp says it best
Would there be any KYC/AML issues with certain nodes?
Nope, because there is no custody ever involved. It's just like forwarding packets. -- Source
What is the delay time for the recipient of a transaction receiving confirmation?
Furthermore, the Lightning Network scales not with the transaction throughput of the underlying blockchain, but with modern data processing and latency limits - payments can be made nearly as quickly as packets can be sent. -- Source
How does the lightning network prevent centralization?
Bitcoin Stack Exchange Answer
What are Channel Factories and how do they work?
Bitcoin Stack Exchange Answer
How does the Lightning network work in simple terms?
Bitcoin Stack Exchange Answer
How are paths found in Lightning Network?
Bitcoin Stack Exchange Answer
How would the lightning network work between exchanges?
Each exchange will get to decide and need to implement the software into their system, but some ideas have been outlined here: Google Doc - Lightning Exchanges
Note that by virtue of the usual benefits of cost-less, instantaneous transactions, lightning will make arbitrage between exchanges much more efficient and thus lead to consistent pricing across exchange that adopt it. -- Source
How do lightning nodes find other lightning nodes?
Stack Exchange Answer
Does every user need to store the state of the complete Lightning Network?
According to Rusty's calculations we should be able to store 1 million nodes in about 100 MB, so that should work even for mobile phones. Beyond that we have some proposals ready to lighten the load on endpoints, but we'll cross that bridge when we get there. -- Source
Would I need to download the complete state every time I open the App and make a payment?
No you'd remember the information from the last time you started the app and only sync the differences. This is not yet implemented, but it shouldn't be too hard to get a preliminary protocol working if that turns out to be a problem. -- Source
What needs to happen for the Lightning Network to be deployed and what can I do as a user to help?
Lightning is based on participants in the network running lightning node software that enables them to interact with other nodes. This does not require being a full bitcoin node, but you will have to run "lnd", "eclair", or one of the other node softwares listed above.
All lightning wallets have node software integrated into them, because that is necessary to create payment channels and conduct payments on the network, but you can also intentionally run lnd or similar for public benefit - e.g. you can hold open payment channels or channels with higher volume, than you need for your own transactions. You would be compensated in modest fees by those who transact across your node with multi-hop payments. -- Source
Is there anyway for someone who isn't a developer to meaningfully contribute?
Sure, you can help write up educational material. You can learn and read more about the tech at http://dev.lightning.community/resources. You can test the various desktop and mobile apps out there (Lightning Desktop, Zap, Eclair apps). -- Source
Do I need to be a miner to be a Lightning Network node?
No -- Source
Do I need to run a full Bitcoin node to run a lightning node?
lit doesn't depend on having your own full node -- it automatically connects to full nodes on the network. -- Source
LND uses a light client mode, so it doesn't require a full node. The name of the light client it uses is called neutrino
How does the lightning network stop "Cheating" (Someone broadcasting an old transaction)?
Upon opening a channel, the two endpoints first agree on a reserve value, below which the channel balance may not drop. This is to make sure that both endpoints always have some skin in the game as rustyreddit puts it :-)
For a cheat to become worth it, the opponent has to be absolutely sure that you cannot retaliate against him during the timeout. So he has to make sure you never ever get network connectivity during that time. Having someone else also watching for channel closures and notifying you, or releasing a canned retaliation, makes this even harder for the attacker. This is because if he misjudged you being truly offline you can retaliate by grabbing all of its funds. Spotty connections, DDoS, and similar will not provide the attacker the necessary guarantees to make cheating worthwhile. Any form of uncertainty about your online status acts as a deterrent to the other endpoint. -- Source
How many times would someone need to open and close their lightning channels?
You typically want to have more than one channel open at any given time for redundancy's sake. And we imagine open and close will probably be automated for the most part. In fact we already have a feature in LND called autopilot that can automatically open channels for a user.
Frequency will depend whether the funds are needed on-chain or more useful on LN. -- Source
Will the lightning network reduce BTC Liquidity due to "locking-up" funds in channels?
Stack Exchange Answer
Can the Lightning Network work on any other cryptocurrency? How?
Stack Exchange Answer
When setting up a Lightning Network Node are fees set for the entire node, or each channel when opened?
You don't really set up a "node" in the sense that anyone with more than one channel can automatically be a node and route payments. Fees on LN can be set by the node, and can change dynamically on the network. -- Source
Can Lightning routing fees be changed dynamically, without closing channels?
Yes but it has to be implemented in the Lightning software being used. -- Source
How can you make sure that there will be routes with large enough balances to handle transactions?
You won't have to do anything. With autopilot enabled, it'll automatically open and close channels based on the availability of the network. -- Source
How does the Lightning Network stop flooding nodes (DDoS) with micro transactions? Is this even an issue?
Stack Exchange Answer

Unanswered Questions

How do on-chain fees work when opening and closing channels? Who pays the fee?
How does the Lightning Network work for mobile users?
What are the best practices for securing a lightning node?
What is a lightning "hub"?
How does lightning handle cross chain (Atomic) swaps?

Special Thanks and Notes

  • Many links found from awesome-lightning-network github
  • Everyone who submitted a question or concern!
  • I'm continuing to format for an easier Mobile experience!
submitted by codedaway to Bitcoin [link] [comments]

I have made a Lightning FAQ – Feedback appreciated!

Q: What is the Lightning Network?
A: The Lightning Network is currently under development and will become a decentralized network that enables instant off-chain transfer of bitcoin between counterparties without the need of a trusted third party. The system utilizes bidirectional payment channels that consist of multisignature addresses. One on-chain transaction is needed to open a channel and another on-chain transaction will close the channel. Once a channel is open, value can be transferred instantly between counterparties, who are exchanging normal bitcoin transactions, but without broadcasting them to the bitcoin network. New transactions will replace previous transactions and the counterparties will store everything locally as long as the channel stays open.
Q: Is Lightning open source?
A: Yes, Lightning will be open source. Anyone can review the code just like the bitcoin code.
Q: Who owns and controls the Lightning Network?
A: Similar to the bitcoin network, no one will ever own or control the Lightning Network. The code will be open source and free for anyone to download and review. Anyone who wants will be able to run a node.
Q: Who is behind the Lightning Network?
A: Joseph Poon and Thaddeus Dryja wrote The Lightning white paper. Anyone who wants can contribute with the development of code. Blockstream currently has one employee who is dedicated to Lightning development
Q: Does the LN have its own “Lightning coins”?
A: No, that’s not how the LN works. The LN will be using real bitcoin transactions with actual bitcoins in them
Q: Is the LN dependent on consensus to be implemented?
A: No, the LN builds an additional layer on top of the bitcoin network and is therefore not dependent on consensus in the bitcoin network itself.
Q: I have heard that there will be some fees involved in the LN, who will be collecting those fees?
A: Potentially everyone who runs a Lightning-node. Example: Alice wants to send money to Carol, but Alice doesn’t have an open channel with Carol. But Alice has an open channel with Bob, and Bob has an open channel with Carol. Instead of opening a new channel with Carol, Alice can route the payment trough Bob: Alice - Bob - Carol. In this scenario Bob might take a small fee.
Q: Will there be any custodial risk in the Lightning Network? Do I have to trust anyone else to hold my money?
A: No, the system is not based on trust; you remain in full control of your money. If anything goes wrong you simply broadcast your state to the bitcoin blockchain and all your money is returned to you.
Q: Does the Lightning Network have its own blockchain?
A: No, Lightning is dependent on the bitcoin blockchain. On-chain bitcoin transactions are needed to open and to close “channels” between peers (nodes) in the system. Once a channel is open, bitcoin can be sent off-chain in both directions within the channel. The transactions inside a channel are real bitcoin transactions, but they are not broadcasted to the bitcoin network as long as the channel stays open. Instead those involved store the transactions locally. This enables instant transactions and a near unlimited capacity within a channel.
Q: Will there be any form of mining in the Lightning Network?
A: No, security is provided by the bitcoin miners in underlying bitcoin network
Q: Where can I find more information about Lightning?
A: http://lightning.network/
https://letstalkbitcoin.com/blog/post/lets-talk-bitcoin-286-drinks-on-a-lightning-network
https://letstalkbitcoin.com/blog/post/the-lightning-network-elidhdicacs
submitted by ABrandsen to Bitcoin [link] [comments]

