3-phase commit for true Raiden network
| |
All decentralized multihop payments like Raiden/Lightning (and also Ryan Fugger's base layer) have historically used a 2-phase commit that defaults to cancel the payment to manage the attack vector of money reserved for payment being stuck for all eternity. This solution brings with it the risk of a penalty (note, only on one of the phases) that may end up imposed on an innocent intermediary. The original solution to this in 2006 was to make the penalty gradual, a microscopic amount per second, but the problem is that the cumulative time until the payment times out then tends to get so long that the timeout itself no longer serves to solve the "reserve payment attack", and while the penalty could be a sufficient solution there was only a penalty on one of the phases. So, people settled for "staggered timeouts" as a work around, but this does not fix the problem, network failures or denial of service attacks can still cause an innocent intermediary to end up paying for the full payment. The solution is to add the penalty on both phases. This is easily done once you realize that the other 2-phase commit, that finishes on timeout, also only has a penalty on one of the phases but it has it on the opposite phase. Thus, you can simply combine them and add a phase in between that shifts the action of the timeout, thus you get a 3-phase commit. I built Ryan Fugger's base layer already (just 2500 lines of code with zero dependencies) and adding "collateral" ("state proof" on top of the "base payment channel") is very easy. Raiden could be built and finished with minimal work. If anyone is interested. My goal is already achieved with the base layer (as my vision only required it to exits) but I could help out with pointers if anyone wants to get a real Raiden created. I have more material, video presentation, complete implementation, etc, if anyone is interested. And I can walk anyone through it as well in chat for example here in discussion thread, the 3-phase commit is very simple it was just a bit hard to discover as people tend to follow the path already made by others (the cancel-on-timeout 2-phase commit, whereas I approached the other one and naturally noticed both together would transcend the limitations of either). Hakuna matata, submitted by /u/johanngr |
