3-phase commit for L2 payments
 |
The two 2-phase commits that are possible for L2 payments (cancel-on-timeout or finish-on-timeout) will always have a penalty on one of the phases but never on the other, and either 2-phase commit will have on opposite phases. To avoid a non-attacker getting stuck with the whole payment as penalty, the penalty can be done in "chunks ". But when penalty is done in chunks, the combined time until the payment has fully timed out tends to increase, and this makes the phase with no penalty vulnerable to Denial of Service (DoS) attacks. The solution is to combine both 2-phase commits, and use the one with the penalty on the first phase as the first phase, and the one with the penalty on the second phase as the second phase. This requires an intermediary phase that shifts from finish-on-timeout to cancel-on-timeout. This is the logical way to do "payment channels", and people will notice this eventually. Update: The 3-phase commit deters DoS attacks in all scenarios except when the person paying penalty and the person receiving it are the same person. This scenario is easily deterred by adding fee on top of the payment, paid out in proportion to how long payment was stuck. This is separate from the 3-phase commit though (and the 2-phase commits also has this problem, but, they rely on short timeout which means this problem never becomes a problem). This is all very simple. I already implemented it for a backed-by-trust multihop payment system (Ryan Fuggers Ripple) and building Lightning Network, Raiden, Interledger, or whatever else on the 3-phase commit, is simple. The hard part, it seems, is noticing the 3-phase commit. As it seems no one ever noticed it before, at least it was never popularized as everyone seems to try and make either of the 2-phase commits work despite the obvious problems… submitted by /u/johanngr |