Have made large improvements to my Lightning FAQ. Added more Qs and As. Submitted to GitHub

I would like to thank the community of bitcoin for the valuable feedback I received after posting my initial draft for a Lightning FAQ!
Below you will find a largely improved version with several new questions and answers.
The FAQ have also been made available on GitHub: https://github.com/norgesbitcoinforening/lightning-faq
All feedback is still greatly appreciated!
Q 1: What is the Lightning Network?
A: The Lightning Network is currently under development. It will become a decentralized network that enables instant off-chain transfer of the ownership bitcoin, without the need of a trusted third party. The system utilizes bidirectional payment channels that consist of multi-signature addresses. One on-chain transaction is needed to open a channel and another on-chain transaction can close the channel. Once a channel is open, value can be transferred instantly between counterparts, who are exchanging real bitcoin transactions, but without broadcasting them to the bitcoin network. New transactions will replace previous transactions and the counterparts will store everything locally as long as the channel stays open.
Q 2: Is the Lightning Network open source?
A: Yes, Lightning is open source. Anyone can review the code, just in the same way as the bitcoin code.
Q 3: Who owns and controls the Lightning Network?
A: Similar to the bitcoin network, no one will ever own or control the Lightning Network. The code is open source and free for anyone to download and review. Anyone can run a node and be part of the network.
Q 4: Who are the inventors of the Lightning Network?
A: Joseph Poon and Thaddeus Dryja wrote The Lightning white paper. Lightning is an open source project so anyone is free to contribute with code. There are currently 5 independent implementations under development:
Lightning Network Daemon: https://github.com/lightningnetwork/lnd
Blockstream's C lightning: Blockstream currently have two employees who are dedicated to Lightning development.
Blockchain’s Thunder network
ACINQ have successfully implemented Bitfury's Flare routing algorithm into Eclair, and tested it on a live network of 2500 servers
Amiko Pay
Q 5: Does the Lightning Network have its own “Lightning coins”?
A: No, that’s not how it works. A Lightning Network will be using real bitcoin transactions with actual bitcoins in them
Q 6: Is the Lightning Network dependent on consensus to be implemented?
A: No, a Lightning Network builds an additional layer on top of the bitcoin network. Therefore it is not dependent on consensus in the bitcoin network itself.
Q 7: Will there be any form of custodian risk in a Lightning Network? Do I need to trust anyone to hold my money on my behalf?
A: No, this system is not based on trust; you remain in full control of your money. If anything goes wrong you simply broadcast the latest state of your channel as a normal on-chain bitcoin transaction. All your money will be returned to your address, and it will be recorded on the blockchain as a normal on-chain bitcoin transaction.
Q 8: I’ve heard that Lightning transactions is happening “off-chain”...Does that mean that my bitcoins will be removed from the blockchain?
A: No, your coins will never leave the blockchain. Instead your coins will be held in a multi-signature address as long as your channel stays open. “Off-chain” is not a perfect term, but it is used due to the fact that the transfer of ownership is no longer reflected on the blockchain.
Q 9: I’ve heard that the Lightning Network will require my bitcoins to be locked up... You do realize that no one wants their bitcoins to be locked up?
A: If your interpretation is that Lightning will make your money less accessible, then you are clearly misinformed. The fact is that your money will actually become more accessible when held in a Lightning channel. First of all, you do not need to wait for conformations in a Lightning Network, your money can be moved almost instantly within this network. Second, bringing your money “back on chain” is just as easy as sending a normal bitcoin transaction. You just wait for the first confirmation and your money is no longer “off chain”
The only exception is the rare case that your channel breaks down in the middle of a transaction (counterpart goes offline)
In this exceptional case; you will be subjected to a short time delay before you can spend your money. The length of this delay will vary; depending upon the parameters you have applied to your channel.
Q 10: Will a Lightning Network have its own blockchain?
A: No, Lightning is dependent on the bitcoin blockchain. On-chain bitcoin transactions are needed to open and to close “channels” between peers (nodes) in the network. Once a channel is open, the ownership of bitcoin can be transferred off-chain in both directions. The transactions inside a channel are real bitcoin transactions, but they are not broadcasted to the bitcoin network as long as the channel stays open. Instead those involved in a channel will store the transactions locally. This enables instant transactions and a near unlimited capacity within a Lightning Network.
Q 11: Will there be any form of mining to secure the Lightning Network?
A: No, security is provided by the bitcoin miners in the underlying bitcoin network
Q 12: The main chain of bitcoin is secured by a hash rate of 2 ExaHash/s, but a Lightning Network doesn't have any hash rate at all... So how can a Lightning Network be as secure as the main chain?
A: The security in a Lightning Network is extracted from the underlying Bitcoin Network. A Lightning Network cannot operate on its own; it is completely dependent on the underlying bitcoin network for security.
Basically the bitcoin network takes the role as a safety net underneath the Lightning Network. If something goes wrong in a Lightning channel (like your counterpart going offline) you will always have the option to fall back into the safety-net. (You simply broadcast the latest state of your channel as a normal on-chain bitcoin transaction)
Q 13: Does a Lightning Network have its own public ledger or some sort of database of all transactions?
A: No, a Lightning Network does not have its own ledger and there is no database. Holding value on a Lightning Network means that you are in possession of double-signed transactions. The transactions are valid, but they are not yet broadcasted to the Bitcoin Network. The transactions you are holding are of the 2 of 2 multi-signature type. Both you and your counterpart will sign, and you will both store the transactions locally.
These transactions will use a multi-signature address as their input (the funding address) and they will point at two different addresses for their output. One output is pointing to an address that only you can control, and the other output is pointing to an address that only your counterpart can control.
Q 14: How can you say that the Lightning Network is using real bitcoin transactions? You do realize that it’s not a real bitcoin transaction if it’s not recorded on the blockchain?
Short A: To understand this we first need to understand what a bitcoin transaction really is… The fact is; That there are no “coins” in Bitcoin… There are only signed messages and updates to the blockchain.
So lets say that Alice is sending 1 bitcoin to Bob… We call this a per-to-per transaction due to the fact that the ownership of value is transferred directly from Alice to Bob. But Bob does not actually receive a “digital coin” from Alice. The thing that in reality is happening; is that all the nodes in the network will update their local copy of the public ledger. The public ledger is updated so that; the “coin” that was before registered in an address controlled by Alice, is now instead registered in an address controlled by Bob.
Long A: The bitcoin transaction that Alice is sending to Bob, is in reality just a signed message that Alice is broadcasting to everybody. The message is not only received by Bob, but it is broadcasted to all the nodes in the network.
At the time of writing there are more than 5400 so called “full nodes” in the bitcoin network. The following steps illustrates the process that takes place when Alice is sending a bitcoin transaction to Bob:
  1. When Alice is broadcasting her signed message (= bitcoin transaction), it will be picked up by some of the full nodes in the network.
  2. These nodes will independently validate the message (transaction) in accordance with the consensus rules. If the nodes find the message to be valid; they will broadcast the message again so that it can be picked up by other nodes on the network.
  3. Some other nodes on the network pick up the message, and this process continues until all 5400 nodes have independently validated and re-broadcasted the message (transaction)
  4. At some point a miner will succeed in constructing a valid block that includes the message (transaction) from Alice. To make this happen the miner must bear the cost of an enormous amount of electricity.
  5. The miner will now broadcast this newly found block. The new block will be picked up by some of the full nodes. The nodes will independently validate the block and all its content. By doing this they are also validating the message (transaction) from Alice for a second time. If the nodes find the block to be valid (in accordance with the consensus rules) they will broadcast the block again so that other nodes can also receive the block.
  6. Other nodes will pick up the block, validate and broadcast. This process continues until all the nodes in the network have independently validated the block and thereby also validated the message (transaction) from Alice for a second time.
The six steps above demonstrate that a normal bitcoin transaction from Alice to Bob actually involves everyone on the network. The message is independently validated two times by 5400 nodes (= 10 800 validations)
Despite this we are still calling it a “per-to-per transaction” because the actual ownership of value is transferred directly from Alice to Bob* (*But everyone still needs to help by updating their local copy of the ledger)
Conclusion: A bitcoin transaction is just a signed message.
So lets say that Alice wants to send 1 bitcoin to Bob within a Lightning Channel. Alice is storing some of her money in a “2 of 2” multi-signature address. Alice and Bob will both sign a message that transfers the ownership of 1 bitcoin from Alice to Bob. This message is a valid bitcoin transaction, but it is not broadcasted to the bitcoin network.
Instead Alice and Bob both store the transaction (message) locally.
From Bob’s point of view this “double-signed message” has a monetary value of 1 bitcoin. The monetary value of 1 bitcoin comes from the fact that Bob can spend the money on-chain at any time by simply broadcasting the message to the bitcoin network.
Bitcoin transaction = Signed message = Lightning transaction
The purpose of any monetary transaction is to change the ownership of value. In the bitcoin network we change the ownership of value by the use of signed messages
A Lightning transaction is a double-signed message, therefore a Lightning transaction is a real bitcoin transaction
Q 15: I have heard that there will be some fees involved in the Lightning Network.. Who will be collecting those fees?
A: Potentially anyone who is running a Lightning-node. Example: Alice wants to send money to Carol, but Alice does not have an open channel with Carol. But Alice has an open channel with Bob, and Bob has an open channel with Carol. Instead of opening a new channel with Carol, Alice can route the payment trough Bob: Alice - Bob - Carol.
In this scenario it is possible for Bob to take a small fee.
16 Q: In the above scenario; what is preventing Bob from just stealing the money in transit?
Short A: Bob is actually paying out to Carol first, and then afterwards Bob will get his money back from Alice.
Long A: 1. Carol starts the process by producing a random number ( R ) that she will keep as a temporary secret.
  1. Carol then generates a hash ( H ) of R
  2. Carol gives H to Alice
  3. Alice constructs a special transaction that can transfer money from Alice to Bob. But this transaction is only valid if R is included. At this point the transaction is not valid due to the lack of R. Alice also gives H to Bob, and Bob knows that H is the hash of the missing component R.
  4. Bob will now construct another special transaction that can transfer the money from Bob to Carol. But this transaction is also only valid if R is included. At this point the transaction is not valid since Bob does not have access R.
  5. Carol wants her money, so she reveals R to Bob; thereby making the transaction valid.
  6. Since Bob is already in possession of the transaction made by Alice, he can just include R and that transaction also becomes valid. Bob knows that he has been given the correct R because he can check that H is the hash of R.
  7. At the same time Bob also reveals R to Alice. Alice can now use R as proof that she has paid Carol (R becomes the receipt)
Q 17: Where can I find more information about Lightning?
A: http://lightning.network/
https://letstalkbitcoin.com/blog/post/lets-talk-bitcoin-286-drinks-on-a-lightning-network
https://letstalkbitcoin.com/blog/post/the-lightning-network-elidhdicacs
https://github.com/lightningnetwork/lightning-rfc/blob/maste00-introduction.md
https://www.youtube.com/watch?v=8zVzw912wPo
submitted by ABrandsen to Bitcoin [link] [comments]

