Bitcoin’s lightning network may be just starting to send transactions over the blockchain, but already its developers are looking to rearchitect the technology.
That’s because, while touted as a way to significantly boost bitcoin’s capacity, the network itself does require users to store a significant amount of data, which makes it difficult to download and run. As such, several lightning developers – Lightning Labs co-founder ‘Laolu’ Osuntokun and Blockstream’s Christian Decker and Rusty Russell – have published a new proposal which imagines an alternative, “simplified” way of making off-chain transactions called eltoo.
But the new proposal isn’t only about condensing the amount of data users need to store, it’s also about keeping users’ cryptocurrency safe.
For instance, all this data poses another problem in that if users accidentally broadcast older data, they might lose money. As such, this data has been coined “toxic information.”
Eltoo, on the other hand, only stores the most recent off-chain transaction data, solving the well-known “information asymmetry” problem – that is if something happens to the device you’re running your lightning app on – say your smartphone – you might lose access to the whole history of data.
“With eltoo, we reduce the risk of funds being swept away. We remove this toxic information,” said Decker, who noted that the proposal’s name is a joke of sorts – the phonetic spelling of “L2,” which stands for layer-two, what many people call technology like lightning that pushes transactions off-chain.
And this is something Decker is very interested in since he’s experienced the problem personally.
“This actually happened to me,” he said, adding:
“I had an old lightning node on my laptop. I restored it. I didn’t know I didn’t have the newest state. The guy closed the connection because they knew it was an old state! Because he could steal it. Which he did, by the way.”
All about revoking
Developers have long been trying to come up with a way for users to make a bunch of transactions using bitcoin, without bloating the blockchain with unnecessary data.
That’s really what most of the scaling debates are all about.
But the first attempt to do this was way at the beginning of bitcoin’s history when off-chain transaction capabilities were experimented with using so-called “sequence numbers” to keep track of which off-chain transaction is the most recent.
The idea was simple – if Alice has $10 and sends a $1 transaction to Bob, obviously her balance dwindles to $9.00. This then gets a sequence number “1.” If later, she sends Bob $4, her balance is now $5, and this most recent transaction gets a sequence number “2.”
But according to Decker, the mechanism “didn’t work out,” because miners didn’t have any reason to enforce the rules and replace old transactions with the more recent ones.
Miners could just broadcast the one transaction where Alice’s balance drops to $9 (even though she had made another transaction that dropped her balance to $5). While it’s unclear why a miner might want or decide to not revoke a transaction for another one, they could decide to do so since there was no enforceability.
In this way, revoking old transactions in crucial otherwise Bob might not get the second transaction and Alice could run away with the money.
This “lack of enforceability” is a problem that wasn’t solved until 2015.
And the lightning network is the best-known solution to this problem so far. Today, revoking old state is accomplished with the “L2-penalty” model – whereby a lightning wallet or node stores all of these intermediary states, then, if someone tries to broadcast an earlier, now-invalid state, this is detected and the cheating user is punished by losing money.
Eltoo and L2
But, three years on, the researchers are, in fact, going back to the idea of using sequence numbers to revoke old transactions.
Unlike bitcoin’s old code, which didn’t have an enforcement mechanism for these sequences, eltoo adds a procedure that makes every state update prescribed. Every state update – Alice sending Bob money, for instance – is composed of two transactions, each of which both parties store and which totally replace the prior update transaction.
“Only the last settlement transaction can ever be confirmed on the blockchain,” the introductory blog post explains.
The tangential advantage of this system is that it increases lightning’s scalability. With eltoo, each lightning node doesn’t need to store all the intermediary states, rather, it stores only the most recent version and some information about the transaction itself, such as it’s corresponding settlement transaction and potentially the HTLCs that spend from that settlement, the post notes.
What’s perhaps the most beneficial part of the proposal, though, is that it isn’t built on a “winner takes all” model.
Instead, eltoo and older L2 penalty schemes can be used side-by-side.
“Eltoo has quite different tradeoffs. I’m not implying it’s better in all senses,” Decker told CoinDesk, pointing to some arguments on the bitcoin developer mailing list about the technology increasing waiting times for transactions to be settled.
Still, overall, he’s pretty excited about eltoo and the simplicity it brings, adding:
“We don’t know which one is nicer, but I would like eltoo as the better option. I think eltoo is easier to explain and to extend later on.”
Not only are developers still discussing the proposal’s merits, but there’s another thing standing in the technology’s way – “sighash_noinput.”
This long-anticipated code option needs to be added to the bitcoin codebase for the cryptocurrency to be able to support eltoo (at least in an efficient form).
To understand why, it’s important to know what the basic sighash function does. It works as a flag of sorts that specifies what part of the transaction data needs to be signed when it’s transferred over to someone else. Users can choose from a range of options – for instance, the default flag, sighash_all, indicates that all parts of the transaction need to be signed, meaning that none of these parts can be changed throughout the process.
The proposed “sighash_noinput” function could flag that the “input” data going into a transaction doesn’t need to be signed. And in turn, that the input data can change over time, from when the transaction was created to when it’s written to the blockchain.
And this is exactly what eltoo needs, since the concept is that all the state in between the beginning and final transaction will be deleted, meaning the input will be different from the start and the end.
When asked whether he thinks the sighash_noinput proposal will get merged into the bitcoin codebase, Decker laughed and said, “Ever since SegWit, I stopped making these predictions.”
He’s pointing to the fact that Segregated Witness (SegWit) had broad support from the bulk of bitcoin’s most active developers, but ended up stirring up a years-long battle within the community. The code change was only added to bitcoin last August, even though it was proposed more than two years prior.
Still, even though it’s early, the sighash_noinput function is a relatively easy change to make to bitcoin’s codebase, Decker said.
Plus, it’s been theorized for some time that the change would have many positive implications for developers, he continued. Because of these potential benefits, a handful of Twitter users have begun adding the code change to their profiles to express their support, much like Twitter users did during the scaling debate (with #No2X becoming popular among those who were opposed to the Segwit2x initiative).
Remaining hopeful, Decker concluded:
“Every day new use cases join the sighash_noinput front.”