DAG (Directed Acyclic Graph) - A competitor to Blockchain!

DAG (Directed Acyclic Graph) - A competitor to Blockchain!
DAG:
Directed Acyclic Graph (DAG) is an outline which is more expressive than an absolutely linear model. A DAG is an information or data structure which can be utilized to demonstrate diverse problems. It is an acyclic graph in topological ordering. Each directed edge has a certain order followed by the node. Every DAG starts from a node that has no parents and end with one that has no kids. These graphs are never cyclic. A DAG comprises of a set of nodes and arrows where arrows are directed from one node to another.
In simpler terms, DAG is a graph that flows in one direction and elements cannot refer back to themselves. Hence, DAGs are not cyclic.

https://preview.redd.it/r9esxuna13u11.png?width=574&format=png&auto=webp&s=ab5e8ed3b3bdeed586dfa8d8d94e9b2f93569e89
DAG’s components:
  • Nodes or Vertices. Every node represents some information.
  • Arrows or Directed edges. A coordinated edge starting with one node to another depicts some sort of connection between those two nodes. Arrows in a DAG may not frame a cycle.
  • A root node. One of the nodes will have no predecessor. This is the base of the DAG. It is also called a zero node.
  • Leaf node. Some nodes will have no assessors. These are called leaves or leaf nodes.

https://preview.redd.it/mlcakyrc13u11.png?width=504&format=png&auto=webp&s=141f90075c6b10680e04a49198929df2a595e5b7
DAGs in Cryptos:
Did you hear the term DAG coins and thought it’s a name of a new crypto? If yes, then you are probably close to the idea… Actually all digital coins that make use of DAG (directed acyclic graphs) are called DAG coins.
The basic purpose of blockchain based cryptocurrencies was to provide a decentralized, scalable, robust and a fast replacement for financial transactions across multiple mediums. As a matter of fact, all the credit for such a revolutionary idea goes to blockchain. But, is blockchain efficient enough to provide all of this?
Well, not so far. Blockchain has limitations in speed-TPS and scalability- size of the block, Interoperability, and Sustainability.
Many crypto makers are now looking forward to implement DAG instead of blockchain to achieve a different work structure than that of blockchain. DAGs can enable multiple nodes to exist at the same time for recording transactions while in blockchain only one block is used for recording transactions (two blocks cannot exist simultaneously) at a time and a new block is created about every 10 minutes. The blockchain system based on POW slows down due to the miners competing over mining every next block.
DAG can overcome the single chain issue of blockchain by enable multiple chains to exist on the system simultaneously. It may make block less distributed records another standard in the realm of crypto.
DAG or Blockchain:
Blockchains sequential structure hinders significantly the transaction throughput. If the time of mining remains untouched a DAG of blocks can extend the storage by X times with X blocks on the network at the same time. The blend of blockchain with DAG still originates from side-chains. Distinctive sorts of transactions are running on various chains all at the same time. DAG of blocks still depends on the idea of blocks.
It is different from Blockchain. Blockchain is actually a cryptographically verifiable list of records of things that have happened in the past. It has a linked list data structure and every new entry is linked to the previous one such that you can verify it back to the beginning of history. This is how the blockchain is established. This flat sequential nature is the drawback that is apparent in Bitcoin. That is when the scaling issues arise. Even if you increase the size of the block or increase the speed of the new blocks’ creation making it more rapid, still there are a lot of trade-offs.
DAG based cryptocurrencies actually suggest to turn to a completely new data structure altogether. DAG is a completely different form of data structure. It follows a linked graphic data structure where the links are unidirectional. Acyclic means that the nodes cannot refer back to themselves and hence cannot loop. It simply acts as a flow chart where all information is flowing in one direction. It can have multiple parallel nodes that might join back at a single node. You may also relate it to a file directory structure.
The benefit is that every node and arrow does not need to be sequential by nature.
Differences that exist in DAG are:
  • Due to its block less nature, the transactions run directly into the DAG networks hence the speed of transactions increase.
  • There are no miners on DAG systems. The approval of exchanges goes straight to the exchanges themselves. This implies exchanges occur instantly.
  • As assumed, the DAG network picks an existing later exchange to connect to when new transactions occur. The objective is to keep the system width inside a specific range that can ensure speedy transaction approval.
  • DAG will be utilized for applications that require adaptability for thousands of exchanges every second.
Merits/ Advantages of using DAG:
  • More flexible and communicative.
  • No transaction fee
  • Higher scalability
  • Everyone is responsible for both issuing and validating transactions.
  • Network can easily scale
  • More adoption and usage
  • Valuable in machine-to-machine interactions
  • As the size of the network increases, the speed increases too.
  • Quantum resistant
Detriments/ Disadvantages of using DAG:
  • Needs a lot of traffic for its functioning
  • Decrease in network traffic enhances network’s vulnerability to attacks
  • Transaction propagation latency
  • Accumulation of unconfirmed transactions
  • Centralized nature
  • Unproven at a large scale
Implementation Examples:
  • In Ethereum, a DAG is created in every epoch using a version of the Dagger-Hashimoto Algorithm combining Vitalik Buterin's Dagger algorithm and Thaddeus Dryja's Hashimoto algorithm.
  • The Dagger algorithm works by producing a directed acyclic graph with ten levels including the root and a total of 2^25 - 1 values.
  • Ancestry trees are actually DAGs.
Some major projects implementing DAG are:
  • IOTA:

https://preview.redd.it/z74wdrve13u11.png?width=209&format=png&auto=webp&s=d80850b725a870d72eac8029422c1416765ae381
One of the most commonly known DAG coin is IOTA. They call their DAG Tangle. It removes miners completely from the verification process. For broadcasting every transaction you have to validate two previous transactions in order to get their transactions processed. Everybody is participating in the consensus which makes it even more decentralized. The name itself refers to the term IoT- internet of the things.
MIT disclosed a number of mistakes in this data structure and functioning. IOTA would take only 33% of the network power (number of nodes and some amount of PoW attached to every transaction) in order to generate an attack. In such a small network, that IOTA is currently, it won’t be very hard to achieve. Currently they have a central system to validate all transactions which is claimed to be only for the time being but it eliminates decentralization from the system. Currently people claim that IOTA is slow to use. That’s because they don’t have enough full nodes out there to process all the transactions. The network still needs to grow enough to become effusively decentralized.
  • Byteball:

https://preview.redd.it/8a7i9hog13u11.png?width=269&format=png&auto=webp&s=d7113b126619fac416431d7db0693ab830971ccd
It uses a DAG in the place of a traditional Blockchain. Their main net has been out longer than that of IOTA and is similarly a DAG based coin. It has a native currency called Bytes but it does not completely get rid of transaction fee as IOTA does. They have transactions fees implied to avoid scams. Their data structure is very similar to that of IOTA. Here the difference is that you have to pay a fee which will be awarded to the 12 witnesses who are responsible for verifying all the transactions. It eliminates the need to have everybody involved in the verification process. They allow you to achieve more than what you could achieve with IOTA. It has a conditional payment platform is not very robust. They have their privacy coins on the network as well for those who prefer privacy. They have enabled instant messaging systems in their wallets too. It still lacks decentralization as all the validation will be done by the 12 witnesses who will know the real life identities of people as well. They are trying to achieve too much at once which might end up worse. This implementation of DAG is only of a centralized computerized payment system.
  • Raiblocks:

https://preview.redd.it/p18rrwei13u11.png?width=266&format=png&auto=webp&s=b30536e63e613fd1dc69d26d158623402321c088
It is an almost instant, fee-less and infinitely scalable medium for transactions. It also has no miners hence no transaction fee. It has public non-shared ledgers. Every individual has their own block (similar to blockchain) which they verify themselves. This implements PoS called “Balance of vote”. It is an open source project. They have no pre-miners and no ICOs. They have their network and wallet established. The hashing Algorithm this uses is SHA3/Blake2, ED25519 elliptical curve. It is providing unlimited transaction throughput with zero network fees. The problem is that they have a small team hence it is not well developed. This coin is innovative but implements new technology which could produce its own set of problems as it scales.
  • Fantom Foundation

https://preview.redd.it/p1f3mo0k13u11.png?width=289&format=png&auto=webp&s=e71f90629b4e5eb7f9839c87e692f36f0ad36dac
Fantom claims the world’s first DAG based smart contract. It implements the architecture of DAG in the distributed ledger technology. It resolves the issue of speed and scalability present in today's blockchain based smart contracts. It can enable 300,000 transactions per second with fee less than a cent. The transactions will be made asynchronously with instant confirmations. It is aimed to be infinitely scalable. This system will have a lot of bonuses and transparency for trust. It has broad applications in the current market from food-technology to IoT. They call their DAG Opera Chain. It supports verification of people, community management and financial services etc. They use Fantom Virtual Machine (FVM) which will allow executive smart contract bi-code efficiency across all operating systems. The project aims to improve on newer blockchain platforms that are also DAG-based such as IOTA, Nano, Byteball etc. These platforms improve on current blockchain scalability as nodes are designed to process transactions asynchronously.
Fantom differentiates itself by incorporating smart contract DAPP infrastructure into a DAG-based platform so that it offers instant payment, near zero cost (under $0.01 from one wallet to another), and infinite processing scalability.
We do not have any knowledge of successful implementation of DAG as claimed by many projects though it is promising and looks useful for crypto ecosystem.
submitted by rnssol to AllAboutRNS [link] [comments]

Have made large improvements to my Lightning FAQ. Added more Qs and As. Submitted to GitHub

I would like to thank the community of bitcoin for the valuable feedback I received after posting my initial draft for a Lightning FAQ!
Below you will find a largely improved version with several new questions and answers.
The FAQ have also been made available on GitHub: https://github.com/norgesbitcoinforening/lightning-faq
All feedback is still greatly appreciated!
Q 1: What is the Lightning Network?
A: The Lightning Network is currently under development. It will become a decentralized network that enables instant off-chain transfer of the ownership bitcoin, without the need of a trusted third party. The system utilizes bidirectional payment channels that consist of multi-signature addresses. One on-chain transaction is needed to open a channel and another on-chain transaction can close the channel. Once a channel is open, value can be transferred instantly between counterparts, who are exchanging real bitcoin transactions, but without broadcasting them to the bitcoin network. New transactions will replace previous transactions and the counterparts will store everything locally as long as the channel stays open.
Q 2: Is the Lightning Network open source?
A: Yes, Lightning is open source. Anyone can review the code, just in the same way as the bitcoin code.
Q 3: Who owns and controls the Lightning Network?
A: Similar to the bitcoin network, no one will ever own or control the Lightning Network. The code is open source and free for anyone to download and review. Anyone can run a node and be part of the network.
Q 4: Who are the inventors of the Lightning Network?
A: Joseph Poon and Thaddeus Dryja wrote The Lightning white paper. Lightning is an open source project so anyone is free to contribute with code. There are currently 5 independent implementations under development:
Blockstream's C lightning: Blockstream currently have two employees who are dedicated to Lightning development.
Blockchain’s Thunder network
ACINQ have successfully implemented Bitfury's Flare routing algorithm into Eclair, and tested it on a live network of 2500 servers
Amiko Pay
KimDotCom's BitCache lightning network (confirmation needed, I’m not sure about this one)
Q 5: Does the Lightning Network have its own “Lightning coins”?
A: No, that’s not how it works. A Lightning Network will be using real bitcoin transactions with actual bitcoins in them
Q 6: Is the Lightning Network dependent on consensus to be implemented?
A: No, a Lightning Network builds an additional layer on top of the bitcoin network. Therefore it is not dependent on consensus in the bitcoin network itself.
Q 7: Will there be any form of custodian risk in a Lightning Network? Do I need to trust anyone to hold my money on my behalf?
A: No, this system is not based on trust; you remain in full control of your money. If anything goes wrong you simply broadcast the latest state of your channel as a normal on-chain bitcoin transaction. All your money will be returned to your address, and it will be recorded on the blockchain as a normal on-chain bitcoin transaction.
Q 8: I’ve heard that Lightning transactions is happening “off-chain”...Does that mean that my bitcoins will be removed from the blockchain?
A: No, your coins will never leave the blockchain. Instead your coins will be held in a multi-signature address as long as your channel stays open. “Off-chain” is not a perfect term, but it is used due to the fact that the transfer of ownership is no longer reflected on the blockchain.
Q 9: I’ve heard that the Lightning Network will require my bitcoins to be locked up... You do realize that no one wants their bitcoins to be locked up?
A: If your interpretation is that Lightning will make your money less accessible, then you are clearly misinformed. The fact is that your money will actually become more accessible when held in a Lightning channel. First of all, you do not need to wait for conformations in a Lightning Network, your money can be moved almost instantly within this network. Second, bringing your money “back on chain” is just as easy as sending a normal bitcoin transaction. You just wait for the first confirmation and your money is no longer “off chain”
The only exception is the rare case that your channel breaks down in the middle of a transaction (counterpart goes offline)
In this exceptional case; you will be subjected to a short time delay before you can spend your money. The length of this delay will vary; depending upon the parameters you have applied to your channel.
Q 10: Will a Lightning Network have its own blockchain?
A: No, Lightning is dependent on the bitcoin blockchain. On-chain bitcoin transactions are needed to open and to close “channels” between peers (nodes) in the network. Once a channel is open, the ownership of bitcoin can be transferred off-chain in both directions. The transactions inside a channel are real bitcoin transactions, but they are not broadcasted to the bitcoin network as long as the channel stays open. Instead those involved in a channel will store the transactions locally. This enables instant transactions and a near unlimited capacity within a Lightning Network.
Q 11: Will there be any form of mining to secure the Lightning Network?
A: No, security is provided by the bitcoin miners in the underlying bitcoin network
Q 12: The main chain of bitcoin is secured by a hash rate of 2 ExaHash/s, but a Lightning Network doesn't have any hash rate at all... So how can a Lightning Network be as secure as the main chain?
A: The security in a Lightning Network is extracted from the underlying Bitcoin Network. A Lightning Network cannot operate on its own; it is completely dependent on the underlying bitcoin network for security.
Basically the bitcoin network takes the role as a safety net underneath the Lightning Network. If something goes wrong in a Lightning channel (like your counterpart going offline) you will always have the option to fall back into the safety-net. (You simply broadcast the latest state of your channel as a normal on-chain bitcoin transaction)
Q 13: Does a Lightning Network have its own public ledger or some sort of database of all transactions?
A: No, a Lightning Network does not have its own ledger and there is no database. Holding value on a Lightning Network means that you are in possession of double-signed transactions. The transactions are valid, but they are not yet broadcasted to the Bitcoin Network. The transactions you are holding are of the 2 of 2 multi-signature type. Both you and your counterpart will sign, and you will both store the transactions locally.
These transactions will use a multi-signature address as their input (the funding address) and they will point at two different addresses for their output. One output is pointing to an address that only you can control, and the other output is pointing to an address that only your counterpart can control.
Q 14: How can you say that the Lightning Network is using real bitcoin transactions? You do realize that it’s not a real bitcoin transaction if it’s not recorded on the blockchain?
Short A:
To understand this we first need to understand what a bitcoin transaction really is… The fact is; That there are no “coins” in Bitcoin… There are only signed messages and updates to the blockchain.
So lets say that Alice is sending 1 bitcoin to Bob… We call this a per-to-per transaction due to the fact that the ownership of value is transferred directly from Alice to Bob. But Bob does not actually receive a “digital coin” from Alice. The thing that in reality is happening; is that all the nodes in the network will update their local copy of the public ledger. The public ledger is updated so that; the “coin” that was before registered in an address controlled by Alice, is now instead registered in an address controlled by Bob.
Long A:
The bitcoin transaction that Alice is sending to Bob, is in reality just a signed message that Alice is broadcasting to everybody. The message is not only received by Bob, but it is broadcasted to all the nodes in the network.
At the time of writing there are more than 5400 so called “full nodes” in the bitcoin network. The following steps illustrates the process that takes place when Alice is sending a bitcoin transaction to Bob:
  1. When Alice is broadcasting her signed message (= bitcoin transaction), it will be picked up by some of the full nodes in the network.
  2. These nodes will independently validate the message (transaction) in accordance with the consensus rules. If the nodes find the message to be valid; they will broadcast the message again so that it can be picked up by other nodes on the network.
  3. Some other nodes on the network pick up the message, and this process continues until all 5400 nodes have independently validated and re-broadcasted the message (transaction)
  4. At some point a miner will succeed in constructing a valid block that includes the message (transaction) from Alice. To make this happen the miner must bear the cost of an enormous amount of electricity.
  5. The miner will now broadcast this newly found block. The new block will be picked up by some of the full nodes. The nodes will independently validate the block and all its content. By doing this they are also validating the message (transaction) from Alice for a second time. If the nodes find the block to be valid (in accordance with the consensus rules) they will broadcast the block again so that other nodes can also receive the block.
  6. Other nodes will pick up the block, validate and broadcast. This process continues until all the nodes in the network have independently validated the block and thereby also validated the message (transaction) from Alice for a second time.
The six steps above demonstrate that a normal bitcoin transaction from Alice to Bob actually involves everyone on the network. The message is independently validated two times by 5400 nodes (= 10 800 validations)
Despite this we are still calling it a “per-to-per transaction” because the actual ownership of value is transferred directly from Alice to Bob* (*But everyone still needs to help by updating their local copy of the ledger)
Conclusion: A bitcoin transaction is just a signed message.
So lets say that Alice wants to send 1 bitcoin to Bob within a Lightning Channel. Alice is storing some of her money in a “2 of 2” multi-signature address. Alice and Bob will both sign a message that transfers the ownership of 1 bitcoin from Alice to Bob. This message is a valid bitcoin transaction, but it is not broadcasted to the bitcoin network.
Instead Alice and Bob both store the transaction (message) locally.
From Bob’s point of view this “double-signed message” has a monetary value of 1 bitcoin. The monetary value of 1 bitcoin comes from the fact that Bob can spend the money on-chain at any time by simply broadcasting the message to the bitcoin network.
Bitcoin transaction = Signed message = Lightning transaction
The purpose of any monetary transaction is to change the ownership of value. In the bitcoin network we change the ownership of value by the use of signed messages
A Lightning transaction is a double-signed message, therefore a Lightning transaction is a real bitcoin transaction
Q 15: I have heard that there will be some fees involved in the Lightning Network.. Who will be collecting those fees?
A: Potentially anyone who is running a Lightning-node. Example: Alice wants to send money to Carol, but Alice does not have an open channel with Carol. But Alice has an open channel with Bob, and Bob has an open channel with Carol. Instead of opening a new channel with Carol, Alice can route the payment trough Bob: Alice - Bob - Carol.
In this scenario it is possible for Bob to take a small fee.
16 Q: In the above scenario; what is preventing Bob from just stealing the money in transit?
Short A:
Bob is actually paying out to Carol first, and then afterwards Bob will get his money back from Alice.
Long A:
  1. Carol starts the process by producing a random number ( R ) that she will keep as a temporary secret.
  2. Carol then generates a hash ( H ) of R
  3. Carol gives H to Alice
  4. Alice constructs a special transaction that can transfer money from Alice to Bob. But this transaction is only valid if R is included. At this point the transaction is not valid due to the lack of R. Alice also gives H to Bob, and Bob knows that H is the hash of the missing component R.
  5. Bob will now construct another special transaction that can transfer the money from Bob to Carol. But this transaction is also only valid if R is included. At this point the transaction is not valid since Bob does not have access R.
  6. Carol wants her money, so she reveals R to Bob; thereby making the transaction valid.
  7. Since Bob is already in possession of the transaction made by Alice, he can just include R and that transaction also becomes valid. Bob knows that he has been given the correct R because he can check that H is the hash of R.
  8. At the same time Bob also reveals R to Alice. Alice can now use R as proof that she has paid Carol (R becomes the receipt)
Q 17: Where can I find more information about Lightning?
A: http://lightning.network/
https://letstalkbitcoin.com/blog/post/lets-talk-bitcoin-286-drinks-on-a-lightning-network
https://letstalkbitcoin.com/blog/post/the-lightning-network-elidhdicacs
https://github.com/lightningnetwork/lightning-rfc/blob/maste00-introduction.md
https://www.youtube.com/watch?v=8zVzw912wPo
submitted by ABrandsen to btc [link] [comments]

I have made a Lightning FAQ – Feedback appreciated!

Q: What is the Lightning Network?
A: The Lightning Network is currently under development and will become a decentralized network that enables instant off-chain transfer of bitcoin between counterparties without the need of a trusted third party. The system utilizes bidirectional payment channels that consist of multisignature addresses. One on-chain transaction is needed to open a channel and another on-chain transaction will close the channel. Once a channel is open, value can be transferred instantly between counterparties, who are exchanging normal bitcoin transactions, but without broadcasting them to the bitcoin network. New transactions will replace previous transactions and the counterparties will store everything locally as long as the channel stays open.
Q: Is Lightning open source?
A: Yes, Lightning will be open source. Anyone can review the code just like the bitcoin code.
Q: Who owns and controls the Lightning Network?
A: Similar to the bitcoin network, no one will ever own or control the Lightning Network. The code will be open source and free for anyone to download and review. Anyone who wants will be able to run a node.
Q: Who is behind the Lightning Network?
A: Joseph Poon and Thaddeus Dryja wrote The Lightning white paper. Anyone who wants can contribute with the development of code. Blockstream currently has one employee who is dedicated to Lightning development
Q: Does the LN have its own “Lightning coins”?
A: No, that’s not how the LN works. The LN will be using real bitcoin transactions with actual bitcoins in them
Q: Is the LN dependent on consensus to be implemented?
A: No, the LN builds an additional layer on top of the bitcoin network and is therefore not dependent on consensus in the bitcoin network itself.
Q: I have heard that there will be some fees involved in the LN, who will be collecting those fees?
A: Potentially everyone who runs a Lightning-node. Example: Alice wants to send money to Carol, but Alice doesn’t have an open channel with Carol. But Alice has an open channel with Bob, and Bob has an open channel with Carol. Instead of opening a new channel with Carol, Alice can route the payment trough Bob: Alice - Bob - Carol. In this scenario Bob might take a small fee.
Q: Will there be any custodial risk in the Lightning Network? Do I have to trust anyone else to hold my money?
A: No, the system is not based on trust; you remain in full control of your money. If anything goes wrong you simply broadcast your state to the bitcoin blockchain and all your money is returned to you.
Q: Does the Lightning Network have its own blockchain?
A: No, Lightning is dependent on the bitcoin blockchain. On-chain bitcoin transactions are needed to open and to close “channels” between peers (nodes) in the system. Once a channel is open, bitcoin can be sent off-chain in both directions within the channel. The transactions inside a channel are real bitcoin transactions, but they are not broadcasted to the bitcoin network as long as the channel stays open. Instead those involved store the transactions locally. This enables instant transactions and a near unlimited capacity within a channel.
Q: Will there be any form of mining in the Lightning Network?
A: No, security is provided by the bitcoin miners in underlying bitcoin network
Q: Where can I find more information about Lightning?
A: http://lightning.network/
https://letstalkbitcoin.com/blog/post/lets-talk-bitcoin-286-drinks-on-a-lightning-network
https://letstalkbitcoin.com/blog/post/the-lightning-network-elidhdicacs
submitted by ABrandsen to btc [link] [comments]

[Informational] [CC0] Lightening Blockchain Load

Lightning Network

The Lightning Network is a concept proposed by developers Thaddeus Dryja and Joseph Poon to create a network of trust-less payment channels on top of the Bitcoin Blockchain. The goal of this network is to allow for instantaneously secure Bitcoin payments of any amount, no matter how small.

Motivation

The Scalability Problem

From the earliest days of Bitcoin, critics took issue with its scalability characteristics. The very first response to Satoshi Nakamoto's described design was a total rejection of the system as being unable to deal with the enormous capacity demands of the world's economy. This message was the first, but far from the last time the scalability of Bitcoin would be called into question.
The reason for this skepticism is that in computer science, there are well understood system designs and algorithm designs, with vastly different costs. For example when a design calls for searching through a group of words, an adjustment to make the words alphabetically ordered can produce a potentially billion times faster solution. Simply by using a strategy of checking in exponentially reducing half sections, the search is executed at an exponentially reduced cost. The Blockchain is an example of a system in which growth of use does not just grow cost linearly, but instead at an exponentially increasing rate.
The reason for this inefficiency is that when the Blockchain adds a new member who needs to send payments, the new member incurs a cost on all the other members who have a need to fully validate payments. All fully validating members of the Blockchain must sync and validate everything all other members produce. From the perspective of the total system, this means that the total system cost is increasing as a power of two, the polar opposite outcome of what a more ideally scalable and efficient algorithm would yield.

Scalability Solutions

Satoshi Nakamoto realized this deficiency in his original proposal, and came up with a proposed solution. His idea was to reduce the operative mode of validation to be scoped to a user, for users who had less need to validate. Since additional members only incurred costs on validating members, skipping validation from some clients would mean that the impact of adding members was more limited, to be borne only by those who wished to dependably receive payments, such as merchants.
This method he named Simplified Payments Verification or SPV, and his original outlined plan would present a less secure but still acceptable model for normal consumers because there would be an alerting mechanism for rule breaches that would signify the system was compromised, proactively preventing attacks on consensus rules.
Although long promised, the demands of Bitcoin Core's development meant that Satoshi was never able to deliver on his promised SPV-mode client. Over time others took his ideas and appropriated the SPV name in making their own similar, but not quite equal solutions. Due to wide differences of opinion in the correct methods and workability of SPV mode, a reference project was never created and the alerting system was never crafted. Nevertheless as a working solution many people adopted lower security but more user friendly and less operationally costly wallets, in many varied configurations.
Eventually the efficiencies of SPV came to be seen as only a temporary optimization of the Blockchain design. Instead of solving the exponential cost of the Blockchain system, SPV clients could only slow the cost increases. The lack of an alerting system and other faults of SPV meant that anyone receiving payments could not rely on it, muting the model's positive impact on the total system scalability cost. SPV's dependency on miner validation made miner centralization concerns more pronounced.
The validation cost burden on merchants and on the overall system began to have secondary negative effects, such as contributing directly to mining centralization by giving outsize advantages to miners with economies of scale. The high cost of a full node contributed to merchant validation centralization by creating an increasingly high cost to validate payments. Many efforts were made to optimize against these increasing costs, but the fundamental design of the Blockchain meant that an increasing tide of transactions would one day overwhelm any possible optimization that did not address the basic peer broadcasting design.

The End of SPV

Another marked failing of SPV clients proved to be that they could never successfully be secured against financial privacy leakage. This represented a threat to users' personal privacy and even to the overall utility of the currency where all equal denomination coins, no matter their origin, should have close to an equal value.
SPV clients were also seen as unsustainable in a decentralized configuration: since they cannot sync with each other they must make increasing demands on the limited and increasingly costly altruism of the node operators.
SPV could also not provide a solution to another much lamented Blockchain problem: the limitations preventing micro-payments. Early on in Bitcoin's life, to fight floods of small transactions that were called penny-flooding, Satoshi had instituted barriers against very small payments: payments smaller than a tenth of a bitcoin were blocked.
Satoshi also created a prioritization system to improve the Blockchain's reliability for high value payments, a marketplace for transactions in every block, with space being prioritized to the highest value transactions as indicated by fees. This further pushed out very small payments, Satoshi often had to regretfully inform people that micro-payments were not feasible.
In the early years of Bitcoin, Satoshi Nakamoto and the other developers faced many and varied pressing immediate practical operational concerns and development realities of simply keeping the Blockchain reliable, durable and secure. Early plans for scalability and support for broad use-cases gave way to what was seen as the most important use-case: high value transactions with a high level of security and durability against network attack.
Over time the system's long-term scalability, various lower priority use cases, and difficult to implement features like instant settlement were all pushed to be developed outside of the Blockchain on a different layer, called Layer 2. Layer 2 systems would still empower transactions denominated in Bitcoin units and be ultimately settled against the Blockchain, but also be able to avoid offering the same guarantees and functionality as the Blockchain, in order to serve a broader range of use cases.
The Lightning Network is an example of a Layer 2 service: a network service that seeks to provide instant settlement, tiny micro-payments, improved privacy, in a system that is fundamentally built on the Blockchain but also logically separated.

Achieving Lightning

Lightning's solutions are based on a common and long running proposal for how to use the Blockchain to provide for instantly secure and arbitrarily small transactions: payment channels. Payment channels have existed for many years, in both well established theory and as real libraries and projects.
Payment channels are a method of using smart contracts to rapidly trade Bitcoin between two parties, without requiring the Blockchain for more than occasional settlement. The parties create a shared starting balance on the Blockchain and then using signed but un-broadcast transactions rapidly, cheaply, and privately update the balance between them.
Because the funds are locked in a multiple signature smart contract, cooperation with the channel partner is required to spend the funds, however a payment channel smart contract also specifies a timeout that acts an escape if there is a failure of cooperation. There are multiple ways to form these channels, but they all offer the same advantages: instant transactions, arbitrarily small denomination payments, low fees, and transaction privacy, although only between two joined together parties.
The key innovation in Lightning is to take these joined pairs and link them together in a network: pairs passing along funds to each other in a chain until they reach their destinations. This combines the Blockchain's benefit of sending to arbitrary users with all payment channel benefits like instantly secure transactions.

Opening Payment Channels

To open channels in Lightning, a Bitcoin transaction smart contract is published with rules for how deposited funds may be spent. The rules of the transaction essentially specify that funds deposited cannot be spent unless both parties agree, with the exception that one party can unilaterally refund his deposited funds to himself if he is willing to wait for a time delay before re-spending them.
The transaction establishing these rules is called a commitment transaction and a transaction that adds funds into this channel is called a funding transaction. For efficiency, when initiating the channel for the first time both transactions may be folded together into a single Blockchain transaction.
There are two proposed methods for accomplishing Lightning's channel timeout requirement. The first mechanism uses a feature called CLTV that first added to Bitcoin in the soft forking Bitcoin Core version 0.11.2, released in November of 2015. This feature allowed for time-locking funds against a certain date, meaning that channel partners could create fixed future time timeouts for their channels. Using this feature would mean that channels be routinely re-created to bump the timeout window forward.
Another method was also proposed, using a time-locking feature called CSV that was first added to Bitcoin in the soft forking Bitcoin Core version 0.12.1, released in April of 2016. CSV allowed for specifying relative time locking contracts, meaning that channel partners could instead choose their timeout relative to when they executed their channel escape clause, allowing for channels that could remain open indefinitely. Because of this improvement, CSV timeouts were selected as the standard for Lightning payment channels.

Instant Settlement

Lightning payment channels work pretty much like normal payment channels, they pass signed transactions between two parties to update their balance. There is however one unique aspect that allows for routing: a third party involved in a Lightning balance update transaction called an R value. This R value, which is simply a lumping together of information about the movement of funds, allows a transaction between parties to be routable. R values represent hash-able information that can be used as Blockchain presentable proof that funds have been moved across the Lightning Network.
To understand how the R value allows moving money through the interaction of third party Lightning Network actors, it's important to understand that when spending funds on the Blockchain it is not actually the people who authorize funds. Instead it is only their private keys' signatures that authorize spending, all Blockchain funds are actually locked in contracts that have various rules about how they may be unlocked, the most common being that a singular private key may be used to unlock them.
Because Blockchain contracts simply deal in signatures and are scriptable, it is possible to create a type of transaction that is keyed against a signatory who actually knows nothing about the transaction and simply testifies to a system state in a signed way. For example, a server that produced cryptographically signed statements about the weather could be used in a transaction between two parties to be the arbiter of the execution of a weather based funds transfer, without any direct involvement of the server in the transaction itself.
This type of transaction is rare, and it was banned as part of a blanket banning effort by Gavin Andresen and Jeff Garzik who objected to general purpose smart contracts on the Blockchain and promoted the idea of a white listing system called standard transactions. In February of 2014, the release of Bitcoin version 0.10.0 mostly lifted this restriction, allowing more novel transaction types. Included in the allowed transaction types were those keyed off of an arbitrary non participatory signature, called hash locked transactions.
In February of 2016, Sean Bowe and Pieter Wuille published a work in progress version of a special transaction type that could include a time locked transaction with a hash unlock code. This specific type of transaction, called a Hash Time Locked Contract or HTLC, enables the state changes within Lightning Network channels.
Lightning Network clients negotiate with the network to send out a transaction to be routed across the network, yielding an updated set of finalized settlement data which represents the settlement update hash lock solution, the R value. This R value is only represented to the Blockchain as an opaque signature, and it could signify any successful routing, including passing of value from the Bitcoin Blockchain to another Blockchain, like the Bitcoin Testnet.
This type of settlement transaction is very powerful, it can be used to create a wide variety of transactions, like multi-signature transactions within the Lightning Network, or even probabilistic settlements within the Lightning Network. A novel payment type called Pre-Image Length Probabilistic Payment, or PILPP has been proposed as a way to send payments on the Lightning Network that are actually provably probabilistic, meaning it is possible to send someone a one bitcoin with a fifty percent chance of arrival. Using this payment type, it is theorized that services could even charge sub-Satoshi fees for their services by asking customers for probabilistic payments of a single Satoshi.

Settlement Security

The Lightning Network offers a particularly private solution to executing a transaction, called onion routing, in a method similar to the online privacy system Tor, also known as The Onion Router. The way that Lightning Network transactions are executed, each client considers the destination for funds and then decides on a linked series of pairs to execute the transfer. The client then wraps the pair series information in an encrypted format so that each pair jump is only given information on a need-to-know basis. The intermediary relays are not given information about any of the other pairs, including the final destination of the transfer they are assisting.
To avoid a situation where pairs fail to execute their fund passing duty, routed payments are given a TTL, or a time to live, meaning that the payments are no longer valid after a certain point. This allows automatic retrying of payments that fail to route successfully due to a third party fund transfer failure. Transactions can also use fees to incentivize pairs to successfully pass funds in a timely manner; pairs that fail to route may bear an opportunity cost.

In Breach of Contract

From the Blockchain's perspective, Lightning Network funds are just funds deposited in a two of two signature multi-signature wallet. As the balance of funds changes within a channel, the settlement is actually done through a transaction that may be broadcast at any time to the Blockchain to settle funds back to each party.
With potentially thousands of balance state change transactions, the balance within the channel is intended to go up and down over time. This presents a major problem for payment channels: what happens if the other party broadcasts an obsolete state of the balance of payment to the network that ignores a recent payment, and therefore steals funds?
This situation in which there is a breach of the basic channel contract where an out of date state is broadcast can only be solved by correcting the Blockchain record in response, meaning the stored funds must be monitored for breaches. In the Lightning Network the solution to this issue is to preemptively prepare a special type of transaction called a breach remedy transaction that prevents the invalid old state from being used to steal funds.
A breach remedy transaction goes beyond reclaiming the injured party's funds. To discourage theft, the transaction also takes the entirety of the offending party's funds as a penalty. For this reason it is recommended that a channel never be allowed to empty, that some funds to take in penalty always remain, to avoid a situation called an exhausted channel.
Breach remedy transactions are formed as a part of every update to the balance of payments in a Lightning Network channel, in a flow called the Revocable Sequence Maturity Contract or RSMC. The RSMC flow is done without requiring trust in the other party, generating and exchanging the guarantees against betrayal before completing the funds state update.
Breach remedy transactions are fully formed, fully signed, and they may even be safely published to third parties with rewards for the first publisher attached, to incentivize many eyes watching for and preventing a breach of contract.

Closing Time

Sometimes channel participants may wish to close their channels, for regular channel rebalancing or just to make a Blockchain payment. Lightning Network transactions that settle back to the Blockchain are called exercise settlement transactions, and they are simply standard co-signed transactions. Funds are sent as in any standard multi-signature transaction and the channel is considered closed. This happens instantly, as long as the channel partner is cooperative.
In the event that a channel partner is unavailable to close the channel, another option is possible, which is to exercise the CSV clause specified in the channel opening contract. This clause says that any party may unilaterally close the channel and reclaim their funds, provided that they wait for a timeout period to spend their funds again freely.
This timeout period is called a dispute period, because it gives the channel partner a chance to dispute the channel close in the case of a breach of contract, when the channel is closed with an out of date balance of payments.

Potential Issues

There are a number of challenges inherent in the Lightning Network concept. In the most marked change from the Blockchain, Lightning flips the configuration of the network from a single shared Blockchain ledger to a wide array of individualized Lightning client ledgers. Users holding Lightning Network funds are holding funds that are just as good as Bitcoin, but the funds are actually signed claims on funds.
In the Blockchain a global ledger state is synced between everyone and a user must only save their private keys to retain control of their funds. In Lightning, securely holding both the key data and individualized ledger data is the responsibility of the client. One solution to this issue is to use the saved keys to securely encrypt the state data and then save the encrypted data to a networked backup.
Another departure from the Bitcoin network model that requires careful consideration is that Lightning transactions do not need to be broadcast to every member by relaying others transactions. Given a more limited number of transactions that are sent, this reveals more information as to the identity of the sender. To solve this, Tor channels could be used to obscure IP information from channel partners, but a more comprehensive and as yet undefined solution may be needed to help obscure other correlation efforts.
Funds in Lightning also work differently from Bitcoin funds. The Lightning channels lock the funds to an agreement with a Lightning relay, in which a set of cooperative rules are agreed upon to enable the Lightning protocol. But in the case of a cooperation failure, which can simply mean the connected Lightning relay suffering downtime, user funds will be locked from use for up to the preset lock time, which could be up to a week. To deal with this, it's suggested that the risk of locking be spread over multiple channels, or that a user be encouraged to limit their use of Lightning to smaller amounts of spending money. Spending down entire channels is also not an efficient use of Lightning, so that reinforces the idea of users separating their funds into spending money in Lightning channels and savings in traditional Bitcoin wallets.
Another tricky issue with Lightning funds is that a channel partner may try to steal funds from the channel. Wallets must either be semi-regularly online to prevent that, or third parties must be available who can be relied upon to prevent theft. Theoretically, miners could also execute a theft directly, by gaining majority control of the network for the dispute period and blocking any breach remedy transactions from occurring, although some of the standard guards against miners taking that action would still apply, such as their general block reward incentives. This means that Lightning benefits from a decentralized set of miners and a set of users who are able to access the Blockchain cheaply to respond to breaches of channel contracts.
There are actually two configuration types of Lightning, similar to how there are two common types of Bitcoin clients: light Lightning clients who only spend money occasionally, and full Lightning nodes who act as relays and comprise the body of the Lightning network. There is a benefit associated with running a Lightning relay: as transactions are passed through a relay, they carry a reward of small market-based fees. But there is also a potential cost with running a Lightning relay, these relays are software that must have the agency to move funds between their channels. Relays need to have some automated access to user funds, to complete the signatures needed for channel transaction routing. It is recommended that relay operators be sure to secure their systems from unauthorized access to protect the capital required to operate a relaying node. Lighter Lightning clients do not share this issue, by only connecting occasionally they may secure their funds in colder storage and through multi-signature setups, as is the standard for secure Bitcoin storage.

Links

submitted by pb1x to writingforbitcoin [link] [comments]

How Many Total Bitcoin Users Are There? How Many Total Bitcoins Are There? Coinbase Speaker Series: Joseph Poon and Thaddeus Dryja of Lightning Network Bitcoin Beginners Fair: Bitcoin Regulation & Taxation with Thaddeus Dryja Introduction to Lightning Network ~ Bitcoin to the Max

Bitcoin is a distributed, worldwide, decentralized digital money. Bitcoins are issued and managed without any central authority whatsoever: there is no government, company, or bank in charge of Bitcoin. You might be interested in Bitcoin if you like cryptography, distributed peer-to-peer systems, or economics. A large percentage of Bitcoin enthusiasts are libertarians, though people of all ... Bitcoin Development Lightning Network. Joseph Poon and Thaddeus Dryja published the Lightning Network white paper in January 2016. “The Bitcoin blockchain holds great promise for distributed ... February — The first ever cryptocurrency exchange, Bitcoin Market, is established. The first trade takes place a month later. April — The first public bitcoin trade takes place: 1000BTC traded for $30 at an exchange rate of 0.03USD/1BTC May — The first real-world bitcoin transaction is undertaken by Laszlo Hanyecz, who paid 10000BTC for two Papa John’s pizzas (Approximately $25 USD ... View Thaddeus Dryja’s profile on LinkedIn, the world's largest professional community. Thaddeus has 4 jobs listed on their profile. See the complete profile on LinkedIn and discover Thaddeus ... While Bitcoin belongs to no one, Tether is issued by a Hong Kong-based private company whose proprietors also own the Bitfinex crypto exchange. The exact mechanism by which Tether’s supply is ...

[index] [21950] [47039] [703] [37325] [9264] [43128] [33966] [20576] [3470] [19957]

How Many Total Bitcoin Users Are There?

Live Bitcoin Trading With Trading Robot DeriBot on Deribit DeriBot Backup 167 watching Live now My Interesting Experience Trying to Use Bitcoin in Japan - Duration: 23:38. Thaj explores how bitcoin miners can mitigate network threats with trustless collusion and gets pretty deep into the complexity of bitcoin mining. Joseph Poon and Thaddeus Dryja from the Lightning Network. Joseph Poon co-authored the paper on the Lightning Network, a system to allow for decentralized high-volume payments using Bitcoin. Full blog post: pubnub.com/blog/scaling-bitcoin-to-billions-of-transactions-per-day/ In this talk from SF Bitcoin Devs, Joseph Poon and Thaddeus Dryja discus... Lightning Network is a proposed implementation of Hashed Timelock Contracts (HTLCs) with bi-directional payment channels which allows payments to be securely routed across multiple peer-to-peer ...

#